Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(127)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/base/x509_certificate.h

Issue 9584041: Create stubs for system certificate validation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Exclude CertVerifyProcNSS for non-NSS-only systems, for now Created 8 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/base/transport_security_state_unittest.cc ('K') | « net/base/transport_security_state_unittest.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | net/base/x509_certificate_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/x509_certificate.h
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index 0a603b1ad9219d8adcb7cf7b10ae3f6ebdcab7f0..2a47d91568ca2c94371f83e81fd665d01137801e 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -369,32 +369,6 @@ class NET_EXPORT X509Certificate
static X509_STORE* cert_store();
#endif
- // Verifies the certificate against the given hostname. Returns OK if
- // successful or an error code upon failure.
- //
- // The |*verify_result| structure, including the |verify_result->cert_status|
- // bitmask, is always filled out regardless of the return value. If the
- // certificate has multiple errors, the corresponding status flags are set in
- // |verify_result->cert_status|, and the error code for the most serious
- // error is returned.
- //
- // |flags| is bitwise OR'd of VerifyFlags:
- //
- // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, online certificate
- // revocation checking is performed (i.e. OCSP and downloading CRLs). CRLSet
- // based revocation checking is always enabled, regardless of this flag, if
- // |crl_set| is given.
- //
- // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is
- // performed.
- //
- // |crl_set| points to an optional CRLSet structure which can be used to
- // avoid revocation checks over the network.
- int Verify(const std::string& hostname,
- int flags,
- CRLSet* crl_set,
- CertVerifyResult* verify_result) const;
-
// Verifies that |hostname| matches this certificate.
// Does not verify that the certificate is valid, only that the certificate
// matches this host.
@@ -475,11 +449,16 @@ class NET_EXPORT X509Certificate
private:
friend class base::RefCountedThreadSafe<X509Certificate>;
friend class TestRootCerts; // For unit tests
- FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, Cache);
- FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, IntermediateCertificates);
- FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers);
- FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, DigiNotarCerts);
+ // TODO(rsleevi): Temporary refactoring - http://crbug.com/114343
+ friend class X509CertificateTest;
+ friend class CertVerifyProcMac;
+ friend class CertVerifyProcNSS;
+ friend class CertVerifyProcOpenSSL;
+ friend class CertVerifyProcWin;
+
FRIEND_TEST_ALL_PREFIXES(X509CertificateNameVerifyTest, VerifyHostname);
+ FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, DigiNotarCerts);
+ FRIEND_TEST_ALL_PREFIXES(X509CertificateTest, SerialNumbers);
// Construct an X509Certificate from a handle to the certificate object
// in the underlying crypto library.
@@ -491,6 +470,33 @@ class NET_EXPORT X509Certificate
// Common object initialization code. Called by the constructors only.
void Initialize();
+
+ // Verifies the certificate against the given hostname. Returns OK if
+ // successful or an error code upon failure.
+ //
+ // The |*verify_result| structure, including the |verify_result->cert_status|
+ // bitmask, is always filled out regardless of the return value. If the
+ // certificate has multiple errors, the corresponding status flags are set in
+ // |verify_result->cert_status|, and the error code for the most serious
+ // error is returned.
+ //
+ // |flags| is bitwise OR'd of VerifyFlags:
+ //
+ // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, online certificate
+ // revocation checking is performed (i.e. OCSP and downloading CRLs). CRLSet
+ // based revocation checking is always enabled, regardless of this flag, if
+ // |crl_set| is given.
+ //
+ // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is
+ // performed.
+ //
+ // |crl_set| points to an optional CRLSet structure which can be used to
+ // avoid revocation checks over the network.
+ int Verify(const std::string& hostname,
+ int flags,
+ CRLSet* crl_set,
+ CertVerifyResult* verify_result) const;
+
#if defined(OS_WIN)
bool CheckEV(PCCERT_CHAIN_CONTEXT chain_context,
const char* policy_oid) const;
« net/base/transport_security_state_unittest.cc ('K') | « net/base/transport_security_state_unittest.cc ('k') | net/base/x509_certificate_unittest.cc » ('j') | net/base/x509_certificate_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698