| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ | 5 #ifndef CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ |
| 6 #define CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ | 6 #define CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ |
| 7 | 7 |
| 8 #include "crypto/scoped_nss_types.h" | 8 #include "crypto/scoped_nss_types.h" |
| 9 #include "net/cert/cert_verify_proc_nss.h" | 9 #include "net/cert/cert_verify_proc_nss.h" |
| 10 #include "net/cert/nss_profile_filter_chromeos.h" | 10 #include "net/cert/nss_profile_filter_chromeos.h" |
| (...skipping 16 matching lines...) Expand all Loading... |
| 27 // users other than the specified slot. | 27 // users other than the specified slot. |
| 28 explicit CertVerifyProcChromeOS(crypto::ScopedPK11Slot public_slot); | 28 explicit CertVerifyProcChromeOS(crypto::ScopedPK11Slot public_slot); |
| 29 | 29 |
| 30 protected: | 30 protected: |
| 31 ~CertVerifyProcChromeOS() override; | 31 ~CertVerifyProcChromeOS() override; |
| 32 | 32 |
| 33 private: | 33 private: |
| 34 // net::CertVerifyProcNSS implementation: | 34 // net::CertVerifyProcNSS implementation: |
| 35 int VerifyInternal(net::X509Certificate* cert, | 35 int VerifyInternal(net::X509Certificate* cert, |
| 36 const std::string& hostname, | 36 const std::string& hostname, |
| 37 const std::string& ocsp_response, |
| 37 int flags, | 38 int flags, |
| 38 net::CRLSet* crl_set, | 39 net::CRLSet* crl_set, |
| 39 const net::CertificateList& additional_trust_anchors, | 40 const net::CertificateList& additional_trust_anchors, |
| 40 net::CertVerifyResult* verify_result) override; | 41 net::CertVerifyResult* verify_result) override; |
| 41 | 42 |
| 42 // Check if the trust root of |current_chain| is allowed. | 43 // Check if the trust root of |current_chain| is allowed. |
| 43 // |is_chain_valid_arg| is actually a ChainVerifyArgs*, which is used to pass | 44 // |is_chain_valid_arg| is actually a ChainVerifyArgs*, which is used to pass |
| 44 // state through the NSS CERTChainVerifyCallback.isChainValidArg parameter. | 45 // state through the NSS CERTChainVerifyCallback.isChainValidArg parameter. |
| 45 // If the chain is allowed, |*chain_ok| will be set to PR_TRUE. | 46 // If the chain is allowed, |*chain_ok| will be set to PR_TRUE. |
| 46 // If the chain is not allowed, |*chain_ok| is set to PR_FALSE, and this | 47 // If the chain is not allowed, |*chain_ok| is set to PR_FALSE, and this |
| 47 // function may be called again during a single certificate verification if | 48 // function may be called again during a single certificate verification if |
| 48 // there are multiple possible valid chains. | 49 // there are multiple possible valid chains. |
| 49 static SECStatus IsChainValidFunc(void* is_chain_valid_arg, | 50 static SECStatus IsChainValidFunc(void* is_chain_valid_arg, |
| 50 const CERTCertList* current_chain, | 51 const CERTCertList* current_chain, |
| 51 PRBool* chain_ok); | 52 PRBool* chain_ok); |
| 52 | 53 |
| 53 net::NSSProfileFilterChromeOS profile_filter_; | 54 net::NSSProfileFilterChromeOS profile_filter_; |
| 54 }; | 55 }; |
| 55 | 56 |
| 56 } // namespace chromeos | 57 } // namespace chromeos |
| 57 | 58 |
| 58 #endif // CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ | 59 #endif // CHROME_BROWSER_CHROMEOS_NET_CERT_VERIFY_PROC_CHROMEOS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1081913003:
Route OCSP stapling through CertVerifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss