net/base/x509_certificate_nss.cc - Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify()

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate_nss.cc

Issue 6874039: Return the constructed certificate chain in X509Certificate::Verify() (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebased to trunk Created 9 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/x509_certificate_nss.cc

diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc

index 0162663ed9905bb5cf74954f6c3dc1f1a67bb340..7224020cb44e528318c204f10f3d6e70ff0dced2 100644

--- a/net/base/x509_certificate_nss.cc

+++ b/net/base/x509_certificate_nss.cc

@@ -168,19 +168,27 @@ int MapCertErrorToCertStatus(int err) {

// Saves some information about the certificate chain cert_list in

// *verify_result. The caller MUST initialize *verify_result before calling

// this function.

-// Note that cert_list[0] is the end entity certificate and cert_list doesn't

-// contain the root CA certificate.

+// Note that cert_list[0] is the end entity certificate.

void GetCertChainInfo(CERTCertList* cert_list,

+ CERTCertificate* root_cert,

CertVerifyResult* verify_result) {

// NOTE: Using a NSS library before 3.12.3.1 will crash below. To see the

// NSS version currently in use:

// 1. use ldd on the chrome executable for NSS's location (ie. libnss3.so*)

// 2. use ident libnss3.so* for the library's version

DCHECK(cert_list);

+ CERTCertificate* verified_cert = NULL;

+ std::vector<CERTCertificate*> verified_chain;

int i = 0;

for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);

!CERT_LIST_END(node, cert_list);

- node = CERT_LIST_NEXT(node), i++) {

+ node = CERT_LIST_NEXT(node), ++i) {

+ if (i == 0) {

+ verified_cert = node->cert;

+ } else {

+ verified_chain.push_back(node->cert);

+ }

SECAlgorithmID& signature = node->cert->signature;

SECOidTag oid_tag = SECOID_FindOIDTag(&signature.algorithm);

switch (oid_tag) {

@@ -201,6 +209,11 @@ void GetCertChainInfo(CERTCertList* cert_list,

break;

}

+ if (root_cert)

+ verified_chain.push_back(root_cert);

+ verify_result->verified_cert =

+ X509Certificate::CreateFromHandle(verified_cert, verified_chain);

}

// IsKnownRoot returns true if the given certificate is one that we believe

@@ -811,6 +824,7 @@ int X509Certificate::VerifyInternal(const std::string& hostname,

}

GetCertChainInfo(cvout[cvout_cert_list_index].value.pointer.chain,

+ cvout[cvout_trust_anchor_index].value.pointer.cert,

verify_result);

if (IsCertStatusError(verify_result->cert_status))

return MapCertStatusToNetError(verify_result->cert_status);

« no previous file with comments | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_openssl.cc » ('j') | no next file with comments »