| Index: net/socket/ssl_client_socket_nss.cc
|
| diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
|
| index 7cbdb0efa100b6c15162ed4b7f91b6236acec297..e457e8180c07697c2c7e3861473fcb097d1a6074 100644
|
| --- a/net/socket/ssl_client_socket_nss.cc
|
| +++ b/net/socket/ssl_client_socket_nss.cc
|
| @@ -94,7 +94,9 @@
|
| #include "net/cert/cert_status_flags.h"
|
| #include "net/cert/cert_verifier.h"
|
| #include "net/cert/ct_verifier.h"
|
| +#include "net/cert/ct_verify_result.h"
|
| #include "net/cert/scoped_nss_types.h"
|
| +#include "net/cert/sct_status_flags.h"
|
| #include "net/cert/single_request_cert_verifier.h"
|
| #include "net/cert/x509_certificate_net_log_param.h"
|
| #include "net/cert/x509_util.h"
|
| @@ -2803,6 +2805,9 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
|
|
|
| ssl_info->cert_status = server_cert_verify_result_.cert_status;
|
| ssl_info->cert = server_cert_verify_result_.verified_cert;
|
| +
|
| + AddSCTInfoToSSLInfo(ssl_info);
|
| +
|
| ssl_info->connection_status =
|
| core_->state().ssl_connection_status;
|
| ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
|
| @@ -3496,12 +3501,12 @@ int SSLClientSocketNSS::DoVerifyCT(int result) {
|
|
|
| int SSLClientSocketNSS::DoVerifyCTComplete(int result) {
|
| VLOG(1) << "CT Verification complete: result " << result
|
| - << " Unverified scts: " << ct_verify_result_.unverified_scts.size()
|
| + << " Invalid scts: " << ct_verify_result_.invalid_scts.size()
|
| << " Verified scts: " << ct_verify_result_.verified_scts.size()
|
| << " scts from unknown logs: "
|
| << ct_verify_result_.unknown_logs_scts.size();
|
|
|
| - if (!ct_verify_result_.unverified_scts.empty() ||
|
| + if (!ct_verify_result_.invalid_scts.empty() ||
|
| !ct_verify_result_.unknown_logs_scts.empty() ||
|
| !ct_verify_result_.verified_scts.empty()) {
|
|
|
| @@ -3512,7 +3517,7 @@ int SSLClientSocketNSS::DoVerifyCTComplete(int result) {
|
| // the right CT info to display.
|
| bool has_verified_scts = !ct_verify_result_.verified_scts.empty() &&
|
| result == OK;
|
| - if (has_verified_scts || !ct_verify_result_.unverified_scts.empty()) {
|
| + if (has_verified_scts || !ct_verify_result_.invalid_scts.empty()) {
|
| // Found SCTs from a known log.
|
| server_cert_verify_result_.cert_status =
|
| CERT_STATUS_HAS_SCT_FROM_KNOWN_LOG;
|
| @@ -3569,6 +3574,28 @@ bool SSLClientSocketNSS::CalledOnValidThread() const {
|
| return valid_thread_id_ == base::PlatformThread::CurrentId();
|
| }
|
|
|
| +void SSLClientSocketNSS::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const {
|
| + for (ct::SCTList::const_iterator iter =
|
| + ct_verify_result_.verified_scts.begin();
|
| + iter != ct_verify_result_.verified_scts.end(); ++iter) {
|
| + ssl_info->signed_certificate_timestamps.push_back(
|
| + SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_OK));
|
| + }
|
| + for (ct::SCTList::const_iterator iter =
|
| + ct_verify_result_.invalid_scts.begin();
|
| + iter != ct_verify_result_.invalid_scts.end(); ++iter) {
|
| + ssl_info->signed_certificate_timestamps.push_back(
|
| + SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_INVALID));
|
| + }
|
| + for (ct::SCTList::const_iterator iter =
|
| + ct_verify_result_.unknown_logs_scts.begin();
|
| + iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) {
|
| + ssl_info->signed_certificate_timestamps.push_back(
|
| + SignedCertificateTimestampAndStatus(*iter,
|
| + ct::SCT_STATUS_LOG_UNKNOWN));
|
| + }
|
| +}
|
| +
|
| ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
|
| return server_bound_cert_service_;
|
| }
|
|
|
Chromium Code Reviews
Issue 88643002:
SignedCertificateTimestamp storing & serialization code. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@erans_patches