OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_openssl.h" | 5 #include "net/cert/cert_verify_proc_openssl.h" |
6 | 6 |
7 #include <openssl/x509v3.h> | 7 #include <openssl/x509v3.h> |
8 | 8 |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
11 | 11 |
12 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/sha1.h" | 13 #include "base/sha1.h" |
14 #include "crypto/openssl_util.h" | 14 #include "crypto/openssl_util.h" |
| 15 #include "crypto/scoped_openssl_types.h" |
15 #include "crypto/sha2.h" | 16 #include "crypto/sha2.h" |
16 #include "net/base/net_errors.h" | 17 #include "net/base/net_errors.h" |
17 #include "net/cert/asn1_util.h" | 18 #include "net/cert/asn1_util.h" |
18 #include "net/cert/cert_status_flags.h" | 19 #include "net/cert/cert_status_flags.h" |
19 #include "net/cert/cert_verifier.h" | 20 #include "net/cert/cert_verifier.h" |
20 #include "net/cert/cert_verify_result.h" | 21 #include "net/cert/cert_verify_result.h" |
21 #include "net/cert/test_root_certs.h" | 22 #include "net/cert/test_root_certs.h" |
22 #include "net/cert/x509_certificate.h" | 23 #include "net/cert/x509_certificate.h" |
23 | 24 |
24 namespace net { | 25 namespace net { |
(...skipping 165 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
190 CRLSet* crl_set, | 191 CRLSet* crl_set, |
191 const CertificateList& additional_trust_anchors, | 192 const CertificateList& additional_trust_anchors, |
192 CertVerifyResult* verify_result) { | 193 CertVerifyResult* verify_result) { |
193 crypto::EnsureOpenSSLInit(); | 194 crypto::EnsureOpenSSLInit(); |
194 | 195 |
195 if (!cert->VerifyNameMatch(hostname, | 196 if (!cert->VerifyNameMatch(hostname, |
196 &verify_result->common_name_fallback_used)) { | 197 &verify_result->common_name_fallback_used)) { |
197 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; | 198 verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID; |
198 } | 199 } |
199 | 200 |
200 crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx( | 201 crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free>::Type ctx( |
201 X509_STORE_CTX_new()); | 202 X509_STORE_CTX_new()); |
202 | 203 |
203 crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates( | 204 crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn>::Type intermediates( |
204 sk_X509_new_null()); | 205 sk_X509_new_null()); |
205 if (!intermediates.get()) | 206 if (!intermediates.get()) |
206 return ERR_OUT_OF_MEMORY; | 207 return ERR_OUT_OF_MEMORY; |
207 | 208 |
208 const X509Certificate::OSCertHandles& os_intermediates = | 209 const X509Certificate::OSCertHandles& os_intermediates = |
209 cert->GetIntermediateCertificates(); | 210 cert->GetIntermediateCertificates(); |
210 for (X509Certificate::OSCertHandles::const_iterator it = | 211 for (X509Certificate::OSCertHandles::const_iterator it = |
211 os_intermediates.begin(); it != os_intermediates.end(); ++it) { | 212 os_intermediates.begin(); it != os_intermediates.end(); ++it) { |
212 if (!sk_X509_push(intermediates.get(), *it)) | 213 if (!sk_X509_push(intermediates.get(), *it)) |
213 return ERR_OUT_OF_MEMORY; | 214 return ERR_OUT_OF_MEMORY; |
(...skipping 17 matching lines...) Expand all Loading... |
231 | 232 |
232 GetCertChainInfo(ctx.get(), verify_result); | 233 GetCertChainInfo(ctx.get(), verify_result); |
233 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); | 234 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); |
234 if (IsCertStatusError(verify_result->cert_status)) | 235 if (IsCertStatusError(verify_result->cert_status)) |
235 return MapCertStatusToNetError(verify_result->cert_status); | 236 return MapCertStatusToNetError(verify_result->cert_status); |
236 | 237 |
237 return OK; | 238 return OK; |
238 } | 239 } |
239 | 240 |
240 } // namespace net | 241 } // namespace net |
OLD | NEW |