diff options
| author | ppi@chromium.org <ppi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-12-17 15:01:52 +0000 |
|---|---|---|
| committer | ppi@chromium.org <ppi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-12-17 15:01:52 +0000 |
| commit | 343da0347814993ca906da7017e072306ed7d22c (patch) | |
| tree | 71dfcf5dcb88d72eec24b3fb8642be2459cc98fd /net/base | |
| parent | 36e2f7dd1b0fcfc4b5a25d23b014c3ac41296cf8 (diff) | |
| download | chromium_src-343da0347814993ca906da7017e072306ed7d22c.zip chromium_src-343da0347814993ca906da7017e072306ed7d22c.tar.gz chromium_src-343da0347814993ca906da7017e072306ed7d22c.tar.bz2 | |
Fix a glitch in disentanglement of CertVerifyProc(OpenSSL/Android)
This refers to https://chromiumcodereview.appspot.com/11549033/, which separated OpenSSL/Android certificate verification routines.
As joth@chromium.org pointed out, the above erroneously omits hard-setting |issued_by_trusted_root| field of the result on Android. This patch fixes this omission.
BUG=147786
Review URL: https://chromiumcodereview.appspot.com/11570019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@173458 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/cert_verify_proc_android.cc | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/net/base/cert_verify_proc_android.cc b/net/base/cert_verify_proc_android.cc index 1bdbcef..a7b17e6 100644 --- a/net/base/cert_verify_proc_android.cc +++ b/net/base/cert_verify_proc_android.cc @@ -88,6 +88,16 @@ int CertVerifyProcAndroid::VerifyInternal(X509Certificate* cert, if (IsCertStatusError(verify_result->cert_status)) return MapCertStatusToNetError(verify_result->cert_status); + // TODO(ppi): Implement missing functionality: yielding the constructed trust + // chain, public key hashes of its certificates and |is_issued_by_known_root| + // flag. All of the above require specific support from the platform, missing + // in the Java APIs. See also: http://crbug.com/116838 + + // Until the required support is available in the platform, we don't know if + // the trust root at the end of the chain was standard or user-added, so we + // mark all correctly verified certificates as issued by a known root. + verify_result->is_issued_by_known_root = true; + return OK; } |