diff options
| author | rsleevi <rsleevi@chromium.org> | 2016-03-03 14:24:59 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-03 22:26:00 +0000 |
| commit | c45d7cce9017369c36ecbe3ed2d4567eea786f24 (patch) | |
| tree | f956c9db5066ffc4df967e23de0e3cc20b21c580 /chrome/browser/ui/webui/quota_internals/quota_internals_proxy.cc | |
| parent | 078436bd5a6b1b3ac15a56660d9e1442b462733d (diff) | |
| download | chromium_src-c45d7cce9017369c36ecbe3ed2d4567eea786f24.zip chromium_src-c45d7cce9017369c36ecbe3ed2d4567eea786f24.tar.gz chromium_src-c45d7cce9017369c36ecbe3ed2d4567eea786f24.tar.bz2 | |
Perform CRLSet evaluation during Path Building on NSS
When using NSS for certificate verification, add CRLSet checking by
injecting a revocation callback function which will examine the
CRLSet and reject the certificate. If the CRLSet does not
affirmatively reject it, continue invoking the originally supplied
application callback (such as the ChromeOS callback) and allow it
an opportunity to reject.
Because of how NSS caches virtually everything, horribly so, this
restructures the unittests to no longer depend on how the underlying
library will select the path (since with NSS, it's fundamentally
non-determistic), and instead tests that as long as a singular
certificate path is still valid and un-revoked, it can be discovered.
BUG=589336
TEST=CertVerifyProcTest.CRLSet*
Review URL: https://codereview.chromium.org/1724413002
Cr-Commit-Position: refs/heads/master@{#379113}
Diffstat (limited to 'chrome/browser/ui/webui/quota_internals/quota_internals_proxy.cc')
0 files changed, 0 insertions, 0 deletions