Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc.h

Issue 2487063003: Revert of Distrust publicly trusted SHA-1 certs (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cert/cert_verify_proc.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_ 5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_
6 #define NET_CERT_CERT_VERIFY_PROC_H_ 6 #define NET_CERT_CERT_VERIFY_PROC_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/feature_list.h"
12 #include "base/gtest_prod_util.h" 11 #include "base/gtest_prod_util.h"
13 #include "base/macros.h" 12 #include "base/macros.h"
14 #include "base/memory/ref_counted.h" 13 #include "base/memory/ref_counted.h"
15 #include "net/base/net_export.h" 14 #include "net/base/net_export.h"
16 #include "net/cert/x509_cert_types.h" 15 #include "net/cert/x509_cert_types.h"
17 16
18 namespace net { 17 namespace net {
19 18
20 class CertVerifyResult; 19 class CertVerifyResult;
21 class CRLSet; 20 class CRLSet;
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
77 virtual bool SupportsOCSPStapling() const = 0; 76 virtual bool SupportsOCSPStapling() const = 0;
78 77
79 protected: 78 protected:
80 CertVerifyProc(); 79 CertVerifyProc();
81 virtual ~CertVerifyProc(); 80 virtual ~CertVerifyProc();
82 81
83 private: 82 private:
84 friend class base::RefCountedThreadSafe<CertVerifyProc>; 83 friend class base::RefCountedThreadSafe<CertVerifyProc>;
85 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts); 84 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts);
86 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, TestHasTooLongValidity); 85 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, TestHasTooLongValidity);
87 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest,
88 VerifyRejectsSHA1AfterDeprecationLegacyMode);
89 86
90 // Performs the actual verification using the desired underlying 87 // Performs the actual verification using the desired underlying
91 // cryptographic library. On entry, |verify_result->verified_cert| 88 // cryptographic library. On entry, |verify_result->verified_cert|
92 // is set to |cert|, the unverified chain. If no chain is built, the 89 // is set to |cert|, the unverified chain. If no chain is built, the
93 // value must be left untouched. 90 // value must be left untouched.
94 virtual int VerifyInternal(X509Certificate* cert, 91 virtual int VerifyInternal(X509Certificate* cert,
95 const std::string& hostname, 92 const std::string& hostname,
96 const std::string& ocsp_response, 93 const std::string& ocsp_response,
97 int flags, 94 int flags,
98 CRLSet* crl_set, 95 CRLSet* crl_set,
(...skipping 21 matching lines...) Expand all
120 // 117 //
121 // For certificates issued after 1 July 2012: 60 months. 118 // For certificates issued after 1 July 2012: 60 months.
122 // For certificates issued after 1 April 2015: 39 months. 119 // For certificates issued after 1 April 2015: 39 months.
123 // 120 //
124 // For certificates issued before the BRs took effect, there were no 121 // For certificates issued before the BRs took effect, there were no
125 // guidelines, but clamp them at a maximum of 10 year validity, with the 122 // guidelines, but clamp them at a maximum of 10 year validity, with the
126 // requirement they expire within 7 years after the effective date of the BRs 123 // requirement they expire within 7 years after the effective date of the BRs
127 // (i.e. by 1 July 2019). 124 // (i.e. by 1 July 2019).
128 static bool HasTooLongValidity(const X509Certificate& cert); 125 static bool HasTooLongValidity(const X509Certificate& cert);
129 126
130 // Emergency kill-switch for SHA-1 deprecation. Disabled by default.
131 static const base::Feature kSHA1LegacyMode;
132
133 DISALLOW_COPY_AND_ASSIGN(CertVerifyProc); 127 DISALLOW_COPY_AND_ASSIGN(CertVerifyProc);
134 }; 128 };
135 129
136 } // namespace net 130 } // namespace net
137 131
138 #endif // NET_CERT_CERT_VERIFY_PROC_H_ 132 #endif // NET_CERT_CERT_VERIFY_PROC_H_
OLDNEW
« no previous file with comments | « no previous file | net/cert/cert_verify_proc.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698