summaryrefslogtreecommitdiffstats
path: root/net/base/cert_verifier.cc
Commit message (Collapse)AuthorAgeFilesLines
* Make CertVerifier a pure virtual interface.rsleevi@chromium.org2012-03-211-490/+3
| | | | | | | | | | | | | The existing CertVerifier implementation has been renamed to MultiThreadedCertVerifier, consistent with ProxyResolver naming. This is patch 1 of N for http://crbug.com/114343 BUG=114343 TEST=Compiles and existing unittests pass. Review URL: https://chromiumcodereview.appspot.com/9476035 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@128090 0039d316-1c4b-4281-b951-d872f2087c98
* Have the HostCache and CertVerifier cache use the common ExpiringCache.rsleevi@chromium.org2012-02-251-79/+18
| | | | | | | | | BUG=114343 TEST=net_unittests:CertVerifier*, net_unittests:HostCache* Review URL: http://codereview.chromium.org/9436003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@123646 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 123565 - Broke the "ASAN Tests (1)" bot: ↵fischman@chromium.org2012-02-241-18/+79
| | | | | | | | | | | | | | | | | http://build.chromium.org/p/chromium.memory/buildstatus?builder=ASAN%20Tests%20%281%29&number=6260 Have the HostCache and CertVerifier cache use the common ExpiringCache. BUG=114343 TEST=net_unittests:CertVerifier*, net_unittests:HostCache* Review URL: http://codereview.chromium.org/9436003 TBR=rsleevi@chromium.org Review URL: https://chromiumcodereview.appspot.com/9463028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@123571 0039d316-1c4b-4281-b951-d872f2087c98
* Have the HostCache and CertVerifier cache use the common ExpiringCache.rsleevi@chromium.org2012-02-241-79/+18
| | | | | | | | | | BUG=114343 TEST=net_unittests:CertVerifier*, net_unittests:HostCache* Review URL: http://codereview.chromium.org/9436003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@123565 0039d316-1c4b-4281-b951-d872f2087c98
* Always log the SSL server certificate received and being verified.rsleevi@chromium.org2012-02-221-4/+3
| | | | | | | | | | | | Now that there is no passive NetLog interface, the overhead for always-logging is expected to be minimal. BUG=none TEST=none Review URL: http://codereview.chromium.org/9432018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@122987 0039d316-1c4b-4281-b951-d872f2087c98
* Do not hash the certificate twice.wtc@chromium.org2011-11-051-2/+4
| | | | | | | | | | | | | | | | | | Change X509Certificate::chain_fingerprint_ to X509Certificate::ca_fingerprint_ to exclude the certificate from this fingerprint. This fingerprint covers the intermediate CA certificates only. This requires identifying an X509Certificate object by two fingerprints: cert->fingerprint() and cert->ca_fingerprint(). R=agl@chromium.org,rsleevi@chromium.org BUG=101555 TEST=unit tests updated Review URL: http://codereview.chromium.org/8449004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108756 0039d316-1c4b-4281-b951-d872f2087c98
* Log the (server, to-be-verified) certificate chains to the NetLog when ↵rsleevi@chromium.org2011-11-041-1/+9
| | | | | | | | | | | logging bytes. BUG=91464 Review URL: http://codereview.chromium.org/8413072 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108615 0039d316-1c4b-4281-b951-d872f2087c98
* Fix the "certificate is not yet valid" error for server certificateswtc@chromium.org2011-10-291-2/+2
| | | | | | | | | | | | | | | | | | | | issued by a VeriSign intermediate CA. Change the CertVerifier cache to identify a certificate chain by the hash of the entire chain rather than just the server certificate. This requires adding X509Certificate::chain_fingerprint(), and the X509Certificate::CalculateChainFingerprint() method to compute the chain fingerprint. R=agl@chromium.org,rsleevi@chromium.org BUG=101555 TEST=X509CertificateTest.ChainFingerprints and CertVerifierTest.DifferentCACerts in net_unittests Review URL: http://codereview.chromium.org/8400075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107888 0039d316-1c4b-4281-b951-d872f2087c98
