| Index: net/cert/internal/verify_certificate_chain.h
|
| diff --git a/net/cert/internal/verify_certificate_chain.h b/net/cert/internal/verify_certificate_chain.h
|
| index 291c843d9ed60ecb8f0fac7cf42f66a956a81712..5dc627579cb84616c068f27c2eb38479edfdc86c 100644
|
| --- a/net/cert/internal/verify_certificate_chain.h
|
| +++ b/net/cert/internal/verify_certificate_chain.h
|
| @@ -10,6 +10,7 @@
|
| #include "base/compiler_specific.h"
|
| #include "base/memory/ref_counted.h"
|
| #include "net/base/net_export.h"
|
| +#include "net/cert/internal/parsed_certificate.h"
|
| #include "net/der/input.h"
|
|
|
| namespace net {
|
| @@ -18,12 +19,12 @@ namespace der {
|
| struct GeneralizedTime;
|
| }
|
|
|
| -class ParsedCertificate;
|
| class SignaturePolicy;
|
| class TrustStore;
|
|
|
| -// VerifyCertificateChain() verifies a certificate path (chain) based on the
|
| -// rules in RFC 5280.
|
| +// VerifyCertificateChainAssumingTrustedRoot() verifies a certificate path
|
| +// (chain) based on the rules in RFC 5280. The caller is responsible for
|
| +// building the path and ensuring the chain ends in a trusted root certificate.
|
| //
|
| // WARNING: This implementation is in progress, and is currently incomplete.
|
| // Consult an OWNER before using it.
|
| @@ -38,11 +39,11 @@ class TrustStore;
|
| //
|
| // * cert_chain[0] is the target certificate to verify.
|
| // * cert_chain[i+1] holds the certificate that issued cert_chain[i].
|
| -// * cert_chain[N-1] must be the trust anchor, or have been directly
|
| -// issued by a trust anchor.
|
| +// * cert_chain[N-1] must be the trust anchor.
|
| //
|
| // trust_store:
|
| -// Contains the set of trusted public keys (and their names).
|
| +// Contains the set of trusted public keys (and their names). This is only
|
| +// used to DCHECK that the final cert is a trust anchor.
|
| //
|
| // signature_policy:
|
| // The policy to use when verifying signatures (what hash algorithms are
|
| @@ -51,28 +52,17 @@ class TrustStore;
|
| // time:
|
| // The UTC time to use for expiration checks.
|
| //
|
| -// trusted_chain_out:
|
| -// The vector to populate with the verified trusted certificate chain.
|
| -// * trusted_chain_out[0] is the target certificate verified.
|
| -// * trusted_chain_out[i+1] holds the certificate that issued
|
| -// trusted_chain_out[i].
|
| -// * trusted_chain_out[N-1] is the trust anchor.
|
| -// If a nullptr is passed, this parameter is ignored.
|
| -// If the target certificate can not be verified, this parameter is
|
| -// ignored.
|
| -//
|
| // ---------
|
| // Outputs
|
| // ---------
|
| //
|
| // Returns true if the target certificate can be verified.
|
| -NET_EXPORT bool VerifyCertificateChain(
|
| - const std::vector<scoped_refptr<ParsedCertificate>>& cert_chain,
|
| +NET_EXPORT bool VerifyCertificateChainAssumingTrustedRoot(
|
| + const ParsedCertificateList& certs,
|
| + // The trust store is only used for assertions.
|
| const TrustStore& trust_store,
|
| const SignaturePolicy* signature_policy,
|
| - const der::GeneralizedTime& time,
|
| - std::vector<scoped_refptr<ParsedCertificate>>* trusted_chain_out)
|
| - WARN_UNUSED_RESULT;
|
| + const der::GeneralizedTime& time) WARN_UNUSED_RESULT;
|
|
|
| } // namespace net
|
|
|
|
|
Chromium Code Reviews
Issue 1923433002:
Certificate path builder for new certificate verification library (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master