Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(924)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 10272036: Fix the official build. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 1748 matching lines...) Expand 10 before | Expand all | Expand 10 after
1759 1759
1760 const CertStatus cert_status = server_cert_verify_result_->cert_status; 1760 const CertStatus cert_status = server_cert_verify_result_->cert_status;
1761 if ((result == OK || (IsCertificateError(result) && 1761 if ((result == OK || (IsCertificateError(result) &&
1762 IsCertStatusMinorError(cert_status))) && 1762 IsCertStatusMinorError(cert_status))) &&
1763 server_cert_verify_result_->is_issued_by_known_root && 1763 server_cert_verify_result_->is_issued_by_known_root &&
1764 transport_security_state_) { 1764 transport_security_state_) {
1765 bool sni_available = ssl_config_.tls1_enabled || ssl_config_.ssl3_fallback; 1765 bool sni_available = ssl_config_.tls1_enabled || ssl_config_.ssl3_fallback;
1766 const std::string& host = host_and_port_.host(); 1766 const std::string& host = host_and_port_.host();
1767 1767
1768 TransportSecurityState::DomainState domain_state; 1768 TransportSecurityState::DomainState domain_state;
1769 if (transport_security_state_->HasPinsForHost( 1769 if (transport_security_state_->GetDomainState(host, sni_available,
1770 &domain_state, host, sni_available)) { 1770 &domain_state) &&
1771 domain_state.HasPins()) {
1771 if (!domain_state.IsChainOfPublicKeysPermitted( 1772 if (!domain_state.IsChainOfPublicKeysPermitted(
1772 server_cert_verify_result_->public_key_hashes)) { 1773 server_cert_verify_result_->public_key_hashes)) {
1773 const base::Time build_time = base::GetBuildTime(); 1774 const base::Time build_time = base::GetBuildTime();
1774 // Pins are not enforced if the build is sufficiently old. Chrome 1775 // Pins are not enforced if the build is sufficiently old. Chrome
1775 // users should get updates every six weeks or so, but it's possible 1776 // users should get updates every six weeks or so, but it's possible
1776 // that some users will stop getting updates for some reason. We 1777 // that some users will stop getting updates for some reason. We
1777 // don't want those users building up as a pool of people with bad 1778 // don't want those users building up as a pool of people with bad
1778 // pins. 1779 // pins.
1779 if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) { 1780 if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) {
1780 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 1781 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
(...skipping 815 matching lines...) Expand 10 before | Expand all | Expand 10 after
2596 EnsureThreadIdAssigned(); 2597 EnsureThreadIdAssigned();
2597 base::AutoLock auto_lock(lock_); 2598 base::AutoLock auto_lock(lock_);
2598 return valid_thread_id_ == base::PlatformThread::CurrentId(); 2599 return valid_thread_id_ == base::PlatformThread::CurrentId();
2599 } 2600 }
2600 2601
2601 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { 2602 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
2602 return server_bound_cert_service_; 2603 return server_bound_cert_service_;
2603 } 2604 }
2604 2605
2605 } // namespace net 2606 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698