Index: net/base/x509_certificate_mac.cc |
diff --git a/net/base/x509_certificate_mac.cc b/net/base/x509_certificate_mac.cc |
index 4bb9adf66b58371d8d2d1b94b5a2a2a8163142cc..dc2a138948a2374b0d47316b95be060e570d762d 100644 |
--- a/net/base/x509_certificate_mac.cc |
+++ b/net/base/x509_certificate_mac.cc |
@@ -290,7 +290,7 @@ OSStatus CreatePolicy(const CSSM_OID* policy_OID, |
// Creates a series of SecPolicyRefs to be added to a SecTrustRef used to |
// validate a certificate for an SSL peer. |hostname| contains the name of |
wtc
2011/04/20 23:28:11
Also change the "peer" on this line.
|
-// the SSL peer that the certificate should be verified against. |flags| is |
+// the SSL server that the certificate should be verified against. |flags| is |
// a bitwise-OR of VerifyFlags that can further alter how trust is |
// validated, such as how revocation is checked. If successful, returns |
// noErr, and stores the resultant array of SecPolicyRefs in |policies|. |
@@ -315,9 +315,6 @@ OSStatus CreateTrustPolicies(const std::string& hostname, int flags, |
// Manually add OCSP and CRL policies. If neither an OCSP or CRL policy is |
// specified, the Apple TP module will add whatever the system settings |
// are, which is not desirable here. |
- // |
- // Note that this causes any locally configured OCSP responder URL to be |
- // ignored. |
CSSM_APPLE_TP_OCSP_OPTIONS tp_ocsp_options; |
memset(&tp_ocsp_options, 0, sizeof(tp_ocsp_options)); |
tp_ocsp_options.Version = CSSM_APPLE_TP_OCSP_OPTS_VERSION; |
@@ -856,7 +853,7 @@ int X509Certificate::Verify(const std::string& hostname, int flags, |
} else { |
// EV requires revocation checking. |
// Note, under the hood, SecTrustEvaluate() will modify the OCSP options |
- // so as to attempt OCSP fetching if it believes a certificate may chain |
+ // so as to attempt OCSP checking if it believes a certificate may chain |
// to an EV root. However, because network fetches are disabled in |
// CreateTrustPolicies() when revocation checking is disabled, these |
// will only go against the local cache. |