| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 459 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 470 } | 470 } |
| 471 | 471 |
| 472 // static | 472 // static |
| 473 void SSLClientSocketNSS::ClearSessionCache() { | 473 void SSLClientSocketNSS::ClearSessionCache() { |
| 474 SSL_ClearSessionCache(); | 474 SSL_ClearSessionCache(); |
| 475 } | 475 } |
| 476 | 476 |
| 477 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { | 477 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { |
| 478 EnterFunction(""); | 478 EnterFunction(""); |
| 479 ssl_info->Reset(); | 479 ssl_info->Reset(); |
| 480 | |
| 481 if (!server_cert_nss_) | 480 if (!server_cert_nss_) |
| 482 return; | 481 return; |
| 483 | 482 |
| 484 ssl_info->cert_status = server_cert_verify_result_->cert_status; | 483 ssl_info->cert_status = server_cert_verify_result_->cert_status; |
| 485 ssl_info->cert = server_cert_; | 484 ssl_info->cert = server_cert_; |
| 486 ssl_info->connection_status = ssl_connection_status_; | 485 ssl_info->connection_status = ssl_connection_status_; |
| 487 ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes; | 486 ssl_info->public_key_hashes = server_cert_verify_result_->public_key_hashes; |
| 488 ssl_info->is_issued_by_known_root = | 487 ssl_info->is_issued_by_known_root = |
| 489 server_cert_verify_result_->is_issued_by_known_root; | 488 server_cert_verify_result_->is_issued_by_known_root; |
| 490 | 489 |
| (...skipping 1029 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1520 PeerCertificateChain certs(nss_fd_); | 1519 PeerCertificateChain certs(nss_fd_); |
| 1521 dns_cert_checker_->DoAsyncVerification( | 1520 dns_cert_checker_->DoAsyncVerification( |
| 1522 host_and_port_.host(), certs.AsStringPieceVector()); | 1521 host_and_port_.host(), certs.AsStringPieceVector()); |
| 1523 } | 1522 } |
| 1524 | 1523 |
| 1525 DNSValidationResult r = CheckDNSSECChain(host_and_port_.host(), | 1524 DNSValidationResult r = CheckDNSSECChain(host_and_port_.host(), |
| 1526 server_cert_nss_, | 1525 server_cert_nss_, |
| 1527 host_and_port_.port()); | 1526 host_and_port_.port()); |
| 1528 if (r == DNSVR_SUCCESS) { | 1527 if (r == DNSVR_SUCCESS) { |
| 1529 local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; | 1528 local_server_cert_verify_result_.cert_status |= CERT_STATUS_IS_DNSSEC; |
| 1529 local_server_cert_verify_result_.verified_cert = server_cert_; |
| 1530 server_cert_verify_result_ = &local_server_cert_verify_result_; | 1530 server_cert_verify_result_ = &local_server_cert_verify_result_; |
| 1531 GotoState(STATE_VERIFY_CERT_COMPLETE); | 1531 GotoState(STATE_VERIFY_CERT_COMPLETE); |
| 1532 return OK; | 1532 return OK; |
| 1533 } | 1533 } |
| 1534 | 1534 |
| 1535 GotoState(STATE_VERIFY_CERT); | 1535 GotoState(STATE_VERIFY_CERT); |
| 1536 | 1536 |
| 1537 return OK; | 1537 return OK; |
| 1538 } | 1538 } |
| 1539 | 1539 |
| (...skipping 10 matching lines...) Expand all Loading... |
| 1550 base::StringPiece der_cert( | 1550 base::StringPiece der_cert( |
| 1551 reinterpret_cast<char*>(server_cert_nss_->derCert.data), | 1551 reinterpret_cast<char*>(server_cert_nss_->derCert.data), |
| 1552 server_cert_nss_->derCert.len); | 1552 server_cert_nss_->derCert.len); |
| 1553 int cert_status; | 1553 int cert_status; |
| 1554 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | 1554 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { |
| 1555 DCHECK(start_cert_verification_time_.is_null()); | 1555 DCHECK(start_cert_verification_time_.is_null()); |
| 1556 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | 1556 VLOG(1) << "Received an expected bad cert with status: " << cert_status; |
| 1557 server_cert_verify_result_ = &local_server_cert_verify_result_; | 1557 server_cert_verify_result_ = &local_server_cert_verify_result_; |
| 1558 local_server_cert_verify_result_.Reset(); | 1558 local_server_cert_verify_result_.Reset(); |
| 1559 local_server_cert_verify_result_.cert_status = cert_status; | 1559 local_server_cert_verify_result_.cert_status = cert_status; |
| 1560 local_server_cert_verify_result_.verified_cert = server_cert_; |
| 1560 return OK; | 1561 return OK; |
| 1561 } | 1562 } |
| 1562 | 1563 |
| 1563 // We may have failed to create X509Certificate object if we are | 1564 // We may have failed to create X509Certificate object if we are |
| 1564 // running inside sandbox. | 1565 // running inside sandbox. |
| 1565 if (!server_cert_) { | 1566 if (!server_cert_) { |
| 1566 server_cert_verify_result_ = &local_server_cert_verify_result_; | 1567 server_cert_verify_result_ = &local_server_cert_verify_result_; |
| 1567 local_server_cert_verify_result_.Reset(); | 1568 local_server_cert_verify_result_.Reset(); |
| 1568 local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | 1569 local_server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; |
| 1569 return ERR_CERT_INVALID; | 1570 return ERR_CERT_INVALID; |
| (...skipping 737 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2307 valid_thread_id_ = base::PlatformThread::CurrentId(); | 2308 valid_thread_id_ = base::PlatformThread::CurrentId(); |
| 2308 } | 2309 } |
| 2309 | 2310 |
| 2310 bool SSLClientSocketNSS::CalledOnValidThread() const { | 2311 bool SSLClientSocketNSS::CalledOnValidThread() const { |
| 2311 EnsureThreadIdAssigned(); | 2312 EnsureThreadIdAssigned(); |
| 2312 base::AutoLock auto_lock(lock_); | 2313 base::AutoLock auto_lock(lock_); |
| 2313 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 2314 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 2314 } | 2315 } |
| 2315 | 2316 |
| 2316 } // namespace net | 2317 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6874039:
Return the constructed certificate chain in X509Certificate::Verify() (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src