Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-17 07:15:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
aea8dfc9c6
gecko-dev/security/manager/ssl/nsSSLStatus.h
David Keeler 7c5c99fcce bug 1313491 - include more context when determining EV status r=Cykesiopka,jcj,mgoodwin 
When doing TLS session resumption, the AuthCertificate hook is bypassed, which
means that the front-end doesn't know whether or not to show the EV indicator.
To deal with this, the platform attempts an EV verification. Before this patch,
this verification lacked much of the original context (e.g. stapled OCSP
responses, SCTs, the hostname, and in particular the first-party origin key).
Furthermore, it was unclear from a code architecture standpoint that a full
verification was even occurring. This patch brings the necessary context to the
verification and makes it much more clear that it is happening. It also takes
the opportunity to remove some unnecessary EV-related fields and information in
code and data structures that don't require it.

MozReview-Commit-ID: LTmZU4Z1YXL

--HG--
extra : rebase_source : 7db702f2037fae83c87fbb6aca75b4420544dff9
2016-10-31 17:02:57 -07:00

75 lines
1.7 KiB
C++
Raw Blame History

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef _NSSSLSTATUS_H
#define _NSSSLSTATUS_H
#include "CertVerifier.h" // For CertificateTransparencyInfo
#include "nsISSLStatus.h"
#include "nsCOMPtr.h"
#include "nsXPIDLString.h"
#include "nsIX509Cert.h"
#include "nsISerializable.h"
#include "nsIClassInfo.h"
class nsNSSCertificate;
enum class EVStatus {
NotEV = 0,
EV = 1,
};
class nsSSLStatus final
: public nsISSLStatus
, public nsISerializable
, public nsIClassInfo
{
protected:
virtual ~nsSSLStatus();
public:
NS_DECL_THREADSAFE_ISUPPORTS
NS_DECL_NSISSLSTATUS
NS_DECL_NSISERIALIZABLE
NS_DECL_NSICLASSINFO
nsSSLStatus();
void SetServerCert(nsNSSCertificate* aServerCert, EVStatus aEVStatus);
bool HasServerCert() {
return mServerCert != nullptr;
}
void SetCertificateTransparencyInfo(
const mozilla::psm::CertificateTransparencyInfo& info);
/* public for initilization in this file */
uint16_t mCipherSuite;
uint16_t mProtocolVersion;
uint16_t mCertificateTransparencyStatus;
bool mIsDomainMismatch;
bool mIsNotValidAtThisTime;
bool mIsUntrusted;
bool mIsEV;
bool mHasIsEVStatus;
bool mHaveCipherSuiteAndProtocol;
/* mHaveCertErrrorBits is relied on to determine whether or not a SPDY
connection is eligible for joining in nsNSSSocketInfo::JoinConnection() */
bool mHaveCertErrorBits;
private:
nsCOMPtr<nsIX509Cert> mServerCert;
};
#define NS_SSLSTATUS_CID \
{ 0xe2f14826, 0x9e70, 0x4647, \
{ 0xb2, 0x3f, 0x10, 0x10, 0xf5, 0x12, 0x46, 0x28 } }
#endif
Reference in New Issue View Git Blame Copy Permalink