net: Plumb DnsCertProvenanceChecker around.

(Reland of r66623, reverted in r66687 due to Chrome Frame linking issues.) git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66970 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-11-22 18:11:47 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-11-22 18:11:47 +0000
commit: 62426e79edb8654e1f748d2b7c1dc8d20ccce151 (patch)
tree: ea443957e5abc6abaddf4f110e548699f2104ce2 /net/socket/ssl_client_socket_nss.cc
parent: 9563e809698634800ed283bf9222538f1a9886cf (diff)
download: chromium_src-62426e79edb8654e1f748d2b7c1dc8d20ccce151.zip
chromium_src-62426e79edb8654e1f748d2b7c1dc8d20ccce151.tar.gz
chromium_src-62426e79edb8654e1f748d2b7c1dc8d20ccce151.tar.bz2
1 files changed, 10 insertions, 3 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index cefe630..b9c6dff 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -87,7 +87,7 @@
 #include "net/base/sys_addrinfo.h"
 #include "net/ocsp/nss_ocsp.h"
 #include "net/socket/client_socket_handle.h"
-#include "net/socket/dns_cert_provenance_check.h"
+#include "net/socket/dns_cert_provenance_checker.h"
 #include "net/socket/ssl_error_params.h"
 #include "net/socket/ssl_host_info.h"
 
@@ -405,7 +405,7 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
                                        const HostPortPair& host_and_port,
                                        const SSLConfig& ssl_config,
                                        SSLHostInfo* ssl_host_info,
-                                       DnsRRResolver* dnsrr_resolver)
+                                       DnsCertProvenanceChecker* dns_ctx)
     : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_(
           this, &SSLClientSocketNSS::BufferSendComplete)),
       ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_(
@@ -441,7 +441,7 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
       predicted_npn_status_(kNextProtoUnsupported),
       predicted_npn_proto_used_(false),
       ssl_host_info_(ssl_host_info),
-      dnsrr_resolver_(dnsrr_resolver) {
+      dns_cert_checker_(dns_ctx) {
   EnterFunction("");
 }
 
@@ -2354,6 +2354,13 @@ static DNSValidationResult CheckDNSSECChain(
 }
 
 int SSLClientSocketNSS::DoVerifyDNSSEC(int result) {
+  if (ssl_config_.dns_cert_provenance_checking_enabled &&
+      dns_cert_checker_) {
+    PeerCertificateChain certs(nss_fd_);
+    dns_cert_checker_->DoAsyncVerification(
+        host_and_port_.host(), certs.AsStringPieceVector());
+  }
+
   if (ssl_config_.dnssec_enabled) {
     DNSValidationResult r = CheckDNSSECChain(host_and_port_.host(),
                                              server_cert_nss_);
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-11-22 18:11:47 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-11-22 18:11:47 +0000
commit	62426e79edb8654e1f748d2b7c1dc8d20ccce151 (patch)
tree	ea443957e5abc6abaddf4f110e548699f2104ce2 /net/socket/ssl_client_socket_nss.cc
parent	9563e809698634800ed283bf9222538f1a9886cf (diff)
download	chromium_src-62426e79edb8654e1f748d2b7c1dc8d20ccce151.zip chromium_src-62426e79edb8654e1f748d2b7c1dc8d20ccce151.tar.gz chromium_src-62426e79edb8654e1f748d2b7c1dc8d20ccce151.tar.bz2