| Index: net/cert/internal/verify_certificate_chain.cc
|
| diff --git a/net/cert/internal/verify_certificate_chain.cc b/net/cert/internal/verify_certificate_chain.cc
|
| index ee379fd75b1473f7e0bb4a143519fdd67727a6d2..5b20d4b410fd22fa81a03e16149d2ddef1c0f14b 100644
|
| --- a/net/cert/internal/verify_certificate_chain.cc
|
| +++ b/net/cert/internal/verify_certificate_chain.cc
|
| @@ -343,19 +343,12 @@ WARN_UNUSED_RESULT bool WrapUp(const ParsedCertificate& cert) {
|
| // signature nor issuer name are verified. (It needn't be self-signed).
|
| bool VerifyCertificateChainAssumingTrustedRoot(
|
| const ParsedCertificateList& certs,
|
| - // The trust store is only used for assertions.
|
| - const TrustStore& trust_store,
|
| const SignaturePolicy* signature_policy,
|
| const der::GeneralizedTime& time) {
|
| // An empty chain is necessarily invalid.
|
| if (certs.empty())
|
| return false;
|
|
|
| - // IMPORTANT: the assumption being made is that the root certificate in
|
| - // the given path is the trust anchor (and has already been verified as
|
| - // such).
|
| - DCHECK(trust_store.IsTrustedCertificate(certs.back().get()));
|
| -
|
| // Will contain a NameConstraints for each previous cert in the chain which
|
| // had nameConstraints. This corresponds to the permitted_subtrees and
|
| // excluded_subtrees state variables from RFC 5280.
|
|
|
Chromium Code Reviews
Issue 2126803004:
WIP: NSS trust store integration for path builder. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert-command-line-path-builder-add_certpathbuilder