| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_CERT_VERIFIER_H_ | 5 #ifndef NET_CERT_CERT_VERIFIER_H_ |
| 6 #define NET_CERT_CERT_VERIFIER_H_ | 6 #define NET_CERT_CERT_VERIFIER_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 74 | 74 |
| 75 // Verifies the given certificate against the given hostname as an SSL server. | 75 // Verifies the given certificate against the given hostname as an SSL server. |
| 76 // Returns OK if successful or an error code upon failure. | 76 // Returns OK if successful or an error code upon failure. |
| 77 // | 77 // |
| 78 // The |*verify_result| structure, including the |verify_result->cert_status| | 78 // The |*verify_result| structure, including the |verify_result->cert_status| |
| 79 // bitmask, is always filled out regardless of the return value. If the | 79 // bitmask, is always filled out regardless of the return value. If the |
| 80 // certificate has multiple errors, the corresponding status flags are set in | 80 // certificate has multiple errors, the corresponding status flags are set in |
| 81 // |verify_result->cert_status|, and the error code for the most serious | 81 // |verify_result->cert_status|, and the error code for the most serious |
| 82 // error is returned. | 82 // error is returned. |
| 83 // | 83 // |
| 84 // |ocsp_response|, if non-empty, is a stapled OCSP response to use. |
| 85 // |
| 84 // |flags| is bitwise OR'd of VerifyFlags. | 86 // |flags| is bitwise OR'd of VerifyFlags. |
| 85 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation | 87 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation |
| 86 // checking is performed. | 88 // checking is performed. |
| 87 // | 89 // |
| 88 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is | 90 // If VERIFY_EV_CERT is set in |flags| too, EV certificate verification is |
| 89 // performed. If |flags| is VERIFY_EV_CERT (that is, | 91 // performed. If |flags| is VERIFY_EV_CERT (that is, |
| 90 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will | 92 // VERIFY_REV_CHECKING_ENABLED is not set), EV certificate verification will |
| 91 // not be performed. | 93 // not be performed. |
| 92 // | 94 // |
| 93 // |crl_set| points to an optional CRLSet structure which can be used to | 95 // |crl_set| points to an optional CRLSet structure which can be used to |
| 94 // avoid revocation checks over the network. | 96 // avoid revocation checks over the network. |
| 95 // | 97 // |
| 96 // |callback| must not be null. ERR_IO_PENDING is returned if the operation | 98 // |callback| must not be null. ERR_IO_PENDING is returned if the operation |
| 97 // could not be completed synchronously, in which case the result code will | 99 // could not be completed synchronously, in which case the result code will |
| 98 // be passed to the callback when available. | 100 // be passed to the callback when available. |
| 99 // | 101 // |
| 100 // |*out_req| will be filled with a handle to the async request. | 102 // |*out_req| will be filled with a handle to the async request. |
| 101 // This handle is not valid after the request has completed. | 103 // This handle is not valid after the request has completed. |
| 102 // | 104 // |
| 103 // TODO(rsleevi): Move CRLSet* out of the CertVerifier signature. | 105 // TODO(rsleevi): Move CRLSet* out of the CertVerifier signature. |
| 104 virtual int Verify(X509Certificate* cert, | 106 virtual int Verify(X509Certificate* cert, |
| 105 const std::string& hostname, | 107 const std::string& hostname, |
| 108 const std::string& ocsp_response, |
| 106 int flags, | 109 int flags, |
| 107 CRLSet* crl_set, | 110 CRLSet* crl_set, |
| 108 CertVerifyResult* verify_result, | 111 CertVerifyResult* verify_result, |
| 109 const CompletionCallback& callback, | 112 const CompletionCallback& callback, |
| 110 RequestHandle* out_req, | 113 RequestHandle* out_req, |
| 111 const BoundNetLog& net_log) = 0; | 114 const BoundNetLog& net_log) = 0; |
| 112 | 115 |
| 113 // Cancels the specified request. |req| is the handle returned by Verify(). | 116 // Cancels the specified request. |req| is the handle returned by Verify(). |
| 114 // After a request is canceled, its completion callback will not be called. | 117 // After a request is canceled, its completion callback will not be called. |
| 115 virtual void CancelRequest(RequestHandle req) = 0; | 118 virtual void CancelRequest(RequestHandle req) = 0; |
| 116 | 119 |
| 120 // Returns true if this CertVerifier supports stapled OCSP responses. |
| 121 virtual bool SupportsOCSPStapling(); |
| 122 |
| 117 // Creates a CertVerifier implementation that verifies certificates using | 123 // Creates a CertVerifier implementation that verifies certificates using |
| 118 // the preferred underlying cryptographic libraries. | 124 // the preferred underlying cryptographic libraries. |
| 119 static CertVerifier* CreateDefault(); | 125 static CertVerifier* CreateDefault(); |
| 120 }; | 126 }; |
| 121 | 127 |
| 122 } // namespace net | 128 } // namespace net |
| 123 | 129 |
| 124 #endif // NET_CERT_CERT_VERIFIER_H_ | 130 #endif // NET_CERT_CERT_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1081913003:
Route OCSP stapling through CertVerifier. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss