Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(974)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_openssl.h

Issue 517083002: Enable Certificate Transparency in the OpenSSL port. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ct-objects-extractor
Patch Set: Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/asn1_util.h ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_openssl.h
diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
index 889e4b2924a668ec90ac3a1a97c3300b8afecb94..afde56b4b224cf7d8313801c0633d7d17742f616 100644
--- a/net/socket/ssl_client_socket_openssl.h
+++ b/net/socket/ssl_client_socket_openssl.h
@@ -13,6 +13,7 @@
#include "net/base/completion_callback.h"
#include "net/base/io_buffer.h"
#include "net/cert/cert_verify_result.h"
+#include "net/cert/ct_verify_result.h"
#include "net/socket/client_socket_handle.h"
#include "net/socket/ssl_client_socket.h"
#include "net/ssl/channel_id_service.h"
@@ -34,6 +35,7 @@ typedef struct x509_store_ctx_st X509_STORE_CTX;
namespace net {
class CertVerifier;
+class CTVerifier;
class SingleRequestCertVerifier;
class SSLCertRequestInfo;
class SSLInfo;
@@ -121,6 +123,7 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
int DoVerifyCertComplete(int result);
void DoConnectCallback(int result);
X509Certificate* UpdateServerCert();
+ void VerifyCT();
void OnHandshakeIOComplete(int result);
void OnSendComplete(int result);
@@ -173,6 +176,13 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
void CheckIfHandshakeFinished();
+ // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|.
+ // SCTs are held in three separate vectors in ct_verify_result, each
+ // vetor representing a particular verification state, this method associates
+ // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to
+ // the |ssl_info|.signed_certificate_timestamps list.
+ void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const;
+
bool transport_send_busy_;
bool transport_recv_busy_;
@@ -234,6 +244,10 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
scoped_ptr<SingleRequestCertVerifier> verifier_;
base::TimeTicks start_cert_verification_time_;
+ // Certificate Transparency: Verifier and result holder.
+ ct::CTVerifyResult ct_verify_result_;
+ CTVerifier* cert_transparency_verifier_;
+
// The service for retrieving Channel ID keys. May be NULL.
ChannelIDService* channel_id_service_;
« no previous file with comments | « net/cert/asn1_util.h ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698