OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_ | 5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_ |
6 #define NET_CERT_CERT_VERIFY_PROC_H_ | 6 #define NET_CERT_CERT_VERIFY_PROC_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
95 // certificates (eg: an "internal server name"). | 95 // certificates (eg: an "internal server name"). |
96 // | 96 // |
97 // While such names are not scheduled to be deprecated until 1 November 2015 | 97 // While such names are not scheduled to be deprecated until 1 November 2015 |
98 // according to the CA/Browser Forum Baseline Requirements (v1.1), they | 98 // according to the CA/Browser Forum Baseline Requirements (v1.1), they |
99 // represent a real risk for the deployment of new gTLDs, and thus being | 99 // represent a real risk for the deployment of new gTLDs, and thus being |
100 // phased out ahead of the hard deadline. | 100 // phased out ahead of the hard deadline. |
101 // TODO(rsleevi): http://crbug.com/119212 - Also match internal IP address | 101 // TODO(rsleevi): http://crbug.com/119212 - Also match internal IP address |
102 // ranges. | 102 // ranges. |
103 static bool IsHostnameNonUnique(const std::string& hostname); | 103 static bool IsHostnameNonUnique(const std::string& hostname); |
104 | 104 |
105 // The CA/Browser Forum's Baseline Requirements specify maximum validity | |
106 // periods (https://cabforum.org/Baseline_Requirements_V1.pdf): | |
107 // | |
108 // For certificates issued after 1 July 2012: 60 months. | |
109 // For certificates issued after 1 April 2015: 39 months. | |
Ryan Sleevi
2013/08/19 17:57:50
This is not correct. After 1 April 2015, it IS per
palmer
2013/08/21 01:26:25
Shall we just go with 60 months then?
Ryan Sleevi
2013/08/21 20:07:41
I'm fine landing this as the plan of record, and g
palmer
2013/08/21 22:24:15
Can you suggest accurate wording for the comment?
| |
110 // | |
111 // There are no guidelines for certificates issued before the BRs were | |
112 // set, but we clamp them at 120 months, and they must expire within 7 | |
113 // years after the BRs (i.e. by July 2019). | |
Ryan Sleevi
2013/08/19 17:57:50
comment nit: rephrase this part without the pronou
palmer
2013/08/21 01:26:25
Done. Your fixation is odd. :)
| |
114 static bool HasTooLongValidity(const X509Certificate& cert); | |
Ryan Sleevi
2013/08/19 17:57:50
There's no need to make this a static function, as
palmer
2013/08/21 01:26:25
I see it as being like |IsHostnameNonUnique| and s
Ryan Sleevi
2013/08/21 20:07:41
Glad you just volunteered to write unit tests ;) T
palmer
2013/08/21 22:24:15
Done.
| |
115 | |
105 DISALLOW_COPY_AND_ASSIGN(CertVerifyProc); | 116 DISALLOW_COPY_AND_ASSIGN(CertVerifyProc); |
106 }; | 117 }; |
107 | 118 |
108 } // namespace net | 119 } // namespace net |
109 | 120 |
110 #endif // NET_CERT_CERT_VERIFY_PROC_H_ | 121 #endif // NET_CERT_CERT_VERIFY_PROC_H_ |
OLD | NEW |