Index: net/quic/crypto/proof_verifier.h |
diff --git a/net/quic/crypto/proof_verifier.h b/net/quic/crypto/proof_verifier.h |
index 29ed7ea3fc3c339f79b0c196d80450224eb27227..62c6f1a2f64f3534972d35965d15322860b3bfaa 100644 |
--- a/net/quic/crypto/proof_verifier.h |
+++ b/net/quic/crypto/proof_verifier.h |
@@ -8,6 +8,7 @@ |
#include <string> |
#include <vector> |
+#include "net/base/completion_callback.h" |
#include "net/base/net_export.h" |
namespace net { |
@@ -20,20 +21,24 @@ class NET_EXPORT_PRIVATE ProofVerifier { |
// VerifyProof checks that |signature| is a valid signature of |
// |server_config| by the public key in the leaf certificate of |certs|, and |
- // that |certs| is a valid chain for |hostname|. On success, it returns true. |
- // On failure, it returns false and sets |*error_details| to a description of |
- // the problem. |
+ // that |certs| is a valid chain for |hostname|. On success, it returns OK. |
+ // On failure, it returns ERR_FAILED. This function may also return |
+ // ERR_IO_PENDING, in which case the |callback| will be run with the final |
+ // OK/ERR_FAILED result when the proof is verified. |
// |
// The signature uses SHA-256 as the hash function and PSS padding in the |
// case of RSA. |
// |
// Note: this is just for testing. The CN of the certificate is ignored and |
// wildcards in the SANs are not supported. |
- virtual bool VerifyProof(const std::string& hostname, |
- const std::string& server_config, |
- const std::vector<std::string>& certs, |
- const std::string& signature, |
- std::string* error_details) const = 0; |
+ virtual int VerifyProof(const std::string& hostname, |
+ const std::string& server_config, |
+ const std::vector<std::string>& certs, |
+ const std::string& signature, |
+ const CompletionCallback& callback) = 0; |
+ |
+ // If VerifyProof has failed, it returns the description of the problem. |
+ virtual std::string error_details() = 0; |
agl
2013/07/01 16:23:18
This can't work, right? It's a method of the Proof
wtc
2013/07/02 00:56:38
|error_details| should still be an output argument
ramant (doing other things)
2013/07/02 14:19:50
For |error_details| to be valid until ProofVerifie
Ryan Hamilton
2013/07/02 16:24:50
Or, alternatively, instead of taking a completion
|
}; |
} // namespace net |