net/base/x509_certificate_nss.cc - Issue 7792023: Merge 98741 to 782: Mark DigiNotar as untrusted

Side by Side Diff: net/base/x509_certificate_nss.cc

Issue 7792023: Merge 98741 to 782: Mark DigiNotar as untrusted (Closed) Base URL: svn://svn.chromium.org/chrome/branches/782/src

Patch Set: Created 9 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/base/x509_certificate.h"	5 #include "net/base/x509_certificate.h"

6	6

7 #include <cert.h>	7 #include <cert.h>

8 #include <cryptohi.h>	8 #include <cryptohi.h>

9 #include <keyhi.h>	9 #include <keyhi.h>

10 #include <nss.h>	10 #include <nss.h>

(...skipping 819 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
830	830

831 AppendPublicKeyHashes(cvout[cvout_cert_list_index].value.pointer.chain,	831 AppendPublicKeyHashes(cvout[cvout_cert_list_index].value.pointer.chain,

832 cvout[cvout_trust_anchor_index].value.pointer.cert,	832 cvout[cvout_trust_anchor_index].value.pointer.cert,

833 &verify_result->public_key_hashes);	833 &verify_result->public_key_hashes);

834	834

835 verify_result->is_issued_by_known_root =	835 verify_result->is_issued_by_known_root =

836 IsKnownRoot(cvout[cvout_trust_anchor_index].value.pointer.cert);	836 IsKnownRoot(cvout[cvout_trust_anchor_index].value.pointer.cert);

837	837

838 if ((flags & VERIFY_EV_CERT) && VerifyEV())	838 if ((flags & VERIFY_EV_CERT) && VerifyEV())

839 verify_result->cert_status \|= CERT_STATUS_IS_EV;	839 verify_result->cert_status \|= CERT_STATUS_IS_EV;

	840

	841 if (IsPublicKeyBlacklisted(verify_result->public_key_hashes)) {

	842 verify_result->cert_status \|= CERT_STATUS_AUTHORITY_INVALID;

	843 return MapCertStatusToNetError(verify_result->cert_status);

	844 }

	845

840 return OK;	846 return OK;

841 }	847 }

842	848

843 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const {	849 bool X509Certificate::VerifyNameMatch(const std::string& hostname) const {

844 return CERT_VerifyCertName(cert_handle_, hostname.c_str()) == SECSuccess;	850 return CERT_VerifyCertName(cert_handle_, hostname.c_str()) == SECSuccess;

845 }	851 }

846	852

847 // Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp	853 // Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp

848 // and nsNSSCertHelper.cpp) to learn how to verify EV certificate.	854 // and nsNSSCertHelper.cpp) to learn how to verify EV certificate.

849 // TODO(wtc): A possible optimization is that we get the trust anchor from	855 // TODO(wtc): A possible optimization is that we get the trust anchor from

(...skipping 155 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1005	1011

1006 // static	1012 // static

1007 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,	1013 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,

1008 Pickle* pickle) {	1014 Pickle* pickle) {

1009 return pickle->WriteData(	1015 return pickle->WriteData(

1010 reinterpret_cast<const char*>(cert_handle->derCert.data),	1016 reinterpret_cast<const char*>(cert_handle->derCert.data),

1011 cert_handle->derCert.len);	1017 cert_handle->derCert.len);

1012 }	1018 }

1013	1019

1014 } // namespace net	1020 } // namespace net

OLD	NEW

« no previous file with comments | « net/base/x509_certificate_mac.cc ('k') | net/base/x509_certificate_win.cc » ('j') | no next file with comments »