Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(138)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/internal/verify_certificate_chain.cc

Issue 2130283003: Cleanup: Rename "intermediary" --> "intermediate" (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix build? Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/internal/verify_certificate_chain_typed_unittest.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/internal/verify_certificate_chain.h" 5 #include "net/cert/internal/verify_certificate_chain.h"
6 6
7 #include <memory> 7 #include <memory>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "net/cert/internal/name_constraints.h" 10 #include "net/cert/internal/name_constraints.h"
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
162 } 162 }
163 } 163 }
164 164
165 // TODO(eroman): Steps d-f are omitted, as policy constraints are not yet 165 // TODO(eroman): Steps d-f are omitted, as policy constraints are not yet
166 // implemented. 166 // implemented.
167 167
168 return true; 168 return true;
169 } 169 }
170 170
171 // This function corresponds to RFC 5280 section 6.1.4's "Preparation for 171 // This function corresponds to RFC 5280 section 6.1.4's "Preparation for
172 // Certificate i+1" procedure. |cert| is expected to be an intermediary. 172 // Certificate i+1" procedure. |cert| is expected to be an intermediate.
173 WARN_UNUSED_RESULT bool PrepareForNextCertificate( 173 WARN_UNUSED_RESULT bool PrepareForNextCertificate(
174 const ParsedCertificate& cert, 174 const ParsedCertificate& cert,
175 size_t* max_path_length_ptr, 175 size_t* max_path_length_ptr,
176 der::Input* working_spki, 176 der::Input* working_spki,
177 der::Input* working_normalized_issuer_name, 177 der::Input* working_normalized_issuer_name,
178 std::vector<const NameConstraints*>* name_constraints_list) { 178 std::vector<const NameConstraints*>* name_constraints_list) {
179 // TODO(eroman): Steps a-b are omitted, as policy constraints are not yet 179 // TODO(eroman): Steps a-b are omitted, as policy constraints are not yet
180 // implemented. 180 // implemented.
181 181
182 // From RFC 5280 section 6.1.4 step c: 182 // From RFC 5280 section 6.1.4 step c:
(...skipping 21 matching lines...) Expand all
204 // 204 //
205 // If certificate i is a version 3 certificate, verify that the 205 // If certificate i is a version 3 certificate, verify that the
206 // basicConstraints extension is present and that cA is set to 206 // basicConstraints extension is present and that cA is set to
207 // TRUE. (If certificate i is a version 1 or version 2 207 // TRUE. (If certificate i is a version 1 or version 2
208 // certificate, then the application MUST either verify that 208 // certificate, then the application MUST either verify that
209 // certificate i is a CA certificate through out-of-band means 209 // certificate i is a CA certificate through out-of-band means
210 // or reject the certificate. Conforming implementations may 210 // or reject the certificate. Conforming implementations may
211 // choose to reject all version 1 and version 2 intermediate 211 // choose to reject all version 1 and version 2 intermediate
212 // certificates.) 212 // certificates.)
213 // 213 //
214 // This code implicitly rejects non version 3 intermediaries, since they 214 // This code implicitly rejects non version 3 intermediates, since they
215 // can't contain a BasicConstraints extension. 215 // can't contain a BasicConstraints extension.
216 if (!cert.has_basic_constraints() || !cert.basic_constraints().is_ca) 216 if (!cert.has_basic_constraints() || !cert.basic_constraints().is_ca)
217 return false; 217 return false;
218 218
219 // From RFC 5280 section 6.1.4 step l: 219 // From RFC 5280 section 6.1.4 step l:
220 // 220 //
221 // If the certificate was not self-issued, verify that 221 // If the certificate was not self-issued, verify that
222 // max_path_length is greater than zero and decrement 222 // max_path_length is greater than zero and decrement
223 // max_path_length by 1. 223 // max_path_length by 1.
224 if (!IsSelfIssued(cert)) { 224 if (!IsSelfIssued(cert)) {
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after
440 440
441 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1: 441 // TODO(eroman): RFC 5280 forbids duplicate certificates per section 6.1:
442 // 442 //
443 // A certificate MUST NOT appear more than once in a prospective 443 // A certificate MUST NOT appear more than once in a prospective
444 // certification path. 444 // certification path.
445 445
446 return true; 446 return true;
447 } 447 }
448 448
449 } // namespace net 449 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/cert/internal/verify_certificate_chain_typed_unittest.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698