mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-23 22:06:12 +03:00
cert: Handle AIA response in PKCS#7 format
This commit is contained in:
parent
7df0dfe9dd
commit
8ea05fe5a8
@ -10,6 +10,7 @@
|
|||||||
#include "net/cert/cert_net_fetcher.h"
|
#include "net/cert/cert_net_fetcher.h"
|
||||||
#include "net/cert/internal/cert_errors.h"
|
#include "net/cert/internal/cert_errors.h"
|
||||||
#include "net/cert/pem.h"
|
#include "net/cert/pem.h"
|
||||||
|
#include "net/cert/x509_certificate.h"
|
||||||
#include "net/cert/x509_util.h"
|
#include "net/cert/x509_util.h"
|
||||||
#include "url/gurl.h"
|
#include "url/gurl.h"
|
||||||
|
|
||||||
@ -141,6 +142,22 @@ bool AiaRequest::AddCompletedFetchToResults(Error error,
|
|||||||
// certificates MUST be able to accept individual DER encoded
|
// certificates MUST be able to accept individual DER encoded
|
||||||
// certificates and SHOULD be able to accept "certs-only" CMS messages.
|
// certificates and SHOULD be able to accept "certs-only" CMS messages.
|
||||||
|
|
||||||
|
// Handles PKCS#7 encoded certificates
|
||||||
|
CertificateList certs = X509Certificate::CreateCertificateListFromBytes(
|
||||||
|
fetched_bytes, X509Certificate::FORMAT_AUTO);
|
||||||
|
bool certs_ok = false;
|
||||||
|
for (const auto& cert : certs) {
|
||||||
|
auto parsed = ParsedCertificate::Create(
|
||||||
|
bssl::UpRef(cert->cert_buffer()),
|
||||||
|
x509_util::DefaultParseCertificateOptions(), /*errors=*/nullptr);
|
||||||
|
if (parsed) {
|
||||||
|
results->push_back(parsed);
|
||||||
|
certs_ok = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (certs_ok)
|
||||||
|
return true;
|
||||||
|
|
||||||
// TODO(https://crbug.com/870359): Some AIA responses are served as PEM, which
|
// TODO(https://crbug.com/870359): Some AIA responses are served as PEM, which
|
||||||
// is not part of RFC 5280's profile.
|
// is not part of RFC 5280's profile.
|
||||||
return ParseCertFromDer(fetched_bytes, results) ||
|
return ParseCertFromDer(fetched_bytes, results) ||
|
||||||
|
Loading…
Reference in New Issue
Block a user