* net: enable CRL sets behind a command line flag.agl@chromium.org2011-10-251-4/+10
| | | | | | | | | | | | | | | | This change introduces a command line flag for enabling CRL sets while the serving side is still in development. It contains code for NSS (revocation checking will proceed as normal on other platforms). BUG=none TEST=none Review URL: http://codereview.chromium.org/8342054 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107131 0039d316-1c4b-4281-b951-d872f2087c98
* base::Bind conversion for trivial cases in net/base.adamk@chromium.org2011-10-201-4/+4
| | | | | | | | | R=willchan@chromium.org Review URL: http://codereview.chromium.org/8362011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@106633 0039d316-1c4b-4281-b951-d872f2087c98
* Add NetLog and histograms for CertVerifierwillchan@chromium.org2011-10-191-8/+47
| | | | | | | | | | | | Records the time required for certificate verification requests and jobs. Note that it doesn't work for SSLHostInfo. I'm too buzzed to figure that out right now. BUG=none TEST=none Review URL: http://codereview.chromium.org/8265004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@106222 0039d316-1c4b-4281-b951-d872f2087c98
* Convert the easy ones in net/base/ to using CompletionCallback.willchan@chromium.org2011-10-071-20/+21
| | | | | | | | | | BUG=98719 TEST=none Review URL: http://codereview.chromium.org/8139007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@104547 0039d316-1c4b-4281-b951-d872f2087c98
* Begin CompletionCallback switchover.willchan@chromium.org2011-10-011-5/+5
| | | | | | | | | | | | | Rename CompletionCallback to OldCompletionCallback in preparation for introducing a new CompletionCallback based on base::Callback. Also renames other CompletionCallback types like CancelableCompletionCallback and TestCompletionCallback and CompletionCallbackImpl. All using sed with s/CompletionCallback/OldCompletionCallback/g. BUG=98719 TEST=none Review URL: http://codereview.chromium.org/8070013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@103650 0039d316-1c4b-4281-b951-d872f2087c98
* Add the CertVerifier::set_max_cache_entries() method.wtc@chromium.org2011-08-231-9/+11
| | | | | | | | | | | | | | This allows the CertVerifierTest.FullCache test to use a small cache size and finish faster. R=rvargas@chromium.org BUG=88135 TEST=net_unittests --gtest_filter=CertVerifierTest.FullCache should not take a long time to finish. Review URL: http://codereview.chromium.org/7671036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97825 0039d316-1c4b-4281-b951-d872f2087c98
* some cleanup for base/stl_utildilmah@chromium.org2011-07-191-1/+1
| | | | | | | | | | | | | removed unused/irrelevant functions removed irrelevant comments Moved stl_util-inl.h => stl_util.h BUG=None TEST=None Review URL: http://codereview.chromium.org/7342047 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93110 0039d316-1c4b-4281-b951-d872f2087c98
* Fix a problem that cert trust change needs a chrome restart to be effective.xiyuan@chromium.org2011-04-131-2/+11
| | | | | | | | | | | | | | | This seems to be caused by CertVerifier's verification result cache. - Added a new OnCertTrustChanged to CertDatabase::Observer; - For NSS cert database, SetCertTrust triggers OnCertTrustChanged; - Clear CertVerifier's result cache when OnCertDatabaseChanged is fired; BUG=chromium-os:7988 TEST=Verify #2 issue in chromium-os:7988 where cert trust change only takes effect after chrome restart. Review URL: http://codereview.chromium.org/6816035 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81433 0039d316-1c4b-4281-b951-d872f2087c98
* The CertVerifierJob destructor should delete canceled requests.wtc@google.com2011-01-211-4/+20
