| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_X509_CHAIN_H_ | 5 #ifndef NET_BASE_X509_CHAIN_H_ |
| 6 #define NET_BASE_X509_CHAIN_H_ | 6 #define NET_BASE_X509_CHAIN_H_ |
| 7 #pragma once | 7 #pragma once |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 | 10 |
| 11 namespace net { | 11 namespace net { |
| 12 | 12 |
| 13 class CertVerifyResult; | 13 class CertVerifyResult; |
| 14 class X509Certificate; | 14 class X509Certificate; |
| 15 | 15 |
| 16 // Functions related to X.509 certificate chain building and verification. | 16 // Functions related to X.509 certificate chain building and verification. |
| 17 namespace x509_chain { | 17 namespace x509_chain { |
| 18 | 18 |
| 19 enum VerifyFlags { | 19 enum VerifyFlags { |
| 20 VERIFY_REV_CHECKING_ENABLED = 1 << 0, | 20 VERIFY_REV_CHECKING_ENABLED = 1 << 0, |
| 21 VERIFY_EV_CERT = 1 << 1, | 21 VERIFY_EV_CERT = 1 << 1, |
| 22 VERIFY_RETURN_CHAIN = 1 << 2, |
| 22 }; | 23 }; |
| 23 | 24 |
| 24 // Verifies that |certificate| is a valid SSL server certificate for the | 25 // Verifies that |certificate| is a valid SSL server certificate for the |
| 25 // given |hostname|. against the given hostname. Returns OK if successful | 26 // given |hostname|. against the given hostname. Returns OK if successful |
| 26 // or an error code upon failure. | 27 // or an error code upon failure. |
| 27 // | 28 // |
| 28 // The |*verify_result| structure, including the |verify_result->cert_status| | 29 // The |*verify_result| structure, including the |verify_result->cert_status| |
| 29 // bitmask, is always filled out regardless of the return value. If the | 30 // bitmask, is always filled out regardless of the return value. If the |
| 30 // certificate has multiple errors, the corresponding status flags are set in | 31 // certificate has multiple errors, the corresponding status flags are set in |
| 31 // |verify_result->cert_status|, and the error code for the most serious | 32 // |verify_result->cert_status|, and the error code for the most serious |
| 32 // error is returned. | 33 // error is returned. |
| 33 // | 34 // |
| 34 // |flags| is bitwise OR'd of VerifyFlags. | 35 // |flags| is bitwise OR'd of VerifyFlags. |
| 35 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation | 36 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation |
| 36 // checking is performed. If VERIFY_EV_CERT is set in |flags| too, | 37 // checking is performed. If VERIFY_EV_CERT is set in |flags| too, |
| 37 // EV certificate verification is performed. | 38 // EV certificate verification is performed. |
| 38 int VerifySSLServer(X509Certificate* certificate, const std::string& hostname, | 39 int VerifySSLServer(X509Certificate* certificate, const std::string& hostname, |
| 39 int flags, CertVerifyResult* verify_result); | 40 int flags, CertVerifyResult* verify_result); |
| 40 | 41 |
| 41 } // namespace x509_chain | 42 } // namespace x509_chain |
| 42 | 43 |
| 43 } // namespace net | 44 } // namespace net |
| 44 | 45 |
| 45 #endif // NET_BASE_X509_CHAIN_H_ | 46 #endif // NET_BASE_X509_CHAIN_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3146034:
Allow the constructed certificate chain to be returned in CertVerifyResult (Closed)
