net/base/crl_set.cc - Issue 9699043: net: fallback to online revocation checks for EV status when CRLSet has expired.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/crl_set.cc

Issue 9699043: net: fallback to online revocation checks for EV status when CRLSet has expired. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: ... Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/crl_set.cc

diff --git a/net/base/crl_set.cc b/net/base/crl_set.cc

index 0818a22aa0436909e4c4adfbc7bfe1fcb25dcc9a..76d6bc36235e7c9021a1ad5c823b4742fa40fc1c 100644

--- a/net/base/crl_set.cc

+++ b/net/base/crl_set.cc

@@ -540,22 +540,6 @@ CRLSet::Result CRLSet::CheckSPKI(const base::StringPiece& spki_hash) const {

CRLSet::Result CRLSet::CheckSerial(

const base::StringPiece& serial_number,

const base::StringPiece& issuer_spki_hash) const {

- Result result = CheckSerialIsRevoked(serial_number, issuer_spki_hash);

- // If we get a revoked signal then we return that no matter how old the

- // CRLSet is.

- if (result == REVOKED)

- return result;

- if (not_after_ > 0) {

- uint64 now = base::Time::Now().ToTimeT();

- if (now > not_after_)

- return CRL_SET_EXPIRED;

- }

- return result;

-CRLSet::Result CRLSet::CheckSerialIsRevoked(

- const base::StringPiece& serial_number,

- const base::StringPiece& issuer_spki_hash) const {

base::StringPiece serial(serial_number);

if (!serial.empty() && (serial[0] & 0x80) != 0) {

@@ -583,6 +567,14 @@ CRLSet::Result CRLSet::CheckSerialIsRevoked(

return GOOD;

}

+bool CRLSet::IsExpired() const {

+ if (not_after_ == 0)

Ryan Sleevi 2012/03/16 00:50:52 is 0 some magic value for "never expires" ? I noti

agl 2012/03/20 20:02:19 Yes, this is for backwards compatibility was CRLSe

+ return false;

+ uint64 now = base::Time::Now().ToTimeT();

+ return now > not_after_;

uint32 CRLSet::sequence() const {

return sequence_;

}

@@ -591,4 +583,15 @@ const CRLSet::CRLList& CRLSet::crls() const {

return crls_;

}

+// static

+CRLSet* CRLSet::EmptyCRLSetForTesting() {

+ return new CRLSet;

+CRLSet* CRLSet::ExpiredCRLSetForTesting() {

+ CRLSet* crl_set = new CRLSet;

+ crl_set->not_after_ = 1;

+ return crl_set;

} // namespace net

« net/base/crl_set.h ('K') | « net/base/crl_set.h ('k') | net/base/crl_set_unittest.cc » ('j') | net/base/x509_certificate.cc » ('J')