Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(513)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 88643002: SignedCertificateTimestamp storing & serialization code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@erans_patches
Patch Set: fixes Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | net/ssl/signed_certificate_timestamp_and_status.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index fa85b0568c7acfd10d555f9998a361c748cc0dba..cec13d61fc4fcd28c45bd457b6efc042d7f4632f 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -94,7 +94,9 @@
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_verifier.h"
+#include "net/cert/ct_verify_result.h"
#include "net/cert/scoped_nss_types.h"
+#include "net/cert/sct_status_flags.h"
#include "net/cert/single_request_cert_verifier.h"
#include "net/cert/x509_certificate_net_log_param.h"
#include "net/cert/x509_util.h"
@@ -2823,6 +2825,9 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->cert_status = server_cert_verify_result_.cert_status;
ssl_info->cert = server_cert_verify_result_.verified_cert;
+
+ AddSCTInfoToSSLInfo(ssl_info);
+
ssl_info->connection_status =
core_->state().ssl_connection_status;
ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
@@ -3513,7 +3518,7 @@ void SSLClientSocketNSS::VerifyCT() {
&ct_verify_result_);
VLOG(1) << "CT Verification complete: result " << result
- << " Unverified scts: " << ct_verify_result_.unverified_scts.size()
+ << " Invalid scts: " << ct_verify_result_.invalid_scts.size()
<< " Verified scts: " << ct_verify_result_.verified_scts.size()
<< " scts from unknown logs: "
<< ct_verify_result_.unknown_logs_scts.size();
@@ -3555,6 +3560,28 @@ bool SSLClientSocketNSS::CalledOnValidThread() const {
return valid_thread_id_ == base::PlatformThread::CurrentId();
}
+void SSLClientSocketNSS::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const {
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.verified_scts.begin();
+ iter != ct_verify_result_.verified_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_OK));
+ }
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.invalid_scts.begin();
+ iter != ct_verify_result_.invalid_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_INVALID));
+ }
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.unknown_logs_scts.begin();
+ iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ SignedCertificateTimestampAndStatus(*iter,
+ ct::SCT_STATUS_LOG_UNKNOWN));
+ }
+}
+
ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
return server_bound_cert_service_;
}
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | net/ssl/signed_certificate_timestamp_and_status.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698