Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1956)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 86503002: Certificate Transparency: Logging SCTs to the NetLog. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressing review comments Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/multi_log_ct_verifier.cc ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 2a44fb82704e8658e340da0a9ca7ec99e8029ed7..58193a5fa07f477de6135b70a16db77f6b5363b7 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -93,6 +93,7 @@
#include "net/cert/asn1_util.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verifier.h"
+#include "net/cert/ct_signed_certificate_timestamp_log_param.h"
#include "net/cert/ct_verifier.h"
#include "net/cert/scoped_nss_types.h"
#include "net/cert/single_request_cert_verifier.h"
@@ -3481,7 +3482,8 @@ void SSLClientSocketNSS::VerifyCT() {
server_cert_verify_result_.verified_cert,
std::string(), // SCT list from OCSP response
std::string(), // SCT list from TLS extension
- &ct_verify_result_);
+ &ct_verify_result_,
+ net_log_);
VLOG(1) << "CT Verification complete: result " << result
<< " Unverified scts: " << ct_verify_result_.unverified_scts.size()
@@ -3489,9 +3491,17 @@ void SSLClientSocketNSS::VerifyCT() {
<< " scts from unknown logs: "
<< ct_verify_result_.unknown_logs_scts.size();
+ NetLog::ParametersCallback net_log_callback =
+ base::Bind(&NetLogSignedCertificateTimestampCallback,
+ &ct_verify_result_);
+
+ net_log_.AddEvent(
+ NetLog::TYPE_SSL_SIGNED_CERTIFICATE_TIMESTAMPS_CHECKED,
wtc 2013/11/27 16:00:58 1. I think this event should be added inside the c
Eran M. (Google) 2013/11/27 22:08:50 1. Done. 2. Yes, I want to distinct "verified val
+ net_log_callback);
if (!ct_verify_result_.unverified_scts.empty() ||
!ct_verify_result_.unknown_logs_scts.empty() ||
!ct_verify_result_.verified_scts.empty()) {
+
wtc 2013/11/27 16:00:58 Nit: delete this blank line. I would also add a b
Eran M. (Google) 2013/11/27 22:08:50 Done.
// Saving CT state in cert_status bits, in addition to the SCTs themselves
// (which will be threaded into the SSLInfo, as well as into the HTTP
// cache).
« net/cert/multi_log_ct_verifier.cc ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698