Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(694)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/cert_verify_proc.h

Issue 9584041: Create stubs for system certificate validation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Move system stubs into patch 4 for svn history preservation Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/cert_database_nss_unittest.cc ('k') | net/base/cert_verify_proc.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_BASE_CERT_VERIFY_PROC_H_
6 #define NET_BASE_CERT_VERIFY_PROC_H_
7 #pragma once
8
9 #include <string>
10
11 #include "base/memory/ref_counted.h"
12 #include "net/base/net_export.h"
13
14 namespace net {
15
16 class CertVerifyResult;
17 class CRLSet;
18 class X509Certificate;
19
20 // Class to perform certificate path building and verification for various
21 // certificate uses. All methods of this class must be thread-safe, as they
22 // may be called from various non-joinable worker threads.
23 class NET_EXPORT CertVerifyProc
24 : public base::RefCountedThreadSafe<CertVerifyProc> {
25 public:
26 // Creates and returns the default CertVerifyProc.
27 static CertVerifyProc* CreateDefault();
28
29 // Verifies the certificate against the given hostname as an SSL server
30 // certificate. Returns OK if successful or an error code upon failure.
31 //
32 // The |*verify_result| structure, including the |verify_result->cert_status|
33 // bitmask, is always filled out regardless of the return value. If the
34 // certificate has multiple errors, the corresponding status flags are set in
35 // |verify_result->cert_status|, and the error code for the most serious
36 // error is returned.
37 //
38 // |flags| is bitwise OR'd of VerifyFlags:
39 //
40 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, online certificate
41 // revocation checking is performed (i.e. OCSP and downloading CRLs). CRLSet
42 // based revocation checking is always enabled, regardless of this flag, if
43 // |crl_set| is given.
44 //
45 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is
46 // performed.
47 //
48 // |crl_set| points to an optional CRLSet structure which can be used to
49 // avoid revocation checks over the network.
50 int Verify(X509Certificate* cert,
51 const std::string& hostname,
52 int flags,
53 CRLSet* crl_set,
54 CertVerifyResult* verify_result);
55
56 protected:
57 friend class base::RefCountedThreadSafe<CertVerifyProc>;
58
59 CertVerifyProc();
60 virtual ~CertVerifyProc();
61
62 private:
63 // Performs the actual verification using the desired underlying
64 // cryptographic library.
65 virtual int VerifyInternal(X509Certificate* cert,
66 const std::string& hostname,
67 int flags,
68 CRLSet* crl_set,
69 CertVerifyResult* verify_result) = 0;
70 };
71
72 } // namespace net
73
74 #endif // NET_BASE_CERT_VERIFY_PROC_H_
OLDNEW
« no previous file with comments | « net/base/cert_database_nss_unittest.cc ('k') | net/base/cert_verify_proc.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698