| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 3566 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3577 // from the state after verification is complete, to conserve memory. | 3577 // from the state after verification is complete, to conserve memory. |
| 3578 | 3578 |
| 3579 if (!policy_enforcer_) { | 3579 if (!policy_enforcer_) { |
| 3580 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 3580 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 3581 } else { | 3581 } else { |
| 3582 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { | 3582 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { |
| 3583 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 3583 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
| 3584 SSLConfigService::GetEVCertsWhitelist(); | 3584 SSLConfigService::GetEVCertsWhitelist(); |
| 3585 if (!policy_enforcer_->DoesConformToCTEVPolicy( | 3585 if (!policy_enforcer_->DoesConformToCTEVPolicy( |
| 3586 server_cert_verify_result_.verified_cert.get(), | 3586 server_cert_verify_result_.verified_cert.get(), |
| 3587 ev_whitelist.get(), ct_verify_result_)) { | 3587 ev_whitelist.get(), ct_verify_result_, net_log_)) { |
| 3588 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 | 3588 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
| 3589 VLOG(1) << "EV certificate for " | 3589 VLOG(1) << "EV certificate for " |
| 3590 << server_cert_verify_result_.verified_cert->subject() | 3590 << server_cert_verify_result_.verified_cert->subject() |
| 3591 .GetDisplayName() | 3591 .GetDisplayName() |
| 3592 << " does not conform to CT policy, removing EV status."; | 3592 << " does not conform to CT policy, removing EV status."; |
| 3593 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 3593 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 3594 } | 3594 } |
| 3595 } | 3595 } |
| 3596 } | 3596 } |
| 3597 } | 3597 } |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3634 scoped_refptr<X509Certificate> | 3634 scoped_refptr<X509Certificate> |
| 3635 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3635 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
| 3636 return core_->state().server_cert.get(); | 3636 return core_->state().server_cert.get(); |
| 3637 } | 3637 } |
| 3638 | 3638 |
| 3639 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3639 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
| 3640 return channel_id_service_; | 3640 return channel_id_service_; |
| 3641 } | 3641 } |
| 3642 | 3642 |
| 3643 } // namespace net | 3643 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 782333002:
Certificate Transparency: Adding finch and NetLog logging for EV certs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master