diff options
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 11 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 12 |
2 files changed, 3 insertions, 20 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index abd7524..6186bc2 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -3052,18 +3052,9 @@ int SSLClientSocketNSS::DoVerifyCert(int result) { start_cert_verification_time_ = base::TimeTicks::Now(); - int flags = 0; - if (ssl_config_.rev_checking_enabled) - flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; - if (ssl_config_.verify_ev_cert) - flags |= CertVerifier::VERIFY_EV_CERT; - if (ssl_config_.cert_io_enabled) - flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; - if (ssl_config_.rev_checking_required_local_anchors) - flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; return cert_verifier_->Verify( core_->state().server_cert.get(), host_and_port_.host(), - core_->state().stapled_ocsp_response, flags, + core_->state().stapled_ocsp_response, ssl_config_.GetCertVerifyFlags(), SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, base::Unretained(this)), diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index e2a53ff..3ff1edf 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -1111,17 +1111,9 @@ int SSLClientSocketOpenSSL::DoVerifyCert(int result) { start_cert_verification_time_ = base::TimeTicks::Now(); - int flags = 0; - if (ssl_config_.rev_checking_enabled) - flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; - if (ssl_config_.verify_ev_cert) - flags |= CertVerifier::VERIFY_EV_CERT; - if (ssl_config_.cert_io_enabled) - flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; - if (ssl_config_.rev_checking_required_local_anchors) - flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; return cert_verifier_->Verify( - server_cert_.get(), host_and_port_.host(), ocsp_response, flags, + server_cert_.get(), host_and_port_.host(), ocsp_response, + ssl_config_.GetCertVerifyFlags(), // TODO(davidben): Route the CRLSet through SSLConfig so // SSLClientSocket doesn't depend on SSLConfigService. SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, |