Issue 3146034: Allow the constructed certificate chain to be returned in CertVerifyResult

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 3146034: Allow the constructed certificate chain to be returned in CertVerifyResult (Closed)

Created:
10 years, 4 months ago by Ryan Sleevi

Modified:
9 years, 7 months ago

Reviewers:
wtc, davidben

CC:
chromium-reviews, pam+watch_chromium.org, John Grabowski, cbentzel+watch_chromium.org, darin-cc_chromium.org, Paweł Hajdan Jr., mattm

Visibility:
Public.

Description

Allow the constructed certificate chain to be returned in CertVerifyResult As the input certificates may contain more certificates than necessary, allow the caller to obtain the chain that was constructed and validated, filtering out any certificates that were not needed, and including any certificates that may have been downloaded on demand (eg: via AIA extension information) This CL depends on: http://codereview.chromium.org/2944008 - To change/fix the X509Certificate cache. http://codereview.chromium.org/3112013 - To move chain building outside of X509Certificate. BUG=37142 TEST=X509CertificateTest.Verify*

Patch Set 1 #

Created: 10 years, 4 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+312 lines, -21 lines)			Patch
M	net/base/cert_verify_result.h	View	2 chunks	+15 lines, -13 lines	0 comments	Download
A	net/base/cert_verify_result.cc	View	1 chunk	+27 lines, -0 lines	0 comments	Download
M	net/base/x509_certificate_unittest.cc	View	1 chunk	+163 lines, -0 lines	0 comments	Download
M	net/base/x509_chain.h	View	1 chunk	+1 line, -0 lines	0 comments	Download
M	net/base/x509_chain_mac.cc	View	1 chunk	+15 lines, -0 lines	0 comments	Download
M	net/base/x509_chain_nss.cc	View	4 chunks	+23 lines, -6 lines	0 comments	Download
M	net/base/x509_chain_win.cc	View	3 chunks	+15 lines, -2 lines	0 comments	Download
A	net/data/ssl/certificates/google.full_chain.pem	View	1 chunk	+52 lines, -0 lines	0 comments	Download
M	net/net.gyp	View	1 chunk	+1 line, -0 lines	0 comments	Download

Messages

Total messages: 1 (0 generated)

Expand Messages | Collapse Messages

Ryan Sleevi

10 years, 4 months ago (2010-08-22 23:43:18 UTC) #1

Part of the ongoing series. I've added the flag to VerifyFlags because, like
revocation checking, it's a flag applicable to any of the verification steps.

This is a pre-requisite for moving the client certificate verification/location
code out (as we want to obtain the constructed path) and for x-x50-user-cert
handling (as we want to make sure the path validates and that we add all/only
certificates that have validated paths)

Expand Messages | Collapse Messages