diff options
| author | bulach@chromium.org <bulach@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-21 11:00:56 +0000 |
|---|---|---|
| committer | bulach@chromium.org <bulach@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-21 11:00:56 +0000 |
| commit | 36d086db68f73c439e594d22d3276cb1a0eae4f6 (patch) | |
| tree | 6c7262e60cfa777f72e51b1210decb109e2347fd /net/base | |
| parent | 7a29b34c138135c001d2c0259d938429c43b691d (diff) | |
| download | chromium_src-36d086db68f73c439e594d22d3276cb1a0eae4f6.zip chromium_src-36d086db68f73c439e594d22d3276cb1a0eae4f6.tar.gz chromium_src-36d086db68f73c439e594d22d3276cb1a0eae4f6.tar.bz2 | |
Fixes X509CertificateTest.SerialNumbers for USE_OPENSSL.
(followup on r78478)
BUG=none
TEST=X509CertificateTest.SerialNumbers
Review URL: http://codereview.chromium.org/6708027
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78869 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/x509_certificate_openssl.cc | 16 | ||||
| -rw-r--r-- | net/base/x509_certificate_unittest.cc | 2 |
2 files changed, 17 insertions, 1 deletions
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc index cd3fba7..6e82300 100644 --- a/net/base/x509_certificate_openssl.cc +++ b/net/base/x509_certificate_openssl.cc @@ -310,6 +310,17 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { void X509Certificate::Initialize() { base::EnsureOpenSSLInit(); fingerprint_ = CalculateFingerprint(cert_handle_); + + ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); + if (num) { + serial_number_ = std::string( + reinterpret_cast<char*>(num->data), + num->length); + // Remove leading zeros. + while (serial_number_.size() > 1 && serial_number_[0] == 0) + serial_number_ = serial_number_.substr(1, serial_number_.size() - 1); + } + ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); nxou::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); @@ -420,6 +431,11 @@ int X509Certificate::Verify(const std::string& hostname, CertVerifyResult* verify_result) const { verify_result->Reset(); + if (IsBlacklisted()) { + verify_result->cert_status |= CERT_STATUS_REVOKED; + return ERR_CERT_REVOKED; + } + // TODO(joth): We should fetch the subjectAltNames directly rather than via // GetDNSNames, so we can apply special handling for IP addresses vs DNS // names, etc. See http://crbug.com/62973. diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index 5572630..f8ededc 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -383,7 +383,7 @@ TEST(X509CertificateTest, PaypalNullCertParsing) { &verify_result); #if defined(USE_OPENSSL) || defined(OS_MACOSX) || defined(OS_WIN) // TOOD(bulach): investigate why macosx and win aren't returning - // ERR_CERT_INVALID. + // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID. EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); #else EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |