net/socket/ssl_client_socket_impl.cc - Issue 2850033002: Check Expect-CT at connection setup - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(389)

My Issues | Starred Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_impl.cc

Issue 2850033002: Check Expect-CT at connection setup (Closed)

Patch Set: fix comment typo Created 3 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « net/quic/chromium/crypto/proof_verifier_chromium.cc ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/socket/ssl_client_socket_impl.cc

diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc

index 9bbc41d8f0c4b869120d59839ebbe4f608f16dc4..b4025fbf6944d71627b20ac645da10a06b26ee35 100644

--- a/net/socket/ssl_client_socket_impl.cc

+++ b/net/socket/ssl_client_socket_impl.cc

@@ -1571,13 +1571,14 @@ int SSLClientSocketImpl::VerifyCT() {

server_cert_verify_result_.verified_cert.get(), verified_scts,

net_log_);

- if (ct_verify_result_.cert_policy_compliance !=

- ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS &&

- ct_verify_result_.cert_policy_compliance !=

- ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY &&

- transport_security_state_->ShouldRequireCT(

- host_and_port_.host(), server_cert_verify_result_.verified_cert.get(),

- server_cert_verify_result_.public_key_hashes)) {

+ if (transport_security_state_->CheckCTRequirements(

+ host_and_port_, server_cert_verify_result_.is_issued_by_known_root,

+ server_cert_verify_result_.public_key_hashes,

+ server_cert_verify_result_.verified_cert.get(), server_cert_.get(),

+ ct_verify_result_.scts,

+ TransportSecurityState::ENABLE_EXPECT_CT_REPORTS,

+ ct_verify_result_.cert_policy_compliance) !=

+ TransportSecurityState::CT_REQUIREMENTS_MET) {

server_cert_verify_result_.cert_status |=

CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED;

return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED;

« no previous file with comments | « net/quic/chromium/crypto/proof_verifier_chromium.cc ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698