Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(144)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_ios.cc

Issue 2889813002: Add tests for certificates that pass X509CertificateBytes parsing, but fail in CertVerifyProc. Fix … (Closed)
Patch Set: Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/cert_verify_proc_mac.cc » ('j') | net/cert/cert_verify_proc_mac.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_ios.h" 5 #include "net/cert/cert_verify_proc_ios.h"
6 6
7 #include <CommonCrypto/CommonDigest.h> 7 #include <CommonCrypto/CommonDigest.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/mac/scoped_cftyperef.h" 10 #include "base/mac/scoped_cftyperef.h"
(...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after
250 CRLSet* crl_set, 250 CRLSet* crl_set,
251 const CertificateList& additional_trust_anchors, 251 const CertificateList& additional_trust_anchors,
252 CertVerifyResult* verify_result) { 252 CertVerifyResult* verify_result) {
253 ScopedCFTypeRef<CFArrayRef> trust_policies; 253 ScopedCFTypeRef<CFArrayRef> trust_policies;
254 OSStatus status = CreateTrustPolicies(&trust_policies); 254 OSStatus status = CreateTrustPolicies(&trust_policies);
255 if (status) 255 if (status)
256 return NetErrorFromOSStatus(status); 256 return NetErrorFromOSStatus(status);
257 257
258 ScopedCFTypeRef<CFMutableArrayRef> cert_array( 258 ScopedCFTypeRef<CFMutableArrayRef> cert_array(
259 x509_util::CreateSecCertificateArrayForX509Certificate(cert)); 259 x509_util::CreateSecCertificateArrayForX509Certificate(cert));
260 if (!cert_array) {
mattm 2017/05/16 22:46:26 </shamecube>
261 verify_result->cert_status |= CERT_STATUS_INVALID;
262 return ERR_CERT_INVALID;
263 }
260 ScopedCFTypeRef<SecTrustRef> trust_ref; 264 ScopedCFTypeRef<SecTrustRef> trust_ref;
261 SecTrustResultType trust_result = kSecTrustResultDeny; 265 SecTrustResultType trust_result = kSecTrustResultDeny;
262 ScopedCFTypeRef<CFArrayRef> final_chain; 266 ScopedCFTypeRef<CFArrayRef> final_chain;
263 267
264 status = BuildAndEvaluateSecTrustRef(cert_array, trust_policies, &trust_ref, 268 status = BuildAndEvaluateSecTrustRef(cert_array, trust_policies, &trust_ref,
265 &final_chain, &trust_result); 269 &final_chain, &trust_result);
266 if (status) 270 if (status)
267 return NetErrorFromOSStatus(status); 271 return NetErrorFromOSStatus(status);
268 272
269 if (CFArrayGetCount(final_chain) == 0) 273 if (CFArrayGetCount(final_chain) == 0)
(...skipping 18 matching lines...) Expand all
288 // roots. 292 // roots.
289 verify_result->is_issued_by_known_root = false; 293 verify_result->is_issued_by_known_root = false;
290 294
291 if (IsCertStatusError(verify_result->cert_status)) 295 if (IsCertStatusError(verify_result->cert_status))
292 return MapCertStatusToNetError(verify_result->cert_status); 296 return MapCertStatusToNetError(verify_result->cert_status);
293 297
294 return OK; 298 return OK;
295 } 299 }
296 300
297 } // namespace net 301 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/cert/cert_verify_proc_mac.cc » ('j') | net/cert/cert_verify_proc_mac.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698