| Index: net/cert/internal/verify_certificate_chain.h
|
| diff --git a/net/cert/internal/verify_certificate_chain.h b/net/cert/internal/verify_certificate_chain.h
|
| index 6d5c557774c61dba0f0f8656e7bc8b7f06cec5bb..6b53d9971cc1f5b326d69e2fbaaa48f354b5f4ba 100644
|
| --- a/net/cert/internal/verify_certificate_chain.h
|
| +++ b/net/cert/internal/verify_certificate_chain.h
|
| @@ -10,6 +10,7 @@
|
| #include "base/compiler_specific.h"
|
| #include "base/memory/ref_counted.h"
|
| #include "net/base/net_export.h"
|
| +#include "net/cert/internal/cert_errors.h"
|
| #include "net/cert/internal/parsed_certificate.h"
|
| #include "net/der/input.h"
|
|
|
| @@ -46,7 +47,8 @@ class TrustStore;
|
| // * cert_chain[N-1] must be issued by the trust anchor.
|
| //
|
| // trust_anchor:
|
| -// Contains the trust anchor (root) used to verify the chain.
|
| +// Contains the trust anchor (root) used to verify the chain. Must be
|
| +// non-null.
|
| //
|
| // signature_policy:
|
| // The policy to use when verifying signatures (what hash algorithms are
|
| @@ -60,11 +62,43 @@ class TrustStore;
|
| // ---------
|
| //
|
| // Returns true if the target certificate can be verified.
|
| +//
|
| +// errors:
|
| +// Must be non-null. The set of errors/warnings encountered while
|
| +// validating the path are appended to this structure. There is no
|
| +// guarantee that on success |errors| is empty, or conversely that
|
| +// on failure |errors| is non-empty. Consumers must only use the
|
| +// boolean return value to determine success/failure.
|
| NET_EXPORT bool VerifyCertificateChain(const ParsedCertificateList& certs,
|
| const TrustAnchor* trust_anchor,
|
| const SignaturePolicy* signature_policy,
|
| - const der::GeneralizedTime& time)
|
| - WARN_UNUSED_RESULT;
|
| + const der::GeneralizedTime& time,
|
| + CertErrors* errors) WARN_UNUSED_RESULT;
|
| +
|
| +// -----------------------------------------------
|
| +// Errors/Warnings set by VerifyCertificateChain
|
| +// -----------------------------------------------
|
| +
|
| +namespace verify_certificate_chain_errors {
|
| +
|
| +// TODO(eroman): Document each of these and their parameters.
|
| +extern CertErrorType kSignatureAlgorithmMismatch;
|
| +extern CertErrorType kInvalidOrUnsupportedAlgorithm;
|
| +extern CertErrorType kChainIsEmpty;
|
| +extern CertErrorType kUnconsumedCriticalExtension;
|
| +extern CertErrorType kTargetCertInconsistentCaBits;
|
| +extern CertErrorType kKeyCertSignBitNotSet;
|
| +extern CertErrorType kMaxPathLengthViolated;
|
| +extern CertErrorType kBasicConstraintsIndicatesNotCa;
|
| +extern CertErrorType kMissingBasicConstraints;
|
| +extern CertErrorType kNotPermittedByNameConstraints;
|
| +extern CertErrorType kSubjectDoesNotMatchIssuer;
|
| +extern CertErrorType kSignatureVerificationFailed;
|
| +extern CertErrorType kValidityFailedNotAfter;
|
| +extern CertErrorType kValidityFailedNotBefore;
|
| +extern CertErrorType kSignatureAlgorithmsDifferentEncoding;
|
| +
|
| +} // namespace verify_certificate_chain_errors
|
|
|
| } // namespace net
|
|
|
|
|
Chromium Code Reviews
Issue 2282183004:
Add error information to VerifyCertificateChain(). (Closed)
