diff options
| author | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-23 06:35:05 +0000 |
|---|---|---|
| committer | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-23 06:35:05 +0000 |
| commit | f6555adcd5160d011ea1dc613fa0387dcddd0b6b (patch) | |
| tree | 4020b1afb10822b10da786a4ef8f8522c7e9b0d2 /chrome | |
| parent | 36a784c511d467509d9a70a76b0865f60380ec37 (diff) | |
| download | chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.zip chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.gz chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.bz2 | |
Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().
If LOAD_VERIFY_EV_CERT is requested on load_flags
and revokation checking is performed, Verify() peforms
EV certificate verification as well, and sets
CERT_STATUS_IS_EV in verify_result.
Eliminate X509Certificate::IsEV()
BUG=3592
TEST=net_unittests with ALLOW_EXTERNAL_ACCESS=1, \
visit https://www.thawte.com/ and shows EV info.
Review URL: http://codereview.chromium.org/125120
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19011 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome')
| -rw-r--r-- | chrome/browser/renderer_host/resource_dispatcher_host.cc | 15 |
1 files changed, 4 insertions, 11 deletions
diff --git a/chrome/browser/renderer_host/resource_dispatcher_host.cc b/chrome/browser/renderer_host/resource_dispatcher_host.cc index 68e9a47..8eb41af 100644 --- a/chrome/browser/renderer_host/resource_dispatcher_host.cc +++ b/chrome/browser/renderer_host/resource_dispatcher_host.cc @@ -333,6 +333,9 @@ void ResourceDispatcherHost::BeginRequest( request->set_referrer(request_data.referrer.spec()); request->SetExtraRequestHeaders(request_data.headers); int load_flags = request_data.load_flags; + // EV certificate verification could be expensive. We don't want to spend + // time performing EV certificate verification on all resources because + // EV status is irrelevant to sub-frames and sub-resources. if (request_data.resource_type == ResourceType::MAIN_FRAME) load_flags |= net::LOAD_VERIFY_EV_CERT; request->set_load_flags(load_flags); @@ -927,19 +930,9 @@ bool ResourceDispatcherHost::CompleteResponseStarted(URLRequest* request) { CertStore::GetSharedInstance()->StoreCert( request->ssl_info().cert, info->process_id); - int cert_status = request->ssl_info().cert_status; - // EV certificate verification could be expensive. We don't want to spend - // time performing EV certificate verification on all resources because - // EV status is irrelevant to sub-frames and sub-resources. So we call - // IsEV here rather than in the network layer because the network layer - // doesn't know the resource type. - if (info->resource_type == ResourceType::MAIN_FRAME && - request->ssl_info().cert->IsEV(cert_status)) - cert_status |= net::CERT_STATUS_IS_EV; - response->response_head.security_info = SSLManager::SerializeSecurityInfo(cert_id, - cert_status, + request->ssl_info().cert_status, request->ssl_info().security_bits); } else { // We should not have any SSL state. |