Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(924)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/ocsp_verify_result.h

Issue 2100303002: Add OCSPVerifyResult for tracking stapled OCSP responses cross-platform. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ocsp-date-check
Patch Set: Optional was optional. Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/cert_verify_proc.cc ('K') | « net/cert/ocsp_revocation_status.h ('k') | net/cert/ocsp_verify_result.cc » ('j') | net/test/spawned_test_server/base_test_server.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ocsp_verify_result.h
diff --git a/net/cert/ocsp_verify_result.h b/net/cert/ocsp_verify_result.h
new file mode 100644
index 0000000000000000000000000000000000000000..ec53f12b8d95420dbb1bef2b26b1e6af62221dac
--- /dev/null
+++ b/net/cert/ocsp_verify_result.h
@@ -0,0 +1,67 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_CERT_OCSP_VERIFY_RESULT_H
+#define NET_CERT_OCSP_VERIFY_RESULT_H
+
+#include <string>
+
+#include "base/optional.h"
Ryan Sleevi 2016/07/18 22:56:37 unneeded
dadrian 2016/07/18 23:20:26 Done.
+#include "net/base/net_export.h"
+#include "net/cert/ocsp_revocation_status.h"
+
+namespace net {
+
+// The result of OCSP verification. This always contains a ResponseStatus, which
+// describes whether or not an OCSP response was provided, and response level
+// errors. It optionally contains an OCSPRevocationStatus when |response_status
+// = PROVIDED|. For example, a stapled OCSP response matching the certificate,
+// and indicating a non-revoked status, will have |response_status = PROVIDED|
+// and |revocation_status = GOOD|. This is populated as part of the certificate
+// verification process, and should not be modified at other layers.
+struct NET_EXPORT OCSPVerifyResult {
+ OCSPVerifyResult();
+ OCSPVerifyResult(const OCSPVerifyResult&);
+ ~OCSPVerifyResult();
+
+ enum ResponseStatus {
+ // No OCSPResponse was stapled.
+ MISSING,
+
+ // An up-to-date OCSP response was stapled and matched the certificate.
+ PROVIDED,
+
+ // The stapled OCSP response did not have a SUCCESSFUL status.
+ ERROR_RESPONSE,
+
+ // The OCSPResponseData field producedAt was outside the certificate
+ // validity period.
+ BAD_PRODUCED_AT,
+
+ // At least one OCSPSingleResponse was stapled, but none matched the
+ // certificate.
+ NO_MATCHING_RESPONSE,
+
+ // A matching OCSPSingleResponse was stapled, but was either expired or not
+ // yet valid.
+ INVALID_DATE,
+
+ // The OCSPResponse structure could not be parsed.
+ PARSE_RESPONSE_ERROR,
+
+ // The OCSPResponseData structure could not be parsed.
+ PARSE_RESPONSE_DATA_ERROR,
+
+ };
+
+ ResponseStatus response_status = MISSING;
+
+ // The strictest CertStatus matching the certificate (REVOKED > UNKNOWN >
+ // GOOD). Only valid if |response_status| = PROVIDED.
+ OCSPRevocationStatus revocation_status = OCSPRevocationStatus::UNKNOWN;
+};
+
+} // namespace net
+
+#endif // NET_CERT_OCSP_VERIFY_RESULT_H
« net/cert/cert_verify_proc.cc ('K') | « net/cert/ocsp_revocation_status.h ('k') | net/cert/ocsp_verify_result.cc » ('j') | net/test/spawned_test_server/base_test_server.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698