| | | | | | | | | | | | | Add a job to inflight_ only after the job's worker has started successfully. R=agl BUG=63357,67289 TEST=net_unittests --gtest_filter=CertVerifierTest.CancelRequestThenQuit should not leak a CertVerifierRequest object under valgrind. Review URL: http://codereview.chromium.org/5973004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@72203 0039d316-1c4b-4281-b951-d872f2087c98
* Remove obsolete base/lock.h and fix up callers to use the new header file andbrettw@chromium.org2011-01-211-5/+5
| | | | | | | | | | | the base namespace. Fix several files including lock.h unnecessarily. BUG=none TEST=none Original review=http://codereview.chromium.org/6142009/ Patch by leviw@chromium.org git-svn-id: svn://svn.chromium.org/chrome/trunk/src@72106 0039d316-1c4b-4281-b951-d872f2087c98
* Move some misc thread-related stuff from base to base/thread and into the basebrettw@chromium.org2010-12-301-4/+4
| | | | | | | | | | namespace. This does not move the "hard" thread stuff (thread.h). TEST=it compiles BUG=none Review URL: http://codereview.chromium.org/6079009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70315 0039d316-1c4b-4281-b951-d872f2087c98
* Cache certificate verification results in memory.wtc@google.com2010-12-161-91/+414
| | | | | | | | | R=agl BUG=63357 TEST=none Review URL: http://codereview.chromium.org/5386001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69414 0039d316-1c4b-4281-b951-d872f2087c98
* Fix shutdown crash in CertVerifier by using a MessageLoopProxy.willchan@chromium.org2010-11-231-16/+19
| | | | | | | | | | | The CertVerifier is not getting Cancel()'d because something which owns it is getting leaked, most likely a URLRequestJob. Therefore, we can end up accessing a deleted MessageLoop on shutdown. MessageLoopProxy prevents accessing a deleted MessageLoop on shutdown, instead it just deletes the task, which isn't great, but it's better than crashing. We should fix the root cause eventually, which is a leak of the URLRequestJob. BUG=42275,chromium-os:8179 TEST=none Review URL: http://codereview.chromium.org/5347001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67172 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 65349 - Update CertVerifier to watch for the origin loop's ↵skerner@chromium.org2010-11-081-17/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | destruction, so that it doesn't crash if the SSLClientSocket is leaked. BUG=chromium-os:8179 TEST=None Linux browser tests are consistently failing. Example stack: SSLUITest.TestDisplaysInsecureContentTwoTabs: [11279:11279:1107/212311:929558354690:WARNING:chrome/installer/util/master_preferences.cc(56)] Failed to read master prefs file. [11279:11279:1107/212311:929558354814:ERROR:chrome/installer/util/master_preferences.cc(137)] Failed to parse /mnt/data/build/slave/Linux_Builder__Views_dbg_/build/src/out/Debug/master_preferences [11279:11279:1107/212311:929558672237:WARNING:views/widget/widget_gtk.cc(293)] compositing not supported; allowing anyway LEAK: 4 WebCoreNode [11279:11291:1107/212312:929559555051:FATAL:base/message_loop.cc(200)] Check failed: this == current(). Backtrace: base::debug::StackTrace::StackTrace() [0x124edb6] logging::LogMessage::~LogMessage() [0x126455b] MessageLoop::RemoveDestructionObserver() [0x126695d] net::CertVerifier::Request::Cancel() [0x1944eb5] net::CertVerifier::Request::~Request() [0x194505a] base::RefCountedThreadSafe<>::DeleteInternal() [0x194544c] base::DefaultRefCountedThreadSafeTraits<>::Destruct() [0x1945420] base::RefCountedThreadSafe<>::Release() [0x19452ec] RunnableMethodTraits<>::ReleaseCallee() [0x1945628] RunnableMethod<>::ReleaseCallee() [0x194559c] RunnableMethod<>::~RunnableMethod() [0x19454ce] (anonymous namespace)::WorkerThread::ThreadMain() [0x12c904f] ThreadFunc() [0x12860bf] start_thread [0x2afc1af6d9ca] 0x2afc1d5156fd [11279:11291:1107/212312:929559555051:FATAL:base/message_loop.cc(200)] Check