| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 1156 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1167 scoped_refptr<X509Certificate> client_cert; | 1167 scoped_refptr<X509Certificate> client_cert; |
| 1168 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup( | 1168 bool found_cached_cert = session_->ssl_client_auth_cache()->Lookup( |
| 1169 response_.cert_request_info->host_and_port, &client_cert); | 1169 response_.cert_request_info->host_and_port, &client_cert); |
| 1170 if (!found_cached_cert) | 1170 if (!found_cached_cert) |
| 1171 return error; | 1171 return error; |
| 1172 | 1172 |
| 1173 // Check that the certificate selected is still a certificate the server | 1173 // Check that the certificate selected is still a certificate the server |
| 1174 // is likely to accept, based on the criteria supplied in the | 1174 // is likely to accept, based on the criteria supplied in the |
| 1175 // CertificateRequest message. | 1175 // CertificateRequest message. |
| 1176 if (client_cert) { | 1176 if (client_cert) { |
| 1177 const std::vector<scoped_refptr<X509Certificate> >& client_certs = | 1177 const std::vector<std::string>& cert_authorities = |
| 1178 response_.cert_request_info->client_certs; | 1178 response_.cert_request_info->cert_authorities; |
| 1179 bool cert_still_valid = false; | |
| 1180 for (size_t i = 0; i < client_certs.size(); ++i) { | |
| 1181 if (client_cert->Equals(client_certs[i])) { | |
| 1182 cert_still_valid = true; | |
| 1183 break; | |
| 1184 } | |
| 1185 } | |
| 1186 | 1179 |
| 1180 bool cert_still_valid = cert_authorities.empty() || |
| 1181 client_cert->IsIssuedByEncoded(cert_authorities); |
| 1187 if (!cert_still_valid) | 1182 if (!cert_still_valid) |
| 1188 return error; | 1183 return error; |
| 1189 } | 1184 } |
| 1190 | 1185 |
| 1191 // TODO(davidben): Add a unit test which covers this path; we need to be | 1186 // TODO(davidben): Add a unit test which covers this path; we need to be |
| 1192 // able to send a legitimate certificate and also bypass/clear the | 1187 // able to send a legitimate certificate and also bypass/clear the |
| 1193 // SSL session cache. | 1188 // SSL session cache. |
| 1194 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? | 1189 SSLConfig* ssl_config = response_.cert_request_info->is_proxy ? |
| 1195 &proxy_ssl_config_ : &server_ssl_config_; | 1190 &proxy_ssl_config_ : &server_ssl_config_; |
| 1196 ssl_config->send_client_cert = true; | 1191 ssl_config->send_client_cert = true; |
| (...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1459 description = base::StringPrintf("Unknown state 0x%08X (%u)", state, | 1454 description = base::StringPrintf("Unknown state 0x%08X (%u)", state, |
| 1460 state); | 1455 state); |
| 1461 break; | 1456 break; |
| 1462 } | 1457 } |
| 1463 return description; | 1458 return description; |
| 1464 } | 1459 } |
| 1465 | 1460 |
| 1466 #undef STATE_CASE | 1461 #undef STATE_CASE |
| 1467 | 1462 |
| 1468 } // namespace net | 1463 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12035105:
Move client certificates retrieval logic out of the SSL sockets. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master