OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 1137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1148 scoped_refptr<X509Certificate> client_cert; | 1148 scoped_refptr<X509Certificate> client_cert; |
1149 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup( | 1149 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup( |
1150 response_.cert_request_info->host_and_port, &client_cert); | 1150 response_.cert_request_info->host_and_port, &client_cert); |
1151 if (!found_cached_cert) | 1151 if (!found_cached_cert) |
1152 return error; | 1152 return error; |
1153 | 1153 |
1154 // Check that the certificate selected is still a certificate the server | 1154 // Check that the certificate selected is still a certificate the server |
1155 // is likely to accept, based on the criteria supplied in the | 1155 // is likely to accept, based on the criteria supplied in the |
1156 // CertificateRequest message. | 1156 // CertificateRequest message. |
1157 if (client_cert) { | 1157 if (client_cert) { |
1158 const std::vector<scoped_refptr<X509Certificate> >& client_certs = | 1158 bool cert_still_valid = client_cert->IsValidClientCertificate( |
1159 response_.cert_request_info->client_certs; | 1159 *(response_.cert_request_info.get())); |
1160 bool cert_still_valid = false; | |
1161 for (size_t i = 0; i < client_certs.size(); ++i) { | |
1162 if (client_cert->Equals(client_certs[i])) { | |
1163 cert_still_valid = true; | |
1164 break; | |
1165 } | |
1166 } | |
1167 | |
1168 if (!cert_still_valid) | 1160 if (!cert_still_valid) |
1169 return error; | 1161 return error; |
1170 } | 1162 } |
1171 | 1163 |
1172 // TODO(davidben): Add a unit test which covers this path; we need to be | 1164 // TODO(davidben): Add a unit test which covers this path; we need to be |
1173 // able to send a legitimate certificate and also bypass/clear the | 1165 // able to send a legitimate certificate and also bypass/clear the |
1174 // SSL session cache. | 1166 // SSL session cache. |
1175 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? | 1167 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? |
1176 &proxy_ssl_config_ : &server_ssl_config_; | 1168 &proxy_ssl_config_ : &server_ssl_config_; |
1177 ssl_config->send_client_cert = true; | 1169 ssl_config->send_client_cert = true; |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1436 description = base::StringPrintf("Unknown state 0x%08X (%u)", state, | 1428 description = base::StringPrintf("Unknown state 0x%08X (%u)", state, |
1437 state); | 1429 state); |
1438 break; | 1430 break; |
1439 } | 1431 } |
1440 return description; | 1432 return description; |
1441 } | 1433 } |
1442 | 1434 |
1443 #undef STATE_CASE | 1435 #undef STATE_CASE |
1444 | 1436 |
1445 } // namespace net | 1437 } // namespace net |
OLD | NEW |