Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(63)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc.cc

Issue 949633002: Include both certificate chains in invalid cert reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add a comment to cert logger pb Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« chrome/browser/net/chrome_fraudulent_certificate_reporter.cc ('K') | « chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc ('k') | net/cert/cert_verify_proc_unittest.cc » ('j') | net/cert/cert_verify_result.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc.h" 5 #include "net/cert/cert_verify_proc.h"
6 6
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include "base/basictypes.h" 9 #include "base/basictypes.h"
10 #include "base/metrics/histogram.h" 10 #include "base/metrics/histogram.h"
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after
188 CertVerifyProc::~CertVerifyProc() {} 188 CertVerifyProc::~CertVerifyProc() {}
189 189
190 int CertVerifyProc::Verify(X509Certificate* cert, 190 int CertVerifyProc::Verify(X509Certificate* cert,
191 const std::string& hostname, 191 const std::string& hostname,
192 int flags, 192 int flags,
193 CRLSet* crl_set, 193 CRLSet* crl_set,
194 const CertificateList& additional_trust_anchors, 194 const CertificateList& additional_trust_anchors,
195 CertVerifyResult* verify_result) { 195 CertVerifyResult* verify_result) {
196 verify_result->Reset(); 196 verify_result->Reset();
197 verify_result->verified_cert = cert; 197 verify_result->verified_cert = cert;
198 // |verified_cert| will later be set to the actual verified
199 // certificate chain if verification is successful. Keep around the
200 // chain as sent by the server in |unverified_server_cert|.
201 verify_result->unverified_server_cert = cert;
198 202
199 if (IsBlacklisted(cert)) { 203 if (IsBlacklisted(cert)) {
200 verify_result->cert_status |= CERT_STATUS_REVOKED; 204 verify_result->cert_status |= CERT_STATUS_REVOKED;
201 return ERR_CERT_REVOKED; 205 return ERR_CERT_REVOKED;
202 } 206 }
203 207
204 // We do online revocation checking for EV certificates that aren't covered 208 // We do online revocation checking for EV certificates that aren't covered
205 // by a fresh CRLSet. 209 // by a fresh CRLSet.
206 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully 210 // TODO(rsleevi): http://crbug.com/142974 - Allow preferences to fully
207 // disable revocation checking. 211 // disable revocation checking.
(...skipping 455 matching lines...) Expand 10 before | Expand all | Expand 10 after
663 return true; 667 return true;
664 668
665 // For certificates issued after 1 April 2015: 39 months. 669 // For certificates issued after 1 April 2015: 39 months.
666 if (start >= time_2015_04_01 && month_diff > 39) 670 if (start >= time_2015_04_01 && month_diff > 39)
667 return true; 671 return true;
668 672
669 return false; 673 return false;
670 } 674 }
671 675
672 } // namespace net 676 } // namespace net
OLDNEW
« chrome/browser/net/chrome_fraudulent_certificate_reporter.cc ('K') | « chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc ('k') | net/cert/cert_verify_proc_unittest.cc » ('j') | net/cert/cert_verify_result.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698