| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 1232 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1243 &ct_verify_result_, net_log_); | 1243 &ct_verify_result_, net_log_); |
| 1244 | 1244 |
| 1245 if (!policy_enforcer_) { | 1245 if (!policy_enforcer_) { |
| 1246 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1246 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 1247 } else { | 1247 } else { |
| 1248 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { | 1248 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { |
| 1249 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 1249 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
| 1250 SSLConfigService::GetEVCertsWhitelist(); | 1250 SSLConfigService::GetEVCertsWhitelist(); |
| 1251 if (!policy_enforcer_->DoesConformToCTEVPolicy( | 1251 if (!policy_enforcer_->DoesConformToCTEVPolicy( |
| 1252 server_cert_verify_result_.verified_cert.get(), | 1252 server_cert_verify_result_.verified_cert.get(), |
| 1253 ev_whitelist.get(), ct_verify_result_)) { | 1253 ev_whitelist.get(), ct_verify_result_, net_log_)) { |
| 1254 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 | 1254 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 |
| 1255 VLOG(1) << "EV certificate for " | 1255 VLOG(1) << "EV certificate for " |
| 1256 << server_cert_verify_result_.verified_cert->subject() | 1256 << server_cert_verify_result_.verified_cert->subject() |
| 1257 .GetDisplayName() | 1257 .GetDisplayName() |
| 1258 << " does not conform to CT policy, removing EV status."; | 1258 << " does not conform to CT policy, removing EV status."; |
| 1259 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1259 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 1260 } | 1260 } |
| 1261 } | 1261 } |
| 1262 } | 1262 } |
| 1263 } | 1263 } |
| (...skipping 639 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1903 ct::SCT_STATUS_LOG_UNKNOWN)); | 1903 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 1904 } | 1904 } |
| 1905 } | 1905 } |
| 1906 | 1906 |
| 1907 scoped_refptr<X509Certificate> | 1907 scoped_refptr<X509Certificate> |
| 1908 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1908 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1909 return server_cert_; | 1909 return server_cert_; |
| 1910 } | 1910 } |
| 1911 | 1911 |
| 1912 } // namespace net | 1912 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 782333002:
Certificate Transparency: Adding finch and NetLog logging for EV certs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master