net/cert/cert_verify_proc.h - Issue 2616343005: Update some documentation for CertVerifyResult::verified_cert

Side by Side Diff: net/cert/cert_verify_proc.h

Issue 2616343005: Update some documentation for CertVerifyResult::verified_cert (Closed)

Patch Set: typo Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_	5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_

6 #define NET_CERT_CERT_VERIFY_PROC_H_	6 #define NET_CERT_CERT_VERIFY_PROC_H_

7	7

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

(...skipping 73 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
84 private:	84 private:

85 friend class base::RefCountedThreadSafe<CertVerifyProc>;	85 friend class base::RefCountedThreadSafe<CertVerifyProc>;

86 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts);	86 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts);

87 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, TestHasTooLongValidity);	87 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, TestHasTooLongValidity);

88 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest,	88 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest,

89 VerifyRejectsSHA1AfterDeprecationLegacyMode);	89 VerifyRejectsSHA1AfterDeprecationLegacyMode);

90	90

91 // Performs the actual verification using the desired underlying	91 // Performs the actual verification using the desired underlying

92 // cryptographic library. On entry, \|verify_result->verified_cert\|	92 // cryptographic library. On entry, \|verify_result->verified_cert\|

93 // is set to \|cert\|, the unverified chain. If no chain is built, the	93 // is set to \|cert\|, the unverified chain. If no chain is built, the

94 // value must be left untouched.	94 // value must be left untouched. On entry, \|verify_result\| is in a

	95 // default-initialized state.

	96 //

	97 // Implementations of VerifyInternal() are responsible for filling in all

	98 // applicable fields of \|verify_result\| EXCEPT for \|ocsp_result\|, which

	99 // will be filled in by Verify().
	Ryan Sleevi 2017/01/09 23:20:14 Note quite true here: \|verify_result\| is explici Note quite true here: \|verify_result\| is explicitly initialized to set \|verified_cert\| The contract might be better specified: On entry, \|verify_result\| will be default-initialized as a successful validation, with \|verify_result->verified_cert\| set to \|cert\|. Implementations are expected to fill in all applicable fields, excluding \|ocsp_result\|, which will be filled in by \|Verify()\|. If an error code is returned, \|verify_result->cert_status\| should be non-zero, indicating an error occurred. On success, net::OK should be returned, with \|verify_result\| updated to reflect the successfully verified chain. IDK, WDYT? eroman 2017/01/09 23:33:12 Done. Show quoted text On 2017/01/09 23:20:14, Ryan Sleevi wrote: > Note quite true here: > > \|verify_result\| is explicitly initialized to set \|verified_cert\| > > The contract might be better specified: > > On entry, \|verify_result\| will be default-initialized as a successful > validation, with \|verify_result->verified_cert\| set to \|cert\|. Implementations > are expected to fill in all applicable fields, excluding \|ocsp_result\|, which > will be filled in by \|Verify()\|. If an error code is returned, > \|verify_result->cert_status\| should be non-zero, indicating an error occurred. > On success, net::OK should be returned, with \|verify_result\| updated to reflect > the successfully verified chain. > > IDK, WDYT? Done.
95 virtual int VerifyInternal(X509Certificate* cert,	100 virtual int VerifyInternal(X509Certificate* cert,

96 const std::string& hostname,	101 const std::string& hostname,

97 const std::string& ocsp_response,	102 const std::string& ocsp_response,

98 int flags,	103 int flags,

99 CRLSet* crl_set,	104 CRLSet* crl_set,

100 const CertificateList& additional_trust_anchors,	105 const CertificateList& additional_trust_anchors,

101 CertVerifyResult* verify_result) = 0;	106 CertVerifyResult* verify_result) = 0;

102	107

103 // Returns true if \|cert\| is explicitly blacklisted.	108 // Returns true if \|cert\| is explicitly blacklisted.

104 static bool IsBlacklisted(X509Certificate* cert);	109 static bool IsBlacklisted(X509Certificate* cert);

(...skipping 41 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
146 // This function is intended to be used as a helper by platform-specific	151 // This function is intended to be used as a helper by platform-specific

147 // CertVerifyProc implementations.	152 // CertVerifyProc implementations.

148 X509Certificate::SignatureHashAlgorithm FillCertVerifyResultWeakSignature(	153 X509Certificate::SignatureHashAlgorithm FillCertVerifyResultWeakSignature(

149 X509Certificate::OSCertHandle cert,	154 X509Certificate::OSCertHandle cert,

150 bool is_leaf,	155 bool is_leaf,

151 CertVerifyResult* verify_result);	156 CertVerifyResult* verify_result);

152	157

153 } // namespace net	158 } // namespace net

154	159

155 #endif // NET_CERT_CERT_VERIFY_PROC_H_	160 #endif // NET_CERT_CERT_VERIFY_PROC_H_

OLD	NEW

« no previous file with comments | « chrome/browser/chromeos/net/cert_verify_proc_chromeos_unittest.cc ('k') | net/cert/cert_verify_result.h » ('j') | net/cert/cert_verify_result.h » ('J')