diff options
Diffstat (limited to 'net/base')
-rw-r--r-- | net/base/x509_certificate_openssl.cc | 16 | ||||
-rw-r--r-- | net/base/x509_certificate_unittest.cc | 2 |
2 files changed, 17 insertions, 1 deletions
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc index cd3fba7..6e82300 100644 --- a/net/base/x509_certificate_openssl.cc +++ b/net/base/x509_certificate_openssl.cc @@ -310,6 +310,17 @@ void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { void X509Certificate::Initialize() { base::EnsureOpenSSLInit(); fingerprint_ = CalculateFingerprint(cert_handle_); + + ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); + if (num) { + serial_number_ = std::string( + reinterpret_cast<char*>(num->data), + num->length); + // Remove leading zeros. + while (serial_number_.size() > 1 && serial_number_[0] == 0) + serial_number_ = serial_number_.substr(1, serial_number_.size() - 1); + } + ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_); ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_); nxou::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_); @@ -420,6 +431,11 @@ int X509Certificate::Verify(const std::string& hostname, CertVerifyResult* verify_result) const { verify_result->Reset(); + if (IsBlacklisted()) { + verify_result->cert_status |= CERT_STATUS_REVOKED; + return ERR_CERT_REVOKED; + } + // TODO(joth): We should fetch the subjectAltNames directly rather than via // GetDNSNames, so we can apply special handling for IP addresses vs DNS // names, etc. See http://crbug.com/62973. diff --git a/net/base/x509_certificate_unittest.cc b/net/base/x509_certificate_unittest.cc index 5572630..f8ededc 100644 --- a/net/base/x509_certificate_unittest.cc +++ b/net/base/x509_certificate_unittest.cc @@ -383,7 +383,7 @@ TEST(X509CertificateTest, PaypalNullCertParsing) { &verify_result); #if defined(USE_OPENSSL) || defined(OS_MACOSX) || defined(OS_WIN) // TOOD(bulach): investigate why macosx and win aren't returning - // ERR_CERT_INVALID. + // ERR_CERT_INVALID or ERR_CERT_COMMON_NAME_INVALID. EXPECT_EQ(ERR_CERT_AUTHORITY_INVALID, error); #else EXPECT_EQ(ERR_CERT_COMMON_NAME_INVALID, error); |