OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 1553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1564 server_cert_verify_result_.cert_status |= | 1564 server_cert_verify_result_.cert_status |= |
1565 CERT_STATUS_CT_COMPLIANCE_FAILED; | 1565 CERT_STATUS_CT_COMPLIANCE_FAILED; |
1566 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1566 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
1567 } | 1567 } |
1568 } | 1568 } |
1569 ct_verify_result_.cert_policy_compliance = | 1569 ct_verify_result_.cert_policy_compliance = |
1570 policy_enforcer_->DoesConformToCertPolicy( | 1570 policy_enforcer_->DoesConformToCertPolicy( |
1571 server_cert_verify_result_.verified_cert.get(), verified_scts, | 1571 server_cert_verify_result_.verified_cert.get(), verified_scts, |
1572 net_log_); | 1572 net_log_); |
1573 | 1573 |
1574 if (ct_verify_result_.cert_policy_compliance != | 1574 if (transport_security_state_->CheckCTRequirements( |
1575 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && | 1575 host_and_port_, server_cert_verify_result_.is_issued_by_known_root, |
1576 ct_verify_result_.cert_policy_compliance != | 1576 server_cert_verify_result_.public_key_hashes, |
1577 ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY && | 1577 server_cert_verify_result_.verified_cert.get(), server_cert_.get(), |
1578 transport_security_state_->ShouldRequireCT( | 1578 ct_verify_result_.scts, |
1579 host_and_port_.host(), server_cert_verify_result_.verified_cert.get(), | 1579 TransportSecurityState::ENABLE_EXPECT_CT_REPORTS, |
1580 server_cert_verify_result_.public_key_hashes)) { | 1580 ct_verify_result_.cert_policy_compliance) != |
| 1581 TransportSecurityState::CT_REQUIREMENTS_MET) { |
1581 server_cert_verify_result_.cert_status |= | 1582 server_cert_verify_result_.cert_status |= |
1582 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; | 1583 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; |
1583 return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; | 1584 return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; |
1584 } | 1585 } |
1585 | 1586 |
1586 return OK; | 1587 return OK; |
1587 } | 1588 } |
1588 | 1589 |
1589 int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { | 1590 int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { |
1590 DCHECK(ssl == ssl_.get()); | 1591 DCHECK(ssl == ssl_.get()); |
(...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1982 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 1983 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
1983 !certificate_requested_) { | 1984 !certificate_requested_) { |
1984 net_error = ERR_SSL_PROTOCOL_ERROR; | 1985 net_error = ERR_SSL_PROTOCOL_ERROR; |
1985 } | 1986 } |
1986 } | 1987 } |
1987 | 1988 |
1988 return net_error; | 1989 return net_error; |
1989 } | 1990 } |
1990 | 1991 |
1991 } // namespace net | 1992 } // namespace net |
OLD | NEW |