summaryrefslogtreecommitdiffstats
path: root/net/socket/ssl_client_socket_nss.cc
diff options
context:
space:
mode:
authorpalmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-05-01 19:39:48 +0000
committerpalmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-05-01 19:39:48 +0000
commitf43b89f30c817107bc595f45098d908f84bf9baa (patch)
tree9b606ccecd8b30b1f72c52576c2cb034bb6c7244 /net/socket/ssl_client_socket_nss.cc
parent9eedb4825fd27cec7086f9be09a08eb8248ca868 (diff)
downloadchromium_src-f43b89f30c817107bc595f45098d908f84bf9baa.zip
chromium_src-f43b89f30c817107bc595f45098d908f84bf9baa.tar.gz
chromium_src-f43b89f30c817107bc595f45098d908f84bf9baa.tar.bz2
Refactor TransportSecurityState.
Do some minor "gcl lint" cleanup while here. BUG=113280, 120373 TEST=net_unittests, browser_tests, unit_tests TransportSecurityPersisterTest.* Review URL: http://codereview.chromium.org/9415040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@134754 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket_nss.cc')
-rw-r--r--net/socket/ssl_client_socket_nss.cc50
1 files changed, 0 insertions, 50 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 37f9566..bd7b8e9c 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1723,56 +1723,6 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
}
- PeerCertificateChain chain(nss_fd_);
- for (unsigned i = 1; i < chain.size(); i++) {
- if (strcmp(chain[i]->subjectName, "CN=meta") != 0)
- continue;
-
- base::StringPiece leaf_der(
- reinterpret_cast<char*>(server_cert_nss_->derCert.data),
- server_cert_nss_->derCert.len);
- base::StringPiece leaf_spki;
- if (!asn1::ExtractSPKIFromDERCert(leaf_der, &leaf_spki))
- break;
-
- static SECOidTag side_data_tag;
- static bool side_data_tag_valid;
- if (!side_data_tag_valid) {
- // It's harmless if multiple threads enter this block concurrently.
- static const uint8 kSideDataOID[] =
- // 1.3.6.1.4.1.11129.2.1.4
- // (iso.org.dod.internet.private.enterprises.google.googleSecurity.
- // certificateExtensions.sideData)
- {0x2b, 0x06, 0x01, 0x04, 0x01, 0xd6, 0x79, 0x02, 0x01, 0x05};
- SECOidData oid_data;
- memset(&oid_data, 0, sizeof(oid_data));
- oid_data.oid.data = const_cast<uint8*>(kSideDataOID);
- oid_data.oid.len = sizeof(kSideDataOID);
- oid_data.desc = "Certificate side data";
- oid_data.supportedExtension = SUPPORTED_CERT_EXTENSION;
- side_data_tag = SECOID_AddEntry(&oid_data);
- DCHECK_NE(SEC_OID_UNKNOWN, side_data_tag);
- side_data_tag_valid = true;
- }
-
- SECItem side_data_item;
- SECStatus rv = CERT_FindCertExtension(chain[i],
- side_data_tag, &side_data_item);
- if (rv != SECSuccess)
- continue;
-
- base::StringPiece side_data(
- reinterpret_cast<char*>(side_data_item.data),
- side_data_item.len);
-
- if (!TransportSecurityState::ParseSidePin(
- leaf_spki, side_data, &side_pinned_public_keys_)) {
- LOG(WARNING) << "Side pinning data failed to parse: "
- << host_and_port_.host();
- }
- break;
- }
-
// We used to remember the intermediate CA certs in the NSS database
// persistently. However, NSS opens a connection to the SQLite database
// during NSS initialization and doesn't close the connection until NSS
generated by cgit v1.1 at 2025-01-27 12:27:17 +0000