diff options
| author | dimich@chromium.org <dimich@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-06 23:09:00 +0000 |
|---|---|---|
| committer | dimich@chromium.org <dimich@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-06 23:09:00 +0000 |
| commit | 9aa1ebb737c8d3410985aff86f2bf3aaf15be4f4 (patch) | |
| tree | cd82003552ccf38c27c93822c5e7e4fe4f8f6af4 /net/socket | |
| parent | a837f5e323ba9449f8733c5e77e4de42529600e2 (diff) | |
| download | chromium_src-9aa1ebb737c8d3410985aff86f2bf3aaf15be4f4.zip chromium_src-9aa1ebb737c8d3410985aff86f2bf3aaf15be4f4.tar.gz chromium_src-9aa1ebb737c8d3410985aff86f2bf3aaf15be4f4.tar.bz2 | |
Revert 150124 - Implement SHA-256 fingerprint support.
The HTTP-based Public Key Pinning Internet Draft
(tools.ietf.org/html/draft-ietf-websec-key-pinning) requires this.
Per wtc, give the *Fingeprint* types more meaningful *HashValue* names.
Cleaning up lint along the way.
This CL reverts 149268, which reverted 149261 the previous version of this
CL. It includes a fix to the compile problem that necessitated 149268.
BUG=117914
TEST=net_unittests, unit_tests TransportSecurityPersisterTest
Review URL: https://chromiumcodereview.appspot.com/10836062
TBR=palmer@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10836120
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@150166 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 16 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.h | 2 |
2 files changed, 7 insertions, 11 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index f0fa173..21089d5 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -131,8 +131,8 @@ static bool IsOCSPStaplingSupported() { #elif defined(USE_NSS) typedef SECStatus (*CacheOCSPResponseFromSideChannelFunction)( - CERTCertDBHandle* handle, CERTCertificate* cert, PRTime time, - SECItem* encodedResponse, void* pwArg); + CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time, + SECItem *encodedResponse, void *pwArg); // On Linux, we dynamically link against the system version of libnss3.so. In // order to continue working on systems without up-to-date versions of NSS we @@ -2763,14 +2763,10 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { ssl_info->connection_status = core_->state().ssl_connection_status; ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; - // TODO(palmer) TODO(agl): Do side pins need to be in both SHA1 and SHA256 - // forms? If consumers of side pins only care about SHA1, it is OK to put - // them only in the HASH_VALUE_SHA1 vector. - HashValueVector& sha1_hashes = - ssl_info->public_key_hashes[HASH_VALUE_SHA1]; - for (HashValueVector::const_iterator i = side_pinned_public_keys_.begin(); - i != side_pinned_public_keys_.end(); ++i) { - sha1_hashes.push_back(*i); + for (std::vector<SHA1Fingerprint>::const_iterator + i = side_pinned_public_keys_.begin(); + i != side_pinned_public_keys_.end(); i++) { + ssl_info->public_key_hashes.push_back(*i); } ssl_info->is_issued_by_known_root = server_cert_verify_result_.is_issued_by_known_root; diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index f8f602f..ba34a2c 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -157,7 +157,7 @@ class SSLClientSocketNSS : public SSLClientSocket { CompletionCallback user_connect_callback_; CertVerifyResult server_cert_verify_result_; - HashValueVector side_pinned_public_keys_; + std::vector<SHA1Fingerprint> side_pinned_public_keys_; CertVerifier* const cert_verifier_; scoped_ptr<SingleRequestCertVerifier> verifier_; |