Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1535)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 88643002: SignedCertificateTimestamp storing & serialization code. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@erans_patches
Patch Set: Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/signed_certificate_timestamp.cc ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 7cbdb0efa100b6c15162ed4b7f91b6236acec297..c4365d95bbe5cdea2ad7faeb21ee5888a2aa422d 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -94,7 +94,9 @@
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/ct_verifier.h"
+#include "net/cert/ct_verify_result.h"
#include "net/cert/scoped_nss_types.h"
+#include "net/cert/sct_status_flags.h"
#include "net/cert/single_request_cert_verifier.h"
#include "net/cert/x509_certificate_net_log_param.h"
#include "net/cert/x509_util.h"
@@ -2793,6 +2795,29 @@ void SSLClientSocket::ClearSessionCache() {
SSL_ClearSessionCache();
}
+void SSLClientSocketNSS::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const {
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.verified_scts.begin();
+ iter != ct_verify_result_.verified_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ net::SignedCertificateTimestampAndStatus(*iter, net::kSctStatusOk));
+ }
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.unverified_scts.begin();
+ iter != ct_verify_result_.unverified_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ net::SignedCertificateTimestampAndStatus(*iter,
+ net::kSctStatusInvalid));
+ }
+ for (ct::SCTList::const_iterator iter =
+ ct_verify_result_.unknown_logs_scts.begin();
+ iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) {
+ ssl_info->signed_certificate_timestamps.push_back(
+ net::SignedCertificateTimestampAndStatus(*iter,
+ net::kSctStatusLogUnknown));
+ }
+}
+
bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
EnterFunction("");
ssl_info->Reset();
@@ -2803,6 +2828,9 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->cert_status = server_cert_verify_result_.cert_status;
ssl_info->cert = server_cert_verify_result_.verified_cert;
+
+ AddSCTInfoToSSLInfo(ssl_info);
+
ssl_info->connection_status =
core_->state().ssl_connection_status;
ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
« net/cert/signed_certificate_timestamp.cc ('K') | « net/socket/ssl_client_socket_nss.h ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698