| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 1553 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1564 server_cert_verify_result_.cert_status |= | 1564 server_cert_verify_result_.cert_status |= |
| 1565 CERT_STATUS_CT_COMPLIANCE_FAILED; | 1565 CERT_STATUS_CT_COMPLIANCE_FAILED; |
| 1566 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1566 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 1567 } | 1567 } |
| 1568 } | 1568 } |
| 1569 ct_verify_result_.cert_policy_compliance = | 1569 ct_verify_result_.cert_policy_compliance = |
| 1570 policy_enforcer_->DoesConformToCertPolicy( | 1570 policy_enforcer_->DoesConformToCertPolicy( |
| 1571 server_cert_verify_result_.verified_cert.get(), verified_scts, | 1571 server_cert_verify_result_.verified_cert.get(), verified_scts, |
| 1572 net_log_); | 1572 net_log_); |
| 1573 | 1573 |
| 1574 if (ct_verify_result_.cert_policy_compliance != | 1574 if (transport_security_state_->CheckCTRequirements( |
| 1575 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS && | 1575 host_and_port_, server_cert_verify_result_.is_issued_by_known_root, |
| 1576 ct_verify_result_.cert_policy_compliance != | 1576 server_cert_verify_result_.public_key_hashes, |
| 1577 ct::CertPolicyCompliance::CERT_POLICY_BUILD_NOT_TIMELY && | 1577 server_cert_verify_result_.verified_cert.get(), server_cert_.get(), |
| 1578 transport_security_state_->ShouldRequireCT( | 1578 ct_verify_result_.scts, |
| 1579 host_and_port_.host(), server_cert_verify_result_.verified_cert.get(), | 1579 TransportSecurityState::ENABLE_EXPECT_CT_REPORTS, |
| 1580 server_cert_verify_result_.public_key_hashes)) { | 1580 ct_verify_result_.cert_policy_compliance) != |
| 1581 TransportSecurityState::CT_REQUIREMENTS_MET) { |
| 1581 server_cert_verify_result_.cert_status |= | 1582 server_cert_verify_result_.cert_status |= |
| 1582 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; | 1583 CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED; |
| 1583 return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; | 1584 return ERR_CERTIFICATE_TRANSPARENCY_REQUIRED; |
| 1584 } | 1585 } |
| 1585 | 1586 |
| 1586 return OK; | 1587 return OK; |
| 1587 } | 1588 } |
| 1588 | 1589 |
| 1589 int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { | 1590 int SSLClientSocketImpl::ClientCertRequestCallback(SSL* ssl) { |
| 1590 DCHECK(ssl == ssl_.get()); | 1591 DCHECK(ssl == ssl_.get()); |
| (...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1982 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 1983 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 1983 !certificate_requested_) { | 1984 !certificate_requested_) { |
| 1984 net_error = ERR_SSL_PROTOCOL_ERROR; | 1985 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 1985 } | 1986 } |
| 1986 } | 1987 } |
| 1987 | 1988 |
| 1988 return net_error; | 1989 return net_error; |
| 1989 } | 1990 } |
| 1990 | 1991 |
| 1991 } // namespace net | 1992 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2850033002:
Check Expect-CT at connection setup (Closed)
