net/quic/crypto/proof_verifier.h - Issue 2120703003: QUIC - Race Cert Verification with host resolution if certs are

Side by Side Diff: net/quic/crypto/proof_verifier.h

Issue 2120703003: QUIC - Race Cert Verification with host resolution if certs are (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Minor optimization, when verifying certs only skip policy checks. Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_	5 #ifndef NET_QUIC_CRYPTO_PROOF_VERIFIER_H_

6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_	6 #define NET_QUIC_CRYPTO_PROOF_VERIFIER_H_

7	7

8 #include <memory>	8 #include <memory>

9 #include <string>	9 #include <string>

10 #include <vector>	10 #include <vector>

(...skipping 69 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
80 const std::string& server_config,	80 const std::string& server_config,

81 QuicVersion quic_version,	81 QuicVersion quic_version,

82 base::StringPiece chlo_hash,	82 base::StringPiece chlo_hash,

83 const std::vector<std::string>& certs,	83 const std::vector<std::string>& certs,

84 const std::string& cert_sct,	84 const std::string& cert_sct,

85 const std::string& signature,	85 const std::string& signature,

86 const ProofVerifyContext* context,	86 const ProofVerifyContext* context,

87 std::string* error_details,	87 std::string* error_details,

88 std::unique_ptr<ProofVerifyDetails>* details,	88 std::unique_ptr<ProofVerifyDetails>* details,

89 ProofVerifierCallback* callback) = 0;	89 ProofVerifierCallback* callback) = 0;

	90

	91 // VerifyCert checks that \|certs\| is a valid chain for \|hostname\|. On success,

	92 // it returns QUIC_SUCCESS. On failure, it returns QUIC_FAILURE and sets

	93 // \|*error_details\| to a description of the problem. In either case it may set

	94 // \|*details\|, which the caller takes ownership of.

	95 //

	96 // \|context\| specifies an implementation specific struct (which may be nullptr

	97 // for some implementations) that provides useful information for the

	98 // verifier, e.g. logging handles.

	99 //

	100 // This function may also return QUIC_PENDING, in which case the ProofVerifier

	101 // will call back, on the original thread, via \|callback\| when complete.

	102 // In this case, the ProofVerifier will take ownership of \|callback\|.

	103 virtual QuicAsyncStatus VerifyCertChain(

	104 const std::string& hostname,

	105 const uint16_t port,
	Ryan Hamilton 2016/07/07 21:36:12 nit: I wonder if \|port\| is actually needed? nit: I wonder if \|port\| is actually needed? ramant (doing other things) 2016/07/07 22:18:27 +1. Because we are not enforcing policy checking w Show quoted text On 2016/07/07 21:36:12, Ryan Hamilton wrote: > nit: I wonder if \|port\| is actually needed? +1. Because we are not enforcing policy checking when we just verify certs, we don't need port. Deleted it. Done.
	106 const std::vector<std::string>& certs,

	107 const ProofVerifyContext* context,

	108 std::string* error_details,

	109 std::unique_ptr<ProofVerifyDetails>* details,

	110 ProofVerifierCallback* callback) = 0;

90 };	111 };

91	112

92 } // namespace net	113 } // namespace net

93	114

94 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_H_	115 #endif // NET_QUIC_CRYPTO_PROOF_VERIFIER_H_

OLD	NEW

« no previous file with comments | « net/http/http_network_session.cc ('k') | net/quic/crypto/proof_verifier_chromium.h » ('j') | net/quic/crypto/proof_verifier_chromium.cc » ('J')