net/base/x509_certificate.h - Issue 10857020: Do not perform online revocation checking when the user has explicitly disabled it, except for when…

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/x509_certificate.h

Issue 10857020: Do not perform online revocation checking when the user has explicitly disabled it, except for when… (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Review feedback Created 8 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/x509_certificate.h

diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h

index 4055f0a3db98695c46e872983b84a4e638437dc9..b75098c5edacb45d232f2d58fcff9481bc1a8bf5 100644

--- a/net/base/x509_certificate.h

+++ b/net/base/x509_certificate.h

@@ -89,9 +89,31 @@ class NET_EXPORT X509Certificate

};

enum VerifyFlags {

+ // If set, enables online revocation checking via CRLs and OCSP for the

+ // certificate chain.

VERIFY_REV_CHECKING_ENABLED = 1 << 0,

+ // If set, and the certificate being verified may be an EV certificate,

+ // attempt to verify the certificate according to the EV processing

+ // guidelines. In order to successfully verify a certificate as EV,

+ // either an online or offline revocation check must be successfully

+ // completed. To ensure it's possible to complete a revocation check,

+ // callers should also specify either VERIFY_REV_CHECKING_ENABLED or

+ // VERIFY_REV_CHECKING_ENABLED_EV_ONLY (to enable online checks), and

+ // VERIFY_CERT_IO_ENABLED (to enable network fetches for online checks).

VERIFY_EV_CERT = 1 << 1,

+ // If set, permits NSS to use the network when verifying certificates,

+ // such as to fetch missing intermediates or to check OCSP or CRLs.

+ // TODO(rsleevi): http://crbug.com/143300 - Define this flag for all

+ // verification engines with well-defined semantics, rather than being

+ // NSS only.

VERIFY_CERT_IO_ENABLED = 1 << 2,

+ // If set, enables online revocation checking via CRLs or OCSP, but only

+ // for certificates which may be EV, and only when VERIFY_EV_CERT is also

+ // set.

+ VERIFY_REV_CHECKING_ENABLED_EV_ONLY = 1 << 3,

wtc 2012/08/17 00:34:44 Nit: the fact that this flag is tacked on by CertV

Ryan Sleevi 2012/08/17 00:37:18 The intent is to make it not an internal-only flag

};

enum Format {

« no previous file with comments | « net/base/ev_root_ca_metadata_unittest.cc ('k') | net/base/x509_util_mac.h » ('j') | no next file with comments »