Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(69)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_util_mac.h

Issue 10857020: Do not perform online revocation checking when the user has explicitly disabled it, except for when… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Linux and Mac fixes Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/x509_certificate.h ('K') | « net/base/x509_certificate.h ('k') | net/base/x509_util_mac.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_X509_UTIL_MAC_H_ 5 #ifndef NET_BASE_X509_UTIL_MAC_H_
6 #define NET_BASE_X509_UTIL_MAC_H_ 6 #define NET_BASE_X509_UTIL_MAC_H_
7 7
8 #include <CoreFoundation/CFArray.h> 8 #include <CoreFoundation/CFArray.h>
9 #include <Security/Security.h> 9 #include <Security/Security.h>
10 10
(...skipping 23 matching lines...) Expand all
34 // On success, stores the resultant policy in |*policy| and returns noErr. 34 // On success, stores the resultant policy in |*policy| and returns noErr.
35 OSStatus NET_EXPORT CreateSSLServerPolicy(const std::string& hostname, 35 OSStatus NET_EXPORT CreateSSLServerPolicy(const std::string& hostname,
36 SecPolicyRef* policy); 36 SecPolicyRef* policy);
37 37
38 // Creates a security policy for basic X.509 validation. If the policy is 38 // Creates a security policy for basic X.509 validation. If the policy is
39 // successfully created, it will be stored in |*policy| and ownership 39 // successfully created, it will be stored in |*policy| and ownership
40 // transferred to the caller. 40 // transferred to the caller.
41 OSStatus NET_EXPORT CreateBasicX509Policy(SecPolicyRef* policy); 41 OSStatus NET_EXPORT CreateBasicX509Policy(SecPolicyRef* policy);
42 42
43 // Creates security policies to control revocation checking (OCSP and CRL). 43 // Creates security policies to control revocation checking (OCSP and CRL).
44 // If |enable_revocation_checking| is false, the policies returned will be 44 // If |enable_revocation_checking| is true, revocation checking will be
45 // explicitly disabled from accessing the network or the cache. This may be 45 // explicitly enabled.
46 // used to override system settings regarding revocation checking. 46 // If |enable_revocation_checking| is false, but |enable_ev_checking| is
47 // true, then the system policies for EV checking (which include checking
48 // for an online OCSP response) will be permitted. However, if the system
wtc 2012/08/16 23:17:39 Nit: the system => the OS I guess "the system" is
49 // does not believe the certificate is EV, no revocation checking will be
50 // performed.
51 // If both are false, then the policies returned will be explicitly prohibited
52 // from accessing the network or the local cache, regardless of system settings.
47 // If the policies are successfully created, they will be appended to 53 // If the policies are successfully created, they will be appended to
48 // |policies|. 54 // |policies|.
49 OSStatus NET_EXPORT CreateRevocationPolicies(bool enable_revocation_checking, 55 OSStatus NET_EXPORT CreateRevocationPolicies(bool enable_revocation_checking,
56 bool enable_ev_checking,
50 CFMutableArrayRef policies); 57 CFMutableArrayRef policies);
51 58
52 // Wrapper for a CSSM_DATA_PTR that was obtained via one of the CSSM field 59 // Wrapper for a CSSM_DATA_PTR that was obtained via one of the CSSM field
53 // accessors (such as CSSM_CL_CertGet[First/Next]Value or 60 // accessors (such as CSSM_CL_CertGet[First/Next]Value or
54 // CSSM_CL_CertGet[First/Next]CachedValue). 61 // CSSM_CL_CertGet[First/Next]CachedValue).
55 class CSSMFieldValue { 62 class CSSMFieldValue {
56 public: 63 public:
57 CSSMFieldValue(); 64 CSSMFieldValue();
58 CSSMFieldValue(CSSM_CL_HANDLE cl_handle, 65 CSSMFieldValue(CSSM_CL_HANDLE cl_handle,
59 const CSSM_OID* oid, 66 const CSSM_OID* oid,
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after
122 private: 129 private:
123 CSSM_CL_HANDLE cl_handle_; 130 CSSM_CL_HANDLE cl_handle_;
124 CSSM_HANDLE cached_cert_handle_; 131 CSSM_HANDLE cached_cert_handle_;
125 }; 132 };
126 133
127 } // namespace x509_util 134 } // namespace x509_util
128 135
129 } // namespace net 136 } // namespace net
130 137
131 #endif // NET_BASE_X509_UTIL_MAC_H_ 138 #endif // NET_BASE_X509_UTIL_MAC_H_
OLDNEW
« net/base/x509_certificate.h ('K') | « net/base/x509_certificate.h ('k') | net/base/x509_util_mac.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698