Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify()....

net/base/x509_certificate.h

 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_BASE_X509_CERTIFICATE_H_
 #define NET_BASE_X509_CERTIFICATE_H_
 
 #include <map>
 #include <set>
 #include <string>
@@ skipping 115 matching lines @@
 
   // Where the certificate comes from.  The enumeration constants are
   // listed in increasing order of preference.
   enum Source {
     SOURCE_UNUSED = 0,            // The source_ member is not used.
     SOURCE_LONE_CERT_IMPORT = 1,  // From importing a certificate without
                                   // its intermediate CA certificates.
     SOURCE_FROM_NETWORK = 2,      // From the network.
   };
 
+  enum VerifyFlags {
+    VERIFY_REV_CHECKING_ENABLED = 1 << 0,
+    VERIFY_EV_CERT = 1 << 1,
+  };
+
   // Create an X509Certificate from a handle to the certificate object
   // in the underlying crypto library. This is a transfer of ownership;
   // X509Certificate will properly dispose of |cert_handle| for you.
   // |source| specifies where |cert_handle| comes from.  Given two
   // certificate handles for the same certificate, our certificate cache
   // prefers the handle from the network because our HTTP cache isn't
   // caching the corresponding intermediate CA certificates yet
   // (http://crbug.com/7065).
   //
   // The returned pointer must be stored in a scoped_refptr<X509Certificate>.
@@ skipping 54 matching lines @@
 
   // Verifies the certificate against the given hostname.  Returns OK if
   // successful or an error code upon failure.
   //
   // The |*verify_result| structure, including the |verify_result->cert_status|
   // bitmask, is always filled out regardless of the return value.  If the
   // certificate has multiple errors, the corresponding status flags are set in
   // |verify_result->cert_status|, and the error code for the most serious
   // error is returned.
   //
-  // If |rev_checking_enabled| is true, certificate revocation checking is
-  // performed.
+  // |flags| is bitwise OR'd of VerifyFlags.
+  // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation
+  // checking is performed.  If VERIFY_EV_CERT is set in |flags| too,
+  // EV certificate verification is performed.
   int Verify(const std::string& hostname,
-             bool rev_checking_enabled,
+             int flags,
              CertVerifyResult* verify_result) const;
 
-  // Returns true if the certificate is an extended-validation (EV)
-  // certificate.
-  bool IsEV(int cert_status) const;
-
   OSCertHandle os_cert_handle() const { return cert_handle_; }
 
  private:
   friend class base::RefCountedThreadSafe<X509Certificate>;
   FRIEND_TEST(X509CertificateTest, Cache);
 
   // A cache of X509Certificate objects.
   class Cache {
    public:
     static Cache* GetInstance();
@@ skipping 21 matching lines @@
 
   // Construct an X509Certificate from a handle to the certificate object
   // in the underlying crypto library.
   X509Certificate(OSCertHandle cert_handle, Source source);
 
   ~X509Certificate();
 
   // Common object initialization code.  Called by the constructors only.
   void Initialize();
 
+  bool VerifyEV() const;
+
   // Creates an OS certificate handle from the BER-encoded representation.
   // Returns NULL on failure.
   static OSCertHandle CreateOSCertHandleFromBytes(const char* data,
                                                   int length);
 
   // Frees an OS certificate handle.
   static void FreeOSCertHandle(OSCertHandle cert_handle);
 
   // Calculates the SHA-1 fingerprint of the certificate.  Returns an empty
   // (all zero) fingerprint on failure.
@@ skipping 19 matching lines @@
 
   // Where the certificate comes from.
   Source source_;
 
   DISALLOW_COPY_AND_ASSIGN(X509Certificate);
 };
 
 }  // namespace net
 
 #endif  // NET_BASE_X509_CERTIFICATE_H_