Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_win.cc

Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebased to trunk Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_win.h" 5 #include "net/socket/ssl_client_socket_win.h"
6 6
7 #include <schnlsp.h> 7 #include <schnlsp.h>
8 #include <map> 8 #include <map>
9 9
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
(...skipping 409 matching lines...) Expand 10 before | Expand all | Expand 10 after
420 memset(&send_buffer_, 0, sizeof(send_buffer_)); 420 memset(&send_buffer_, 0, sizeof(send_buffer_));
421 memset(&ctxt_, 0, sizeof(ctxt_)); 421 memset(&ctxt_, 0, sizeof(ctxt_));
422 } 422 }
423 423
424 SSLClientSocketWin::~SSLClientSocketWin() { 424 SSLClientSocketWin::~SSLClientSocketWin() {
425 Disconnect(); 425 Disconnect();
426 } 426 }
427 427
428 void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) { 428 void SSLClientSocketWin::GetSSLInfo(SSLInfo* ssl_info) {
429 ssl_info->Reset(); 429 ssl_info->Reset();
430
431 if (!server_cert_) 430 if (!server_cert_)
432 return; 431 return;
433 432
434 ssl_info->cert = server_cert_; 433 ssl_info->cert = server_cert_;
435 ssl_info->cert_status = server_cert_verify_result_.cert_status; 434 ssl_info->cert_status = server_cert_verify_result_.cert_status;
436 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; 435 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
437 ssl_info->is_issued_by_known_root = 436 ssl_info->is_issued_by_known_root =
438 server_cert_verify_result_.is_issued_by_known_root; 437 server_cert_verify_result_.is_issued_by_known_root;
439 SecPkgContext_ConnectionInfo connection_info; 438 SecPkgContext_ConnectionInfo connection_info;
440 SECURITY_STATUS status = QueryContextAttributes( 439 SECURITY_STATUS status = QueryContextAttributes(
(...skipping 715 matching lines...) Expand 10 before | Expand all | Expand 10 after
1156 // Set server_cert_status_ and return OK or a network error. 1155 // Set server_cert_status_ and return OK or a network error.
1157 int SSLClientSocketWin::DoVerifyCert() { 1156 int SSLClientSocketWin::DoVerifyCert() {
1158 next_state_ = STATE_VERIFY_CERT_COMPLETE; 1157 next_state_ = STATE_VERIFY_CERT_COMPLETE;
1159 1158
1160 DCHECK(server_cert_); 1159 DCHECK(server_cert_);
1161 int cert_status; 1160 int cert_status;
1162 if (ssl_config_.IsAllowedBadCert(server_cert_, &cert_status)) { 1161 if (ssl_config_.IsAllowedBadCert(server_cert_, &cert_status)) {
1163 VLOG(1) << "Received an expected bad cert with status: " << cert_status; 1162 VLOG(1) << "Received an expected bad cert with status: " << cert_status;
1164 server_cert_verify_result_.Reset(); 1163 server_cert_verify_result_.Reset();
1165 server_cert_verify_result_.cert_status = cert_status; 1164 server_cert_verify_result_.cert_status = cert_status;
1165 server_cert_verify_result_.verified_cert = server_cert_;
1166 return OK; 1166 return OK;
1167 } 1167 }
1168 1168
1169 int flags = 0; 1169 int flags = 0;
1170 if (ssl_config_.rev_checking_enabled) 1170 if (ssl_config_.rev_checking_enabled)
1171 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 1171 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
1172 if (ssl_config_.verify_ev_cert) 1172 if (ssl_config_.verify_ev_cert)
1173 flags |= X509Certificate::VERIFY_EV_CERT; 1173 flags |= X509Certificate::VERIFY_EV_CERT;
1174 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); 1174 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
1175 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, 1175 return verifier_->Verify(server_cert_, host_and_port_.host(), flags,
(...skipping 375 matching lines...) Expand 10 before | Expand all | Expand 10 after
1551 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); 1551 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
1552 } 1552 }
1553 1553
1554 void SSLClientSocketWin::FreeSendBuffer() { 1554 void SSLClientSocketWin::FreeSendBuffer() {
1555 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); 1555 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
1556 DCHECK(status == SEC_E_OK); 1556 DCHECK(status == SEC_E_OK);
1557 memset(&send_buffer_, 0, sizeof(send_buffer_)); 1557 memset(&send_buffer_, 0, sizeof(send_buffer_));
1558 } 1558 }
1559 1559
1560 } // namespace net 1560 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698