Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(759)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 9415040: Refactor TransportSecurityState. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/x509_cert_types.h ('k') | net/socket_stream/socket_stream.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
===================================================================
--- net/socket/ssl_client_socket_nss.cc (revision 134551)
+++ net/socket/ssl_client_socket_nss.cc (working copy)
@@ -1723,56 +1723,6 @@
UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
}
- PeerCertificateChain chain(nss_fd_);
- for (unsigned i = 1; i < chain.size(); i++) {
- if (strcmp(chain[i]->subjectName, "CN=meta") != 0)
- continue;
-
- base::StringPiece leaf_der(
- reinterpret_cast<char*>(server_cert_nss_->derCert.data),
- server_cert_nss_->derCert.len);
- base::StringPiece leaf_spki;
- if (!asn1::ExtractSPKIFromDERCert(leaf_der, &leaf_spki))
- break;
-
- static SECOidTag side_data_tag;
- static bool side_data_tag_valid;
- if (!side_data_tag_valid) {
- // It's harmless if multiple threads enter this block concurrently.
- static const uint8 kSideDataOID[] =
- // 1.3.6.1.4.1.11129.2.1.4
- // (iso.org.dod.internet.private.enterprises.google.googleSecurity.
- // certificateExtensions.sideData)
- {0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x05};
- SECOidData oid_data;
- memset(&oid_data, 0, sizeof(oid_data));
- oid_data.oid.data = const_cast<uint8*>(kSideDataOID);
- oid_data.oid.len = sizeof(kSideDataOID);
- oid_data.desc = "Certificate side data";
- oid_data.supportedExtension = SUPPORTED_CERT_EXTENSION;
- side_data_tag = SECOID_AddEntry(&oid_data);
- DCHECK_NE(SEC_OID_UNKNOWN, side_data_tag);
- side_data_tag_valid = true;
- }
-
- SECItem side_data_item;
- SECStatus rv = CERT_FindCertExtension(chain[i],
- side_data_tag, &side_data_item);
- if (rv != SECSuccess)
- continue;
-
- base::StringPiece side_data(
- reinterpret_cast<char*>(side_data_item.data),
- side_data_item.len);
-
- if (!TransportSecurityState::ParseSidePin(
- leaf_spki, side_data, &side_pinned_public_keys_)) {
- LOG(WARNING) << "Side pinning data failed to parse: "
- << host_and_port_.host();
- }
- break;
- }
-
// We used to remember the intermediate CA certs in the NSS database
// persistently. However, NSS opens a connection to the SQLite database
// during NSS initialization and doesn't close the connection until NSS
« no previous file with comments | « net/base/x509_cert_types.h ('k') | net/socket_stream/socket_stream.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698