mirror/naiveproxy
1
0
Fork 0
mirror of https://github.com/klzgrad/naiveproxy.git synced 2024-11-21 21:06:12 +03:00
Code Issues Projects Releases Wiki Activity

net/cert: Handle AIA response in PKCS#7 format

Browse Source
This commit is contained in:
klzgrad 2021-05-16 00:47:27 +08:00
parent 328923009a
commit f5ae1c9dfa
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/net/cert/internal/cert_issuer_source_aia.cc
View File

@ -9,6 +9,7 @@
#include "base/containers/span.h" #include "base/containers/span.h"
#include "base/logging.h" #include "base/logging.h"
#include "net/cert/cert_net_fetcher.h" #include "net/cert/cert_net_fetcher.h"
#include "net/cert/x509_certificate.h"
#include "net/cert/x509_util.h" #include "net/cert/x509_util.h"
#include "third_party/boringssl/src/pki/cert_errors.h" #include "third_party/boringssl/src/pki/cert_errors.h"
#include "third_party/boringssl/src/pki/pem.h" #include "third_party/boringssl/src/pki/pem.h"
@ -143,6 +144,22 @@ bool AiaRequest::AddCompletedFetchToResults(
// certificates MUST be able to accept individual DER encoded // certificates MUST be able to accept individual DER encoded
// certificates and SHOULD be able to accept "certs-only" CMS messages. // certificates and SHOULD be able to accept "certs-only" CMS messages.
// Handles PKCS#7 encoded certificates
CertificateList certs = X509Certificate::CreateCertificateListFromBytes(
fetched_bytes, X509Certificate::FORMAT_AUTO);
bool certs_ok = false;
for (const auto& cert : certs) {
auto parsed = bssl::ParsedCertificate::Create(
bssl::UpRef(cert->cert_buffer()),
x509_util::DefaultParseCertificateOptions(), /*errors=*/nullptr);
if (parsed) {
results->push_back(parsed);
certs_ok = true;
}
}
if (certs_ok)
return true;
// TODO(crbug.com/41405652): Some AIA responses are served as PEM, which // TODO(crbug.com/41405652): Some AIA responses are served as PEM, which
// is not part of RFC 5280's profile. // is not part of RFC 5280's profile.
return ParseCertFromDer(fetched_bytes, results) || return ParseCertFromDer(fetched_bytes, results) ||