net/cert/internal/verify_certificate_chain.h - Issue 1923433002: Certificate path builder for new certificate verification library

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/internal/verify_certificate_chain.h

Issue 1923433002: Certificate path builder for new certificate verification library (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: rebase Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/internal/verify_certificate_chain.h

diff --git a/net/cert/internal/verify_certificate_chain.h b/net/cert/internal/verify_certificate_chain.h

index 4d85eb66401420ffabfae705d8ac9a7c3c333c43..06cd55500dbcb7387a6dd7a715d4960e877c6163 100644

--- a/net/cert/internal/verify_certificate_chain.h

+++ b/net/cert/internal/verify_certificate_chain.h

@@ -22,8 +22,9 @@ class ParsedCertificate;

class SignaturePolicy;

class TrustStore;

-// VerifyCertificateChain() verifies a certificate path (chain) based on the

-// rules in RFC 5280.

+// VerifyCertificateChainAssumingTrustedRoot() verifies a certificate path

+// (chain) based on the rules in RFC 5280. The caller is responsible for

+// building the path and ensuring the chain ends in a trusted root certificate.

// WARNING: This implementation is in progress, and is currently incomplete.

// Consult an OWNER before using it.

@@ -38,11 +39,11 @@ class TrustStore;

// * cert_chain[0] is the target certificate to verify.

// * cert_chain[i+1] holds the certificate that issued cert_chain[i].

-// * cert_chain[N-1] must be the trust anchor, or have been directly

-// issued by a trust anchor.

+// * cert_chain[N-1] must be the trust anchor.

// trust_store:

-// Contains the set of trusted public keys (and their names).

+// Contains the set of trusted public keys (and their names). This is only

+// used to DCHECK that the final cert is a trust anchor.

// signature_policy:

// The policy to use when verifying signatures (what hash algorithms are

@@ -56,8 +57,9 @@ class TrustStore;

// ---------

// Returns true if the target certificate can be verified.

-NET_EXPORT bool VerifyCertificateChain(

- const std::vector<scoped_refptr<ParsedCertificate>>& cert_chain,

+NET_EXPORT bool VerifyCertificateChainAssumingTrustedRoot(

+ const std::vector<scoped_refptr<ParsedCertificate>>& certs,

+ // The trust store is only used for assertions.

const TrustStore& trust_store,

const SignaturePolicy* signature_policy,

const der::GeneralizedTime& time) WARN_UNUSED_RESULT;

« net/cert/internal/path_builder_pkits_unittest.cc ('K') | « net/cert/internal/trust_store.cc ('k') | net/cert/internal/verify_certificate_chain.cc » ('j') | no next file with comments »