OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/cert/cert_verify_proc_openssl.h" | 5 #include "net/cert/cert_verify_proc_openssl.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
102 if (i == 0) { | 102 if (i == 0) { |
103 verified_cert = cert; | 103 verified_cert = cert; |
104 } else { | 104 } else { |
105 verified_chain.push_back(cert); | 105 verified_chain.push_back(cert); |
106 } | 106 } |
107 } | 107 } |
108 | 108 |
109 // Set verify_result->verified_cert and | 109 // Set verify_result->verified_cert and |
110 // verify_result->is_issued_by_known_root. | 110 // verify_result->is_issued_by_known_root. |
111 if (verified_cert) { | 111 if (verified_cert) { |
112 verify_result->verified_cert = | 112 scoped_refptr<X509Certificate> verified_cert_with_chain = |
113 X509Certificate::CreateFromHandle(verified_cert, verified_chain); | 113 X509Certificate::CreateFromHandle(verified_cert, verified_chain); |
| 114 if (verified_cert_with_chain) |
| 115 verify_result->verified_cert = std::move(verified_cert_with_chain); |
| 116 else |
| 117 verify_result->cert_status |= CERT_STATUS_INVALID; |
114 | 118 |
115 // For OpenSSL builds, only certificates used for unit tests are treated | 119 // For OpenSSL builds, only certificates used for unit tests are treated |
116 // as not issued by known roots. The only way to determine whether a | 120 // as not issued by known roots. The only way to determine whether a |
117 // certificate is issued by a known root using OpenSSL is to examine | 121 // certificate is issued by a known root using OpenSSL is to examine |
118 // distro-and-release specific hardcoded lists. | 122 // distro-and-release specific hardcoded lists. |
119 verify_result->is_issued_by_known_root = true; | 123 verify_result->is_issued_by_known_root = true; |
120 if (TestRootCerts::HasInstance()) { | 124 if (TestRootCerts::HasInstance()) { |
121 X509* root = NULL; | 125 X509* root = NULL; |
122 if (verified_chain.empty()) { | 126 if (verified_chain.empty()) { |
123 root = verified_cert; | 127 root = verified_cert; |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
215 GetCertChainInfo(ctx.get(), verify_result); | 219 GetCertChainInfo(ctx.get(), verify_result); |
216 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); | 220 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); |
217 | 221 |
218 if (IsCertStatusError(verify_result->cert_status)) | 222 if (IsCertStatusError(verify_result->cert_status)) |
219 return MapCertStatusToNetError(verify_result->cert_status); | 223 return MapCertStatusToNetError(verify_result->cert_status); |
220 | 224 |
221 return OK; | 225 return OK; |
222 } | 226 } |
223 | 227 |
224 } // namespace net | 228 } // namespace net |
OLD | NEW |