failed: this == current(). Backtrace: base::debug::StackTrace::StackTrace() [0x124edb6] logging::LogMessage::~LogMessage() [0x126455b] MessageLoop::RemoveDestructionObserver() [0x126695d] net::CertVerifier::Request::Cancel() [0x1944eb5] net::CertVerifier::Request::~Request() [0x194505a] base::RefCountedThreadSafe<>::DeleteInternal() [0x194544c] base::DefaultRefCountedThreadSafeTraits<>::Destruct() [0x1945420] base::RefCountedThreadSafe<>::Release() [0x19452ec] RunnableMethodTraits<>::ReleaseCallee() [0x1945628] RunnableMethod<>::ReleaseCallee() [0x194559c] RunnableMethod<>::~RunnableMethod() [0x19454ce] (anonymous namespace)::WorkerThread::ThreadMain() [0x12c904f] ThreadFunc() [0x12860bf] start_thread [0x2afc1af6d9ca] 0x2afc1d5156fd Killed (timed out). Review URL: http://codereview.chromium.org/4299001 TBR=zork@chromium.org Review URL: http://codereview.chromium.org/4669003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65372 0039d316-1c4b-4281-b951-d872f2087c98
* Update CertVerifier to watch for the origin loop's destruction, so thatzork@chromium.org2010-11-081-2/+17
| | | | | | | | | | | it doesn't crash if the SSLClientSocket is leaked. BUG=chromium-os:8179 TEST=None Review URL: http://codereview.chromium.org/4299001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65349 0039d316-1c4b-4281-b951-d872f2087c98
* BSD port: USE_NSS and other macros instead of OS_LINUX where applicablepvalchev@google.com2010-01-291-2/+2
| | | | | | Review URL: http://codereview.chromium.org/556068 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37492 0039d316-1c4b-4281-b951-d872f2087c98
* Second patch in making destructors of refcounted objects private.jam@chromium.org2009-11-051-2/+4
| | | | | | | | BUG=26749 Review URL: http://codereview.chromium.org/368001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31165 0039d316-1c4b-4281-b951-d872f2087c98
* Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().ukai@chromium.org2009-06-231-8/+8
| | | | | | | | | | | | | | | | | If LOAD_VERIFY_EV_CERT is requested on load_flags and revokation checking is performed, Verify() peforms EV certificate verification as well, and sets CERT_STATUS_IS_EV in verify_result. Eliminate X509Certificate::IsEV() BUG=3592 TEST=net_unittests with ALLOW_EXTERNAL_ACCESS=1, \ visit https://www.thawte.com/ and shows EV info. Review URL: http://codereview.chromium.org/125120 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19011 0039d316-1c4b-4281-b951-d872f2087c98
* Detach verify thread from NSPR on linux.ukai@chromium.org2009-05-291-0/+14
| | | | | | | | | | | | | The threads in our thread pool terminate after we have called PR_Cleanup. Unless we detach them from NSPR, if we use CertVerifier, net_unittests dies with segfault on shutdown. BUG=10911 TEST=net_unittests passes with code that uses CertVerifier. Review URL: http://codereview.chromium.org/115856 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17160 0039d316-1c4b-4281-b951-d872f2087c98
* Move certificate verification off the IO thread.wtc@chromium.org2009-02-031-12/+11
| | | | | | | | | | | | | | | | Move the MapNetErrorToCertStatus and MapCertStatusToNetError functions to cert_status_flags.h so they can be shared with Mac and Linux code. Move the certificate verification function to the X509Certificate class. Right now X509Certificate::Verify is only implemented on Windows. R=eroman BUG=3592 Review URL: http://codereview.chromium.org/14915 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9084 0039d316-1c4b-4281-b951-d872f2087c98
* Add the CertVerifier class. It is based on thewtc@google.com2008-12-191-0/+140
HostResolver class. It's not being compiled yet. R=eroman BUG=3592 Review URL: http://codereview.chromium.org/14868 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@7280 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-12 23:27:28 +0000