Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().

If LOAD_VERIFY_EV_CERT is requested on load_flags and revokation checking is performed, Verify() peforms EV certificate verification as well, and sets CERT_STATUS_IS_EV in verify_result. Eliminate X509Certificate::IsEV() BUG=3592 TEST=net_unittests with ALLOW_EXTERNAL_ACCESS=1, \ visit https://www.thawte.com/ and shows EV info. Review URL: http://codereview.chromium.org/125120 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19011 0039d316-1c4b-4281-b951-d872f2087c98
author: ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-06-23 06:35:05 +0000
committer: ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-06-23 06:35:05 +0000
commit: f6555adcd5160d011ea1dc613fa0387dcddd0b6b (patch)
tree: 4020b1afb10822b10da786a4ef8f8522c7e9b0d2 /net/base/x509_certificate_nss.cc
parent: 36a784c511d467509d9a70a76b0865f60380ec37 (diff)
download: chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.zip
chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.gz
chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.bz2
1 files changed, 7 insertions, 2 deletions
diff --git a/net/base/x509_certificate_nss.cc b/net/base/x509_certificate_nss.cc
index 4954cfd..a33caa1 100644
--- a/net/base/x509_certificate_nss.cc
+++ b/net/base/x509_certificate_nss.cc
@@ -371,7 +371,7 @@ void X509Certificate::GetDNSNames(std::vector<std::string>* dns_names) const {
 // The problem is that we get segfault when unit tests is going to terminate
 // if PR_Cleanup is called in NSSInitSingleton destructor.
 int X509Certificate::Verify(const std::string& hostname,
-                            bool rev_checking_enabled,
+                            int flags,
                             CertVerifyResult* verify_result) const {
   verify_result->Reset();
 
@@ -391,6 +391,9 @@ int X509Certificate::Verify(const std::string& hostname,
   // OCSP mode would fail with SEC_ERROR_UNKNOWN_ISSUER.
   // We need to set up OCSP and install an HTTP client for NSS.
   bool use_ocsp = false;
+  // EV requires revocation checking.
+  if (!(flags & VERIFY_REV_CHECKING_ENABLED))
+    flags &= ~VERIFY_EV_CERT;
 
   // TODO(wtc): Use CERT_REV_M_REQUIRE_INFO_ON_MISSING_SOURCE and
   // CERT_REV_MI_REQUIRE_SOME_FRESH_INFO_AVAILABLE for EV certificate
@@ -477,11 +480,13 @@ int X509Certificate::Verify(const std::string& hostname,
                    verify_result);
   if (IsCertStatusError(verify_result->cert_status))
     return MapCertStatusToNetError(verify_result->cert_status);
+  if ((flags & VERIFY_EV_CERT) && VerifyEV())
+    verify_result->cert_status |= CERT_STATUS_IS_EV;
   return OK;
 }
 
 // TODO(port): Implement properly on Linux.
-bool X509Certificate::IsEV(int status) const {
+bool X509Certificate::VerifyEV() const {
   NOTIMPLEMENTED();
   return false;
 }
author	ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-06-23 06:35:05 +0000
committer	ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-06-23 06:35:05 +0000
commit	f6555adcd5160d011ea1dc613fa0387dcddd0b6b (patch)
tree	4020b1afb10822b10da786a4ef8f8522c7e9b0d2 /net/base/x509_certificate_nss.cc
parent	36a784c511d467509d9a70a76b0865f60380ec37 (diff)
download	chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.zip chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.gz chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.bz2