| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 3550 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3561 // from the state after verification is complete, to conserve memory. | 3561 // from the state after verification is complete, to conserve memory. |
| 3562 | 3562 |
| 3563 if (!policy_enforcer_) { | 3563 if (!policy_enforcer_) { |
| 3564 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 3564 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 3565 } else { | 3565 } else { |
| 3566 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { | 3566 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { |
| 3567 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 3567 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
| 3568 SSLConfigService::GetEVCertsWhitelist(); | 3568 SSLConfigService::GetEVCertsWhitelist(); |
| 3569 if (!policy_enforcer_->DoesConformToCTEVPolicy( | 3569 if (!policy_enforcer_->DoesConformToCTEVPolicy( |
| 3570 server_cert_verify_result_.verified_cert.get(), | 3570 server_cert_verify_result_.verified_cert.get(), |
| 3571 ev_whitelist.get(), ct_verify_result_)) { | 3571 ev_whitelist.get(), ct_verify_result_, net_log_)) { |
| 3572 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 | 3572 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
| 3573 VLOG(1) << "EV certificate for " | 3573 VLOG(1) << "EV certificate for " |
| 3574 << server_cert_verify_result_.verified_cert->subject() | 3574 << server_cert_verify_result_.verified_cert->subject() |
| 3575 .GetDisplayName() | 3575 .GetDisplayName() |
| 3576 << " does not conform to CT policy, removing EV status."; | 3576 << " does not conform to CT policy, removing EV status."; |
| 3577 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 3577 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 3578 } | 3578 } |
| 3579 } | 3579 } |
| 3580 } | 3580 } |
| 3581 } | 3581 } |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3618 scoped_refptr<X509Certificate> | 3618 scoped_refptr<X509Certificate> |
| 3619 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3619 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
| 3620 return core_->state().server_cert.get(); | 3620 return core_->state().server_cert.get(); |
| 3621 } | 3621 } |
| 3622 | 3622 |
| 3623 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3623 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
| 3624 return channel_id_service_; | 3624 return channel_id_service_; |
| 3625 } | 3625 } |
| 3626 | 3626 |
| 3627 } // namespace net | 3627 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 782333002:
Certificate Transparency: Adding finch and NetLog logging for EV certs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master