| Index: net/socket/ssl_client_socket_nss.cc
|
| diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
|
| index dd644d14dc8f8e51f6ce6190b6763e348e87d0d7..ed1ac0e2e97b069cb057e2b6cfeb15ea258d2a9d 100644
|
| --- a/net/socket/ssl_client_socket_nss.cc
|
| +++ b/net/socket/ssl_client_socket_nss.cc
|
| @@ -93,6 +93,7 @@
|
| #include "net/cert/asn1_util.h"
|
| #include "net/cert/cert_status_flags.h"
|
| #include "net/cert/cert_verifier.h"
|
| +#include "net/cert/ct_ev_whitelist.h"
|
| #include "net/cert/ct_objects_extractor.h"
|
| #include "net/cert/ct_verifier.h"
|
| #include "net/cert/ct_verify_result.h"
|
| @@ -3426,6 +3427,17 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
|
| result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
|
| }
|
|
|
| + if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV &&
|
| + ct::HasValidEVWhitelist()) {
|
| + const SHA256HashValue fingerprint(X509Certificate::CalculateFingerprint256(
|
| + server_cert_verify_result_.verified_cert->os_cert_handle()));
|
| +
|
| + UMA_HISTOGRAM_BOOLEAN(
|
| + "Net.SSL_EVCertificateInWhitelist",
|
| + ct::IsCertificateHashInWhitelist(
|
| + std::string(reinterpret_cast<const char*>(fingerprint.data), 8)));
|
| + }
|
| +
|
| if (result == OK) {
|
| // Only check Certificate Transparency if there were no other errors with
|
| // the connection.
|
|
|
Chromium Code Reviews
Issue 462543002:
Certificate Transparency: Code for unpacking EV cert hashes whitelist (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master