| Index: net/base/x509_certificate.h
|
| diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
|
| index 69746028b7940223527aa77164294a909c7da5de..b2598a1ce3d1703f3b191f65f9dd65fbd8121606 100644
|
| --- a/net/base/x509_certificate.h
|
| +++ b/net/base/x509_certificate.h
|
| @@ -92,11 +92,6 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
|
| bool operator() (X509Certificate* lhs, X509Certificate* rhs) const;
|
| };
|
|
|
| - enum VerifyFlags {
|
| - VERIFY_REV_CHECKING_ENABLED = 1 << 0,
|
| - VERIFY_EV_CERT = 1 << 1,
|
| - };
|
| -
|
| enum Format {
|
| // The data contains a single DER-encoded certificate, or a PEM-encoded
|
| // DER certificate with the PEM encoding block name of "CERTIFICATE".
|
| @@ -243,23 +238,6 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
|
| CFArrayRef CreateClientCertificateChain() const;
|
| #endif
|
|
|
| - // Verifies the certificate against the given hostname. Returns OK if
|
| - // successful or an error code upon failure.
|
| - //
|
| - // The |*verify_result| structure, including the |verify_result->cert_status|
|
| - // bitmask, is always filled out regardless of the return value. If the
|
| - // certificate has multiple errors, the corresponding status flags are set in
|
| - // |verify_result->cert_status|, and the error code for the most serious
|
| - // error is returned.
|
| - //
|
| - // |flags| is bitwise OR'd of VerifyFlags.
|
| - // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation
|
| - // checking is performed. If VERIFY_EV_CERT is set in |flags| too,
|
| - // EV certificate verification is performed.
|
| - int Verify(const std::string& hostname,
|
| - int flags,
|
| - CertVerifyResult* verify_result) const;
|
| -
|
| OSCertHandle os_cert_handle() const { return cert_handle_; }
|
|
|
| // Returns true if two OSCertHandles refer to identical certificates.
|
| @@ -284,6 +262,10 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
|
| // Frees (or releases a reference to) an OS certificate list handle
|
| static void FreeOSCertListHandle(OSCertListHandle cert_list);
|
|
|
| + // Calculates the SHA-1 fingerprint of the certificate. Returns an empty
|
| + // (all zero) fingerprint on failure.
|
| + static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle);
|
| +
|
| private:
|
| friend class base::RefCountedThreadSafe<X509Certificate>;
|
| FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache);
|
| @@ -301,8 +283,6 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
|
| // Common object initialization code. Called by the constructors only.
|
| void Initialize();
|
|
|
| - bool VerifyEV() const;
|
| -
|
| // Calculates the SHA-1 fingerprint of the certificate. Returns an empty
|
| // (all zero) fingerprint on failure.
|
| static SHA1Fingerprint CalculateFingerprint(OSCertHandle cert_handle);
|
| @@ -341,12 +321,6 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
|
| // that may be needed for chain building. (NSS impl does not need these.)
|
| OSCertHandles intermediate_ca_certs_;
|
|
|
| -#if defined(OS_MACOSX)
|
| - // Blocks multiple threads from verifying the cert simultaneously.
|
| - // (Marked mutable because it's used in a const method.)
|
| - mutable Lock verification_lock_;
|
| -#endif
|
| -
|
| DISALLOW_COPY_AND_ASSIGN(X509Certificate);
|
| };
|
|
|
|
|
Chromium Code Reviews
Issue 3112013:
Move chain building/verification out of X509Certificate (Closed)
