OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_CERT_VERIFIER_H_ | 5 #ifndef NET_CERT_CERT_VERIFIER_H_ |
6 #define NET_CERT_CERT_VERIFIER_H_ | 6 #define NET_CERT_CERT_VERIFIER_H_ |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 #include <string> | 9 #include <string> |
10 #include <vector> | 10 #include <vector> |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
72 // Note: If VERIFY_CERT_IO_ENABLE is not also supplied, certificates | 72 // Note: If VERIFY_CERT_IO_ENABLE is not also supplied, certificates |
73 // that chain to local trust anchors will likely fail - for example, due to | 73 // that chain to local trust anchors will likely fail - for example, due to |
74 // lacking fresh cached revocation issue (Windows) or because OCSP stapling | 74 // lacking fresh cached revocation issue (Windows) or because OCSP stapling |
75 // can only provide information for the leaf, and not for any | 75 // can only provide information for the leaf, and not for any |
76 // intermediates. | 76 // intermediates. |
77 VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS = 1 << 4, | 77 VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS = 1 << 4, |
78 | 78 |
79 // If set, certificates with SHA-1 signatures will be allowed, but only if | 79 // If set, certificates with SHA-1 signatures will be allowed, but only if |
80 // they are issued by non-public trust anchors. | 80 // they are issued by non-public trust anchors. |
81 VERIFY_ENABLE_SHA1_LOCAL_ANCHORS = 1 << 5, | 81 VERIFY_ENABLE_SHA1_LOCAL_ANCHORS = 1 << 5, |
| 82 |
| 83 // If set, certificates which lack a subjectAltName will be allowed to |
| 84 // match against the commonName of the certificate, but only if they are |
| 85 // issued by non-public trust anchors. |
| 86 VERIFY_ENABLE_COMMON_NAME_FALLBACK_LOCAL_ANCHORS = 1 << 6, |
82 }; | 87 }; |
83 | 88 |
84 // Parameters to verify |certificate| against the supplied | 89 // Parameters to verify |certificate| against the supplied |
85 // |hostname| as an SSL server. | 90 // |hostname| as an SSL server. |
86 // | 91 // |
87 // |hostname| should be a canonicalized hostname (in A-Label form) or IP | 92 // |hostname| should be a canonicalized hostname (in A-Label form) or IP |
88 // address in string form, following the rules of a URL host portion. In | 93 // address in string form, following the rules of a URL host portion. In |
89 // the case of |hostname| being a domain name, it may contain a trailing | 94 // the case of |hostname| being a domain name, it may contain a trailing |
90 // dot (e.g. "example.com."), as used to signal to DNS not to perform | 95 // dot (e.g. "example.com."), as used to signal to DNS not to perform |
91 // suffix search, and it will safely be ignored. If |hostname| is an IPv6 | 96 // suffix search, and it will safely be ignored. If |hostname| is an IPv6 |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
173 virtual bool SupportsOCSPStapling(); | 178 virtual bool SupportsOCSPStapling(); |
174 | 179 |
175 // Creates a CertVerifier implementation that verifies certificates using | 180 // Creates a CertVerifier implementation that verifies certificates using |
176 // the preferred underlying cryptographic libraries. | 181 // the preferred underlying cryptographic libraries. |
177 static std::unique_ptr<CertVerifier> CreateDefault(); | 182 static std::unique_ptr<CertVerifier> CreateDefault(); |
178 }; | 183 }; |
179 | 184 |
180 } // namespace net | 185 } // namespace net |
181 | 186 |
182 #endif // NET_CERT_CERT_VERIFIER_H_ | 187 #endif // NET_CERT_CERT_VERIFIER_H_ |
OLD | NEW |