net: add DNSSEC tool and CNAME support.

This change adds support for DNSSEC chains with CNAMEs. I.e. it's not possible to prove records about $domain where $domain is a CNAME. It also adds a tiny, standalone tool to run the verification code from the command line. BUG=none TEST=net_unittests http://codereview.chromium.org/3301015/show git-svn-id: svn://svn.chromium.org/chrome/trunk/src@58986 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-09-09 20:13:23 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2010-09-09 20:13:23 +0000
commit: b40f05a835ecd5ff30e7f87a89837eee059bfadc (patch)
tree: 6099b52325283e33e1a79892b9646d12cb0da7f5 /net/socket
parent: cf59e2dae675b777ce193268ec4040de63e4b4f1 (diff)
download: chromium_src-b40f05a835ecd5ff30e7f87a89837eee059bfadc.zip
chromium_src-b40f05a835ecd5ff30e7f87a89837eee059bfadc.tar.gz
chromium_src-b40f05a835ecd5ff30e7f87a89837eee059bfadc.tar.bz2
1 files changed, 5 insertions, 5 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 5da49cf..f9f36af 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1613,14 +1613,14 @@ static DNSValidationResult VerifyTXTRecords(
     SECStatus rv;
 
     j = m.find("hr");
-    if (j == m.end() || j->second == "cert") {
-      rv = HASH_HashBuf(hash_algorithm, calculated_hash,
-                        server_cert_nss->derCert.data,
-                        server_cert_nss->derCert.len);
-    } else if (j->second == "pubkey") {
+    if (j == m.end() || j->second == "pubkey") {
       rv = HASH_HashBuf(hash_algorithm, calculated_hash,
                         server_cert_nss->derPublicKey.data,
                         server_cert_nss->derPublicKey.len);
+    } else if (j->second == "cert") {
+      rv = HASH_HashBuf(hash_algorithm, calculated_hash,
+                        server_cert_nss->derCert.data,
+                        server_cert_nss->derCert.len);
     } else {
       continue;
     }
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-09-09 20:13:23 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2010-09-09 20:13:23 +0000
commit	b40f05a835ecd5ff30e7f87a89837eee059bfadc (patch)
tree	6099b52325283e33e1a79892b9646d12cb0da7f5 /net/socket
parent	cf59e2dae675b777ce193268ec4040de63e4b4f1 (diff)
download	chromium_src-b40f05a835ecd5ff30e7f87a89837eee059bfadc.zip chromium_src-b40f05a835ecd5ff30e7f87a89837eee059bfadc.tar.gz chromium_src-b40f05a835ecd5ff30e7f87a89837eee059bfadc.tar.bz2