mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-30 08:41:15 +00:00
LibTLS: Add self signage information to our parsed certificates
This commit is contained in:
parent
c5542ea2c9
commit
114a383af3
Notes:
sideshowbarker
2024-07-17 07:35:03 +09:00
Author: https://github.com/fdellwing Commit: https://github.com/SerenityOS/serenity/commit/114a383af3 Pull-request: https://github.com/SerenityOS/serenity/pull/17955 Reviewed-by: https://github.com/gmta ✅ Reviewed-by: https://github.com/kleinesfilmroellchen ✅
|
@ -349,6 +349,11 @@ Optional<Certificate> Certificate::parse_asn1(ReadonlyBytes buffer, bool)
|
|||
return {};
|
||||
}
|
||||
|
||||
// self issued
|
||||
{
|
||||
certificate.is_self_issued = certificate.issuer_identifier_string() == certificate.subject_identifier_string();
|
||||
}
|
||||
|
||||
// extensions
|
||||
{
|
||||
if (certificate.version == 2) {
|
||||
|
|
|
@ -60,9 +60,11 @@ public:
|
|||
bool is_allowed_to_sign_certificate { false };
|
||||
bool is_certificate_authority { false };
|
||||
Optional<size_t> path_length_constraint {};
|
||||
bool is_self_issued { false };
|
||||
|
||||
static Optional<Certificate> parse_asn1(ReadonlyBytes, bool client_cert = false);
|
||||
|
||||
bool is_self_signed();
|
||||
bool is_valid() const;
|
||||
|
||||
DeprecatedString subject_identifier_string() const
|
||||
|
@ -124,6 +126,9 @@ public:
|
|||
}
|
||||
return cert_name.to_deprecated_string();
|
||||
}
|
||||
|
||||
private:
|
||||
Optional<bool> m_is_self_signed;
|
||||
};
|
||||
|
||||
class DefaultRootCACertificates {
|
||||
|
|
|
@ -115,6 +115,23 @@ bool Certificate::is_valid() const
|
|||
return true;
|
||||
}
|
||||
|
||||
// https://www.ietf.org/rfc/rfc5280.html#page-12
|
||||
bool Certificate::is_self_signed()
|
||||
{
|
||||
if (m_is_self_signed.has_value())
|
||||
return *m_is_self_signed;
|
||||
|
||||
// Self-signed certificates are self-issued certificates where the digital
|
||||
// signature may be verified by the public key bound into the certificate.
|
||||
if (!this->is_self_issued)
|
||||
m_is_self_signed.emplace(false);
|
||||
|
||||
// FIXME: Actually check if we sign ourself
|
||||
|
||||
m_is_self_signed.emplace(true);
|
||||
return *m_is_self_signed;
|
||||
}
|
||||
|
||||
void TLSv12::try_disambiguate_error() const
|
||||
{
|
||||
dbgln("Possible failure cause(s): ");
|
||||
|
|
Loading…
Reference in a new issue