Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(133)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_mac.cc

Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebased to trunk Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/data/ssl/certificates/x509_verify_results.chain.pem ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_mac.h" 5 #include "net/socket/ssl_client_socket_mac.h"
6 6
7 #include <CoreServices/CoreServices.h> 7 #include <CoreServices/CoreServices.h>
8 #include <netdb.h> 8 #include <netdb.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 704 matching lines...) Expand 10 before | Expand all | Expand 10 after
715 bool SSLClientSocketMac::SetReceiveBufferSize(int32 size) { 715 bool SSLClientSocketMac::SetReceiveBufferSize(int32 size) {
716 return transport_->socket()->SetReceiveBufferSize(size); 716 return transport_->socket()->SetReceiveBufferSize(size);
717 } 717 }
718 718
719 bool SSLClientSocketMac::SetSendBufferSize(int32 size) { 719 bool SSLClientSocketMac::SetSendBufferSize(int32 size) {
720 return transport_->socket()->SetSendBufferSize(size); 720 return transport_->socket()->SetSendBufferSize(size);
721 } 721 }
722 722
723 void SSLClientSocketMac::GetSSLInfo(SSLInfo* ssl_info) { 723 void SSLClientSocketMac::GetSSLInfo(SSLInfo* ssl_info) {
724 ssl_info->Reset(); 724 ssl_info->Reset();
725 if (!server_cert_) { 725 if (!server_cert_)
726 NOTREACHED();
727 return; 726 return;
728 }
729 727
730 ssl_info->cert = server_cert_; 728 ssl_info->cert = server_cert_;
731 ssl_info->cert_status = server_cert_verify_result_.cert_status; 729 ssl_info->cert_status = server_cert_verify_result_.cert_status;
732 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; 730 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
733 ssl_info->is_issued_by_known_root = 731 ssl_info->is_issued_by_known_root =
734 server_cert_verify_result_.is_issued_by_known_root; 732 server_cert_verify_result_.is_issued_by_known_root;
735 733
736 // security info 734 // security info
737 SSLCipherSuite suite; 735 SSLCipherSuite suite;
738 OSStatus status = SSLGetNegotiatedCipher(ssl_context_, &suite); 736 OSStatus status = SSLGetNegotiatedCipher(ssl_context_, &suite);
(...skipping 402 matching lines...) Expand 10 before | Expand all | Expand 10 after
1141 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; 1139 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE;
1142 1140
1143 DCHECK(server_cert_); 1141 DCHECK(server_cert_);
1144 1142
1145 VLOG(1) << "DoVerifyCert..."; 1143 VLOG(1) << "DoVerifyCert...";
1146 int cert_status; 1144 int cert_status;
1147 if (ssl_config_.IsAllowedBadCert(server_cert_, &cert_status)) { 1145 if (ssl_config_.IsAllowedBadCert(server_cert_, &cert_status)) {
1148 VLOG(1) << "Received an expected bad cert with status: " << cert_status; 1146 VLOG(1) << "Received an expected bad cert with status: " << cert_status;
1149 server_cert_verify_result_.Reset(); 1147 server_cert_verify_result_.Reset();
1150 server_cert_verify_result_.cert_status = cert_status; 1148 server_cert_verify_result_.cert_status = cert_status;
1149 server_cert_verify_result_.verified_cert = server_cert_;
1151 return OK; 1150 return OK;
1152 } 1151 }
1153 1152
1154 int flags = 0; 1153 int flags = 0;
1155 if (ssl_config_.rev_checking_enabled) 1154 if (ssl_config_.rev_checking_enabled)
1156 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 1155 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
1157 if (ssl_config_.verify_ev_cert) 1156 if (ssl_config_.verify_ev_cert)
1158 flags |= X509Certificate::VERIFY_EV_CERT; 1157 flags |= X509Certificate::VERIFY_EV_CERT;
1159 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); 1158 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
1160 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, 1159 return verifier_->Verify(server_cert_, host_and_port_.host(), flags,
(...skipping 255 matching lines...) Expand 10 before | Expand all | Expand 10 after
1416 if (rv < 0 && rv != ERR_IO_PENDING) { 1415 if (rv < 0 && rv != ERR_IO_PENDING) {
1417 us->write_io_buf_ = NULL; 1416 us->write_io_buf_ = NULL;
1418 return OSStatusFromNetError(rv); 1417 return OSStatusFromNetError(rv);
1419 } 1418 }
1420 1419
1421 // always lie to our caller 1420 // always lie to our caller
1422 return noErr; 1421 return noErr;
1423 } 1422 }
1424 1423
1425 } // namespace net 1424 } // namespace net
OLDNEW
« no previous file with comments | « net/data/ssl/certificates/x509_verify_results.chain.pem ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698