Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(406)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate_openssl.cc

Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebased to trunk Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/x509_certificate.h" 5 #include "net/base/x509_certificate.h"
6 6
7 #include <openssl/asn1.h> 7 #include <openssl/asn1.h>
8 #include <openssl/crypto.h> 8 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h> 9 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h> 10 #include <openssl/pem.h>
(...skipping 444 matching lines...) Expand 10 before | Expand all | Expand 10 after
455 << " : " << x509_error 455 << " : " << x509_error
456 << " : " << X509_STORE_CTX_get_error_depth(ctx.get()) 456 << " : " << X509_STORE_CTX_get_error_depth(ctx.get())
457 << " : " << cert_status; 457 << " : " << cert_status;
458 verify_result->cert_status |= cert_status; 458 verify_result->cert_status |= cert_status;
459 } 459 }
460 460
461 if (IsCertStatusError(verify_result->cert_status)) 461 if (IsCertStatusError(verify_result->cert_status))
462 return MapCertStatusToNetError(verify_result->cert_status); 462 return MapCertStatusToNetError(verify_result->cert_status);
463 463
464 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx.get()); 464 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx.get());
465 X509* verified_cert = NULL;
466 std::vector<X509*> verified_chain;
465 for (int i = 0; i < sk_X509_num(chain); ++i) { 467 for (int i = 0; i < sk_X509_num(chain); ++i) {
466 X509* cert = sk_X509_value(chain, i); 468 X509* cert = sk_X509_value(chain, i);
469 if (i == 0) {
470 verified_cert = cert;
471 } else {
472 verified_chain.push_back(verified_cert);
473 }
474
467 DERCache der_cache; 475 DERCache der_cache;
468 if (!GetDERAndCacheIfNeeded(cert, &der_cache)) 476 if (!GetDERAndCacheIfNeeded(cert, &der_cache))
469 continue; 477 continue;
470 478
471 base::StringPiece der_bytes(reinterpret_cast<const char*>(der_cache.data), 479 base::StringPiece der_bytes(reinterpret_cast<const char*>(der_cache.data),
472 der_cache.data_length); 480 der_cache.data_length);
473 base::StringPiece spki_bytes; 481 base::StringPiece spki_bytes;
474 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) 482 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))
475 continue; 483 continue;
476 484
477 SHA1Fingerprint hash; 485 SHA1Fingerprint hash;
478 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), 486 base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()),
479 spki_bytes.size(), hash.data); 487 spki_bytes.size(), hash.data);
480 verify_result->public_key_hashes.push_back(hash); 488 verify_result->public_key_hashes.push_back(hash);
481 } 489 }
482 490
491 if (verified_cert) {
492 verify_result->verified_cert = CreateFromHandle(verified_cert,
493 verified_chain);
494 }
495
483 // Currently we only ues OpenSSL's default root CA paths, so treat all 496 // Currently we only ues OpenSSL's default root CA paths, so treat all
484 // correctly verified certs as being from a known root. TODO(joth): if the 497 // correctly verified certs as being from a known root. TODO(joth): if the
485 // motivations described in http://src.chromium.org/viewvc/chrome?view=rev&rev ision=80778 498 // motivations described in http://src.chromium.org/viewvc/chrome?view=rev&rev ision=80778
486 // become an issue on OpenSSL builds, we will need to embed a hardcoded list 499 // become an issue on OpenSSL builds, we will need to embed a hardcoded list
487 // of well known root CAs, as per the _mac and _win versions. 500 // of well known root CAs, as per the _mac and _win versions.
488 verify_result->is_issued_by_known_root = true; 501 verify_result->is_issued_by_known_root = true;
489 502
490 return OK; 503 return OK;
491 } 504 }
492 505
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
535 DERCache der_cache; 548 DERCache der_cache;
536 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) 549 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache))
537 return false; 550 return false;
538 551
539 return pickle->WriteData( 552 return pickle->WriteData(
540 reinterpret_cast<const char*>(der_cache.data), 553 reinterpret_cast<const char*>(der_cache.data),
541 der_cache.data_length); 554 der_cache.data_length);
542 } 555 }
543 556
544 } // namespace net 557 } // namespace net
OLDNEW
« no previous file with comments | « net/base/x509_certificate_nss.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698