Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(738)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 300103011: Use X509_STORE_CTX::untrusted, not X509_STORE_CTX::chain in CertVerifyCallback. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <openssl/err.h> 10 #include <openssl/err.h>
(...skipping 1487 matching lines...) Expand 10 before | Expand all | Expand 10 after
1498 1498
1499 int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) { 1499 int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) {
1500 if (!completed_handshake_) { 1500 if (!completed_handshake_) {
1501 // If the first handshake hasn't completed then we accept any certificates 1501 // If the first handshake hasn't completed then we accept any certificates
1502 // because we verify after the handshake. 1502 // because we verify after the handshake.
1503 return 1; 1503 return 1;
1504 } 1504 }
1505 1505
1506 CHECK(server_cert_.get()); 1506 CHECK(server_cert_.get());
1507 1507
1508 PeerCertificateChain chain(store_ctx->chain); 1508 PeerCertificateChain chain(store_ctx->untrusted);
1509 if (chain.IsValid() && server_cert_->Equals(chain.AsOSChain())) 1509 if (chain.IsValid() && server_cert_->Equals(chain.AsOSChain()))
1510 return 1; 1510 return 1;
1511 1511
1512 if (!chain.IsValid()) 1512 if (!chain.IsValid())
1513 LOG(ERROR) << "Received invalid certificate chain between handshakes"; 1513 LOG(ERROR) << "Received invalid certificate chain between handshakes";
1514 else 1514 else
1515 LOG(ERROR) << "Server certificate changed between handshakes"; 1515 LOG(ERROR) << "Server certificate changed between handshakes";
1516 return 0; 1516 return 0;
1517 } 1517 }
1518 1518
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
1565 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; 1565 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
1566 return SSL_TLSEXT_ERR_OK; 1566 return SSL_TLSEXT_ERR_OK;
1567 } 1567 }
1568 1568
1569 scoped_refptr<X509Certificate> 1569 scoped_refptr<X509Certificate>
1570 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1570 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1571 return server_cert_; 1571 return server_cert_;
1572 } 1572 }
1573 1573
1574 } // namespace net 1574 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698