diff options
| author | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-07 04:19:02 +0000 |
|---|---|---|
| committer | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-07 04:19:02 +0000 |
| commit | c1d10a389f07e7cf1274cb4c053e5cee0bda095a (patch) | |
| tree | d6b394ed5f037c6503246f215beb363a60b8df6f /net/base/x509_certificate_nss.cc | |
| parent | cd0ccf6d83d4d8d9ce0db736a0bc1ac2b366d4a3 (diff) | |
| download | chromium_src-c1d10a389f07e7cf1274cb4c053e5cee0bda095a.zip chromium_src-c1d10a389f07e7cf1274cb4c053e5cee0bda095a.tar.gz chromium_src-c1d10a389f07e7cf1274cb4c053e5cee0bda095a.tar.bz2 | |
Fix build break with uninitialized variable 'ev_policy_tag'.
Fix some last nits in codereview.chromium.org/119026
TBR=wtc
BUG=10911
TEST=none
Review URL: http://codereview.chromium.org/165117
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22720 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/x509_certificate_nss.cc')
| -rw-r--r-- | net/base/x509_certificate_nss.cc | 19 |
1 files changed, 9 insertions, 10 deletions
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc index 4422aee..89a61f4 100644 --- a/net/base/x509_certificate_nss.cc +++ b/net/base/x509_certificate_nss.cc @@ -319,7 +319,7 @@ void GetCertSubjectAltNamesOfType(X509Certificate::OSCertHandle cert_handle, PORT_Free(alt_name.data); } -// TODO(ukai): make a Linux-only method of the EVRootCAMetadata. +// TODO(ukai): this should be a Linux-only method of EVRootCAMetadata class. void GetPolicyOidTags(net::EVRootCAMetadata* metadata, std::vector<SECOidTag>* policies) { const char* const* policy_oids = metadata->GetPolicyOIDs(); @@ -353,7 +353,8 @@ void GetPolicyOidTags(net::EVRootCAMetadata* metadata, // Call CERT_PKIXVerifyCert for the cert_handle. // Verification results are stored in an array of CERTValOutParam. -// If metadata is not NULL, policies are also checked. +// If policy_oids is not NULL and num_policy_oids is positive, policies +// are also checked. // Caller must initialize cvout before calling this function. SECStatus PKIXVerifyCert(X509Certificate::OSCertHandle cert_handle, const SECOidTag* policy_oids, @@ -460,7 +461,7 @@ bool CheckCertPolicies(X509Certificate::OSCertHandle cert_handle, CERTPolicyInfo** policy_infos = policies->policyInfos; while (*policy_infos != NULL) { CERTPolicyInfo* policy_info = *policy_infos++; - SECOidTag oid_tag = SECOID_FindOIDTag(&policy_info->policyID); + SECOidTag oid_tag = policy_info->oid; if (oid_tag == SEC_OID_UNKNOWN) continue; if (oid_tag == ev_policy_tag) @@ -560,15 +561,13 @@ int X509Certificate::Verify(const std::string& hostname, if (IsCertStatusError(verify_result->cert_status)) return MapCertStatusToNetError(verify_result->cert_status); - if (flags & VERIFY_EV_CERT) { - if (VerifyEV()) - verify_result->cert_status |= CERT_STATUS_IS_EV; - } + if ((flags & VERIFY_EV_CERT) && VerifyEV()) + verify_result->cert_status |= CERT_STATUS_IS_EV; return OK; } -// Studied Mozilla's code (esp. security/manager/ssl/src/nsNSSCertHelper.cpp) -// to learn how to verify EV certificate. +// Studied Mozilla's code (esp. security/manager/ssl/src/nsIdentityChecking.cpp +// and nsNSSCertHelper.cpp) to learn how to verify EV certificate. // TODO(wtc): We may be able to request cert_po_policyOID and just // check if any of the returned policies is the EV policy of the trust anchor. // Another possible optimization is that we get the trust anchor from @@ -601,7 +600,7 @@ bool X509Certificate::VerifyEV() const { return false; X509Certificate::Fingerprint fingerprint = X509Certificate::CalculateFingerprint(root_ca); - SECOidTag ev_policy_tag; + SECOidTag ev_policy_tag = SEC_OID_UNKNOWN; if (!GetEvPolicyOidTag(metadata, fingerprint, &ev_policy_tag)) return false; |