| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 610 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 621 NOTREACHED(); | 621 NOTREACHED(); |
| 622 return false; | 622 return false; |
| 623 } | 623 } |
| 624 | 624 |
| 625 bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { | 625 bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { |
| 626 ssl_info->Reset(); | 626 ssl_info->Reset(); |
| 627 if (server_cert_chain_->empty()) | 627 if (server_cert_chain_->empty()) |
| 628 return false; | 628 return false; |
| 629 | 629 |
| 630 ssl_info->cert = server_cert_verify_result_.verified_cert; | 630 ssl_info->cert = server_cert_verify_result_.verified_cert; |
| 631 ssl_info->unverified_server_cert = |
| 632 server_cert_verify_result_.unverified_server_cert; |
| 631 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 633 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
| 632 ssl_info->is_issued_by_known_root = | 634 ssl_info->is_issued_by_known_root = |
| 633 server_cert_verify_result_.is_issued_by_known_root; | 635 server_cert_verify_result_.is_issued_by_known_root; |
| 634 ssl_info->public_key_hashes = | 636 ssl_info->public_key_hashes = |
| 635 server_cert_verify_result_.public_key_hashes; | 637 server_cert_verify_result_.public_key_hashes; |
| 636 ssl_info->client_cert_sent = | 638 ssl_info->client_cert_sent = |
| 637 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | 639 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
| 638 ssl_info->channel_id_sent = WasChannelIDSent(); | 640 ssl_info->channel_id_sent = WasChannelIDSent(); |
| 639 ssl_info->pinning_failure_log = pinning_failure_log_; | 641 ssl_info->pinning_failure_log = pinning_failure_log_; |
| 640 | 642 |
| (...skipping 512 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1153 if (!x509_util::GetDER(server_cert_chain_->Get(0), &der_cert)) { | 1155 if (!x509_util::GetDER(server_cert_chain_->Get(0), &der_cert)) { |
| 1154 NOTREACHED(); | 1156 NOTREACHED(); |
| 1155 return ERR_CERT_INVALID; | 1157 return ERR_CERT_INVALID; |
| 1156 } | 1158 } |
| 1157 CertStatus cert_status; | 1159 CertStatus cert_status; |
| 1158 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | 1160 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { |
| 1159 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | 1161 VLOG(1) << "Received an expected bad cert with status: " << cert_status; |
| 1160 server_cert_verify_result_.Reset(); | 1162 server_cert_verify_result_.Reset(); |
| 1161 server_cert_verify_result_.cert_status = cert_status; | 1163 server_cert_verify_result_.cert_status = cert_status; |
| 1162 server_cert_verify_result_.verified_cert = server_cert_; | 1164 server_cert_verify_result_.verified_cert = server_cert_; |
| 1165 server_cert_verify_result_.unverified_server_cert = server_cert_; |
| 1163 return OK; | 1166 return OK; |
| 1164 } | 1167 } |
| 1165 | 1168 |
| 1166 // When running in a sandbox, it may not be possible to create an | 1169 // When running in a sandbox, it may not be possible to create an |
| 1167 // X509Certificate*, as that may depend on OS functionality blocked | 1170 // X509Certificate*, as that may depend on OS functionality blocked |
| 1168 // in the sandbox. | 1171 // in the sandbox. |
| 1169 if (!server_cert_.get()) { | 1172 if (!server_cert_.get()) { |
| 1170 server_cert_verify_result_.Reset(); | 1173 server_cert_verify_result_.Reset(); |
| 1171 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | 1174 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; |
| 1172 return ERR_CERT_INVALID; | 1175 return ERR_CERT_INVALID; |
| (...skipping 847 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2020 } | 2023 } |
| 2021 for (ct::SCTList::const_iterator iter = | 2024 for (ct::SCTList::const_iterator iter = |
| 2022 ct_verify_result_.unknown_logs_scts.begin(); | 2025 ct_verify_result_.unknown_logs_scts.begin(); |
| 2023 iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) { | 2026 iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) { |
| 2024 ssl_info->signed_certificate_timestamps.push_back( | 2027 ssl_info->signed_certificate_timestamps.push_back( |
| 2025 SignedCertificateTimestampAndStatus(*iter, | 2028 SignedCertificateTimestampAndStatus(*iter, |
| 2026 ct::SCT_STATUS_LOG_UNKNOWN)); | 2029 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 2027 } | 2030 } |
| 2028 } | 2031 } |
| 2029 | 2032 |
| 2030 scoped_refptr<X509Certificate> | |
| 2031 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | |
| 2032 return server_cert_; | |
| 2033 } | |
| 2034 | |
| 2035 } // namespace net | 2033 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 949633002:
Include both certificate chains in invalid cert reporting (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master