Google Git
Sign in
chromium / chromium / src.git / eb5f8ef3d692e2a9fb6ad6837426da2b9e2c0ee9^! / . / net / socket / ssl_client_socket_openssl.h
commiteb5f8ef3d692e2a9fb6ad6837426da2b9e2c0ee9[log] [tgz]
authordavidben <[email protected]>Thu Sep 04 14:14:32 2014
committerCommit bot <[email protected]>Thu Sep 04 14:16:03 2014
treea8dde0e4478262bea990516c0d1c3f52446a6710
parent9520d408282a2a498ef6fc20f9abacfb899abbe7 [diff] [blame]
Enable Certificate Transparency in the OpenSSL port.

Also add tests that assert OCSP responses and SCT extensions are returned in
the expected format.

BUG=408687
TEST=open https://embed.ct.digicert.com/ in Chrome for Android and
     tap the lock icon. Popup should say "The identity of this
     [...] and is publicly auditable."

Review URL: https://codereview.chromium.org/517083002

Cr-Commit-Position: refs/heads/master@{#293295}

diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
index 14ea3c8..9b02ac2 100644
--- a/net/socket/ssl_client_socket_openssl.h
+++ b/net/socket/ssl_client_socket_openssl.h

@@ -13,6 +13,7 @@
 #include "net/base/completion_callback.h"
 #include "net/base/io_buffer.h"
 #include "net/cert/cert_verify_result.h"
+#include "net/cert/ct_verify_result.h"
 #include "net/socket/client_socket_handle.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/ssl/channel_id_service.h"
@@ -34,6 +35,7 @@
 namespace net {
 
 class CertVerifier;
+class CTVerifier;
 class SingleRequestCertVerifier;
 class SSLCertRequestInfo;
 class SSLInfo;
@@ -121,6 +123,7 @@
   int DoVerifyCertComplete(int result);
   void DoConnectCallback(int result);
   X509Certificate* UpdateServerCert();
+  void VerifyCT();
 
   void OnHandshakeIOComplete(int result);
   void OnSendComplete(int result);
@@ -173,6 +176,13 @@
 
   void CheckIfHandshakeFinished();
 
+  // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|.
+  // SCTs are held in three separate vectors in ct_verify_result, each
+  // vetor representing a particular verification state, this method associates
+  // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to
+  // the |ssl_info|.signed_certificate_timestamps list.
+  void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const;
+
   bool transport_send_busy_;
   bool transport_recv_busy_;
 
@@ -232,6 +242,10 @@
   scoped_ptr<SingleRequestCertVerifier> verifier_;
   base::TimeTicks start_cert_verification_time_;
 
+  // Certificate Transparency: Verifier and result holder.
+  ct::CTVerifyResult ct_verify_result_;
+  CTVerifier* cert_transparency_verifier_;
+
   // The service for retrieving Channel ID keys.  May be NULL.
   ChannelIDService* channel_id_service_;