Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(443)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/test_root_certs_mac.cc

Issue 14492003: Work around GTE CyberTrust/Baltimore CyberTrust cross-signing issues (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Review feedback Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/test_root_certs.h ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/test_root_certs.h" 5 #include "net/cert/test_root_certs.h"
6 6
7 #include <Security/Security.h> 7 #include <Security/Security.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/mac/mac_util.h" 10 #include "base/mac/mac_util.h"
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after
70 return noErr; 70 return noErr;
71 71
72 // Despite SecTrustSetAnchorCertificatesOnly existing in OS X 10.6, and 72 // Despite SecTrustSetAnchorCertificatesOnly existing in OS X 10.6, and
73 // being documented as available, it is not actually implemented. On 10.7+, 73 // being documented as available, it is not actually implemented. On 10.7+,
74 // however, it always works. 74 // however, it always works.
75 if (base::mac::IsOSLionOrLater()) { 75 if (base::mac::IsOSLionOrLater()) {
76 OSStatus status = SecTrustSetAnchorCertificates(trust_ref, 76 OSStatus status = SecTrustSetAnchorCertificates(trust_ref,
77 temporary_roots_); 77 temporary_roots_);
78 if (status) 78 if (status)
79 return status; 79 return status;
80 // Trust system store in addition to trusting |temporary_roots_|. 80 return SecTrustSetAnchorCertificatesOnly(trust_ref, !allow_system_trust_);
81 return SecTrustSetAnchorCertificatesOnly(trust_ref, false);
82 } 81 }
83 82
84 // For OS X 10.6, emulate the functionality by copying the system roots 83 if (!allow_system_trust_) {
85 // in addition to |temporary_roots_|. 84 // Avoid any copying if system roots are not to be trusted. This acts as
85 // an exclusive list on 10.6, replacing the built-ins.
86 return SecTrustSetAnchorCertificates(trust_ref, temporary_roots_);
87 }
88
89 // Otherwise, both system trust and temporary_roots_ must be trusted.
90 // Emulate the functionality of SecTrustSetAnchorCertificatesOnly by
91 // creating a copy of the system roots and merging with temporary_roots_.
86 CFArrayRef system_roots = NULL; 92 CFArrayRef system_roots = NULL;
87 OSStatus status = SecTrustCopyAnchorCertificates(&system_roots); 93 OSStatus status = SecTrustCopyAnchorCertificates(&system_roots);
88 if (status) 94 if (status)
89 return status; 95 return status;
90 96
91 base::mac::ScopedCFTypeRef<CFArrayRef> scoped_system_roots(system_roots); 97 base::mac::ScopedCFTypeRef<CFArrayRef> scoped_system_roots(system_roots);
92 base::mac::ScopedCFTypeRef<CFMutableArrayRef> scoped_roots( 98 base::mac::ScopedCFTypeRef<CFMutableArrayRef> scoped_roots(
93 CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, scoped_system_roots)); 99 CFArrayCreateMutableCopy(kCFAllocatorDefault, 0, scoped_system_roots));
94 CFArrayAppendArray(scoped_roots, temporary_roots_, 100 CFArrayAppendArray(scoped_roots, temporary_roots_,
95 CFRangeMake(0, CFArrayGetCount(temporary_roots_))); 101 CFRangeMake(0, CFArrayGetCount(temporary_roots_)));
96 return SecTrustSetAnchorCertificates(trust_ref, scoped_roots); 102 return SecTrustSetAnchorCertificates(trust_ref, scoped_roots);
97 } 103 }
98 104
105 void TestRootCerts::SetAllowSystemTrust(bool allow_system_trust) {
106 allow_system_trust_ = allow_system_trust;
107 }
108
99 TestRootCerts::~TestRootCerts() {} 109 TestRootCerts::~TestRootCerts() {}
100 110
101 void TestRootCerts::Init() { 111 void TestRootCerts::Init() {
102 temporary_roots_.reset(CFArrayCreateMutable(kCFAllocatorDefault, 0, 112 temporary_roots_.reset(CFArrayCreateMutable(kCFAllocatorDefault, 0,
103 &kCertArrayCallbacks)); 113 &kCertArrayCallbacks));
114 allow_system_trust_ = true;
104 } 115 }
105 116
106 } // namespace net 117 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/test_root_certs.h ('k') | net/data/ssl/certificates/README » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698