net/socket/ssl_client_socket_nss.cc - Issue 10826257: Implement SHA-256 fingerprint support

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 10826257: Implement SHA-256 fingerprint support (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/socket/ssl_client_socket_nss.cc

===================================================================

--- net/socket/ssl_client_socket_nss.cc (revision 151057)

+++ net/socket/ssl_client_socket_nss.cc (working copy)

@@ -131,8 +131,8 @@

#elif defined(USE_NSS)

typedef SECStatus

(*CacheOCSPResponseFromSideChannelFunction)(

- CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time,

- SECItem *encodedResponse, void *pwArg);

+ CERTCertDBHandle* handle, CERTCertificate* cert, PRTime time,

+ SECItem* encodedResponse, void* pwArg);

Ryan Sleevi 2012/08/11 01:39:55 nit: Not sure this change is necessary. The style

palmer 2012/08/14 19:40:42 Ok, in that case I'll change it back.

// On Linux, we dynamically link against the system version of libnss3.so. In

// order to continue working on systems without up-to-date versions of NSS we

@@ -2763,10 +2763,14 @@

ssl_info->connection_status =

core_->state().ssl_connection_status;

ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;

- for (std::vector<SHA1Fingerprint>::const_iterator

- i = side_pinned_public_keys_.begin();

- i != side_pinned_public_keys_.end(); i++) {

- ssl_info->public_key_hashes.push_back(*i);

+ // TODO(palmer) TODO(agl): Do side pins need to be in both SHA1 and SHA256

+ // forms? If consumers of side pins only care about SHA1, it is OK to put

+ // them only in the HASH_VALUE_SHA1 vector.

Ryan Sleevi 2012/08/11 01:39:55 (file a) BUG or it didn't happen?

palmer 2012/08/14 19:40:42 agl is OK with leaving it as-is, so I'll remove th

+ HashValueVector& sha1_hashes =

+ ssl_info->public_key_hashes[HASH_VALUE_SHA1];

+ for (HashValueVector::const_iterator i = side_pinned_public_keys_.begin();

+ i != side_pinned_public_keys_.end(); ++i) {

+ sha1_hashes.push_back(*i);

}

ssl_info->is_issued_by_known_root =

server_cert_verify_result_.is_issued_by_known_root;