Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(680)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 88643002: SignedCertificateTimestamp storing & serialization code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@erans_patches
Patch Set: Fixes for jam. Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/socket/ssl_client_socket_nss.h ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/ssl/ssl_info.h » ('j') | net/ssl/ssl_info.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 7cbdb0efa100b6c15162ed4b7f91b6236acec297..58926f4566272dde595897a429ad52acb8205a97 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -94,7 +94,9 @@
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_verifier.h"
+#include "net/cert/ct_verify_result.h"
#include "net/cert/scoped_nss_types.h"
+#include "net/cert/sct_status_flags.h"
#include "net/cert/single_request_cert_verifier.h"
#include "net/cert/x509_certificate_net_log_param.h"
#include "net/cert/x509_util.h"
@@ -2793,6 +2795,27 @@ void SSLClientSocket::ClearSessionCache() {
SSL_ClearSessionCache();
}
+void SSLClientSocketNSS::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const {
wtc 2013/11/27 16:32:41 The Style Guide recommends that functions be defin
alcutter 2013/11/27 18:05:55 Sorry, done.
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.verified_scts.begin();
+ iter != ct_verify_result_.verified_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ SignedCertificateTimestampAndStatus(*iter, SCT_STATUS_OK));
+ }
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.unverified_scts.begin();
+ iter != ct_verify_result_.unverified_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ SignedCertificateTimestampAndStatus(*iter, SCT_STATUS_INVALID));
wtc 2013/11/27 16:32:41 Nit: we should use the same term to describe this
alcutter 2013/11/27 18:05:55 I've changed "unverified_scts" to "invalid_scts" i
+ }
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.unknown_logs_scts.begin();
+ iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ SignedCertificateTimestampAndStatus(*iter, SCT_STATUS_LOG_UNKNOWN));
+ }
+}
+
bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
EnterFunction("");
ssl_info->Reset();
@@ -2803,6 +2826,9 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->cert_status = server_cert_verify_result_.cert_status;
ssl_info->cert = server_cert_verify_result_.verified_cert;
+
+ AddSCTInfoToSSLInfo(ssl_info);
+
ssl_info->connection_status =
core_->state().ssl_connection_status;
ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
« net/socket/ssl_client_socket_nss.h ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/ssl/ssl_info.h » ('j') | net/ssl/ssl_info.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698