mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-12-01 01:36:09 +03:00
net/cert: Handle AIA response in PKCS#7 format
This commit is contained in:
parent
4b1a1b95f4
commit
a2dacdd2b1
@ -9,6 +9,7 @@
|
|||||||
#include "base/containers/span.h"
|
#include "base/containers/span.h"
|
||||||
#include "base/logging.h"
|
#include "base/logging.h"
|
||||||
#include "net/cert/cert_net_fetcher.h"
|
#include "net/cert/cert_net_fetcher.h"
|
||||||
|
#include "net/cert/x509_certificate.h"
|
||||||
#include "net/cert/x509_util.h"
|
#include "net/cert/x509_util.h"
|
||||||
#include "third_party/boringssl/src/pki/cert_errors.h"
|
#include "third_party/boringssl/src/pki/cert_errors.h"
|
||||||
#include "third_party/boringssl/src/pki/pem.h"
|
#include "third_party/boringssl/src/pki/pem.h"
|
||||||
@ -143,6 +144,22 @@ bool AiaRequest::AddCompletedFetchToResults(
|
|||||||
// certificates MUST be able to accept individual DER encoded
|
// certificates MUST be able to accept individual DER encoded
|
||||||
// certificates and SHOULD be able to accept "certs-only" CMS messages.
|
// certificates and SHOULD be able to accept "certs-only" CMS messages.
|
||||||
|
|
||||||
|
// Handles PKCS#7 encoded certificates
|
||||||
|
CertificateList certs = X509Certificate::CreateCertificateListFromBytes(
|
||||||
|
fetched_bytes, X509Certificate::FORMAT_AUTO);
|
||||||
|
bool certs_ok = false;
|
||||||
|
for (const auto& cert : certs) {
|
||||||
|
auto parsed = bssl::ParsedCertificate::Create(
|
||||||
|
bssl::UpRef(cert->cert_buffer()),
|
||||||
|
x509_util::DefaultParseCertificateOptions(), /*errors=*/nullptr);
|
||||||
|
if (parsed) {
|
||||||
|
results->push_back(parsed);
|
||||||
|
certs_ok = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (certs_ok)
|
||||||
|
return true;
|
||||||
|
|
||||||
// TODO(crbug.com/41405652): Some AIA responses are served as PEM, which
|
// TODO(crbug.com/41405652): Some AIA responses are served as PEM, which
|
||||||
// is not part of RFC 5280's profile.
|
// is not part of RFC 5280's profile.
|
||||||
return ParseCertFromDer(fetched_bytes, results) ||
|
return ParseCertFromDer(fetched_bytes, results) ||
|
||||||
|
Loading…
Reference in New Issue
Block a user