diff options
| author | joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-13 12:35:00 +0000 |
|---|---|---|
| committer | joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-13 12:35:00 +0000 |
| commit | 146cb7d13ce0b53c7516d87e0a08009adb47db55 (patch) | |
| tree | 654b24ba9598517f9c039c38c135deab4f00a2bf /net | |
| parent | 88de7c35c421ad1e3cd13492960255309504afe2 (diff) | |
| download | chromium_src-146cb7d13ce0b53c7516d87e0a08009adb47db55.zip chromium_src-146cb7d13ce0b53c7516d87e0a08009adb47db55.tar.gz chromium_src-146cb7d13ce0b53c7516d87e0a08009adb47db55.tar.bz2 | |
Fix openssl build
Tests ExtractSPKIFromDERCert & PublicKeyHashes are failing (you can see them here: http://goo.gl/Rc3OA )
Follow up to http://src.chromium.org/viewvc/chrome?view=rev&revision=81259
- implements GetDEREncoded for opensll
- adds public_key_hashes support in openssl X509Certificate::Verify
- small change to unit test to make it much easier to diagnose failures.
BUG=None
TEST=net_unittests --gtest_filter=X509Certificate*
Review URL: http://codereview.chromium.org/6826065
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81398 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/base/x509_certificate_openssl.cc | 29 | ||||
| -rw-r--r-- | net/base/x509_certificate_unittest.cc | 13 |
2 files changed, 34 insertions, 8 deletions
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc index 433ca0d..687cfb5 100644 --- a/net/base/x509_certificate_openssl.cc +++ b/net/base/x509_certificate_openssl.cc @@ -16,7 +16,9 @@ #include "base/memory/singleton.h" #include "base/openssl_util.h" #include "base/pickle.h" +#include "base/sha1.h" #include "base/string_number_conversions.h" +#include "net/base/asn1_util.h" #include "net/base/cert_status_flags.h" #include "net/base/cert_verify_result.h" #include "net/base/net_errors.h" @@ -475,6 +477,25 @@ int X509Certificate::Verify(const std::string& hostname, if (IsCertStatusError(verify_result->cert_status)) return MapCertStatusToNetError(verify_result->cert_status); + STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(ctx.get()); + for (int i = 0; i < sk_X509_num(chain); ++i) { + X509* cert = sk_X509_value(chain, i); + DERCache der_cache; + if (!GetDERAndCacheIfNeeded(cert, &der_cache)) + continue; + + base::StringPiece der_bytes(reinterpret_cast<const char*>(der_cache.data), + der_cache.data_length); + base::StringPiece spki_bytes; + if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) + continue; + + SHA1Fingerprint hash; + base::SHA1HashBytes(reinterpret_cast<const uint8*>(spki_bytes.data()), + spki_bytes.size(), hash.data); + verify_result->public_key_hashes.push_back(hash); + } + // Currently we only ues OpenSSL's default root CA paths, so treat all // correctly verified certs as being from a known root. TODO(joth): if the // motivations described in http://src.chromium.org/viewvc/chrome?view=rev&revision=80778 @@ -486,8 +507,12 @@ int X509Certificate::Verify(const std::string& hostname, } bool X509Certificate::GetDEREncoded(std::string* encoded) { - // TODO(port): Implement. - return false; + DERCache der_cache; + if (!GetDERAndCacheIfNeeded(cert_handle_, &der_cache)) + return false; + encoded->assign(reinterpret_cast<const char*>(der_cache.data), + der_cache.data_length); + return true; } // static diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index 47a931a..e7f924f 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -8,6 +8,7 @@ #include "base/path_service.h" #include "base/pickle.h" #include "base/sha1.h" +#include "base/string_number_conversions.h" #include "base/string_split.h" #include "net/base/asn1_util.h" #include "net/base/cert_status_flags.h" @@ -30,6 +31,8 @@ #define TEST_EV 1 // Test CERT_STATUS_IS_EV #endif +using base::HexEncode; +using base::SHA1_LENGTH; using base::Time; namespace net { @@ -566,12 +569,10 @@ TEST(X509CertificateTest, PublicKeyHashes) { EXPECT_EQ(OK, error); EXPECT_EQ(0, verify_result.cert_status); ASSERT_LE(2u, verify_result.public_key_hashes.size()); - EXPECT_TRUE(0 == memcmp(verify_result.public_key_hashes[0].data, - nistSPKIHash, base::SHA1_LENGTH)); - EXPECT_TRUE(0 == memcmp(verify_result.public_key_hashes[1].data, - "\x83\x24\x42\x23\xd6\xcb\xf0\xa2\x6f\xc7" - "\xde\x27\xce\xbc\xa4\xbd\xa3\x26\x12\xad", - base::SHA1_LENGTH)); + EXPECT_EQ(HexEncode(nistSPKIHash, base::SHA1_LENGTH), + HexEncode(verify_result.public_key_hashes[0].data, SHA1_LENGTH)); + EXPECT_EQ("83244223D6CBF0A26FC7DE27CEBCA4BDA32612AD", + HexEncode(verify_result.public_key_hashes[1].data, SHA1_LENGTH)); TestRootCerts::GetInstance()->Clear(); } |