Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(165)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/cert_verifier.h

Issue 1081913003: Route OCSP stapling through CertVerifier. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@boringnss
Patch Set: split remoting fix out separately Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « google_apis/gcm/tools/mcs_probe.cc ('k') | net/cert/cert_verifier.cc » ('j') | net/cert/cert_verify_proc_nss.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verifier.h
diff --git a/net/cert/cert_verifier.h b/net/cert/cert_verifier.h
index 743c8350b271e414babcef1171557833b3d0f1b6..71a347854272cf537f2e6bc4104d4fdf83556cce 100644
--- a/net/cert/cert_verifier.h
+++ b/net/cert/cert_verifier.h
@@ -81,6 +81,8 @@ class NET_EXPORT CertVerifier {
// |verify_result->cert_status|, and the error code for the most serious
// error is returned.
//
+ // |ocsp_response|, if non-empty, is a stapled OCSP response to use.
+ //
// |flags| is bitwise OR'd of VerifyFlags.
// If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation
// checking is performed.
@@ -103,6 +105,7 @@ class NET_EXPORT CertVerifier {
// TODO(rsleevi): Move CRLSet* out of the CertVerifier signature.
virtual int Verify(X509Certificate* cert,
const std::string& hostname,
+ const std::string& ocsp_response,
int flags,
CRLSet* crl_set,
CertVerifyResult* verify_result,
@@ -114,6 +117,9 @@ class NET_EXPORT CertVerifier {
// After a request is canceled, its completion callback will not be called.
virtual void CancelRequest(RequestHandle req) = 0;
+ // Returns true if this CertVerifier supports stapled OCSP responses.
+ virtual bool SupportsOCSPStapling();
+
// Creates a CertVerifier implementation that verifies certificates using
// the preferred underlying cryptographic libraries.
static CertVerifier* CreateDefault();
« no previous file with comments | « google_apis/gcm/tools/mcs_probe.cc ('k') | net/cert/cert_verifier.cc » ('j') | net/cert/cert_verify_proc_nss.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698