OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 5 #ifndef NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 6 #define NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
54 // allowed, what length keys, what named curves, etc). | 54 // allowed, what length keys, what named curves, etc). |
55 // | 55 // |
56 // time: | 56 // time: |
57 // The UTC time to use for expiration checks. | 57 // The UTC time to use for expiration checks. |
58 // | 58 // |
59 // --------- | 59 // --------- |
60 // Outputs | 60 // Outputs |
61 // --------- | 61 // --------- |
62 // | 62 // |
63 // Returns true if the target certificate can be verified. | 63 // Returns true if the target certificate can be verified. |
| 64 // TODO(eroman): This return value is redundant with the |errors| parameter. |
64 // | 65 // |
65 // errors: | 66 // errors: |
66 // Must be non-null. The set of errors/warnings encountered while | 67 // Must be non-null. The set of errors/warnings encountered while |
67 // validating the path are appended to this structure. There is no | 68 // validating the path are appended to this structure. If verification |
68 // guarantee that on success |errors| is empty, or conversely that | 69 // failed, then there is guaranteed to be at least 1 error written to |
69 // on failure |errors| is non-empty. Consumers must only use the | 70 // |errors|. |
70 // boolean return value to determine success/failure. | |
71 NET_EXPORT bool VerifyCertificateChain(const ParsedCertificateList& certs, | 71 NET_EXPORT bool VerifyCertificateChain(const ParsedCertificateList& certs, |
72 const TrustAnchor* trust_anchor, | 72 const TrustAnchor* trust_anchor, |
73 const SignaturePolicy* signature_policy, | 73 const SignaturePolicy* signature_policy, |
74 const der::GeneralizedTime& time, | 74 const der::GeneralizedTime& time, |
75 CertErrors* errors) WARN_UNUSED_RESULT; | 75 CertPathErrors* errors); |
76 | 76 |
77 // TODO(crbug.com/634443): Move exported errors to a central location? | 77 // TODO(crbug.com/634443): Move exported errors to a central location? |
78 extern CertErrorId kValidityFailedNotAfter; | 78 extern CertErrorId kValidityFailedNotAfter; |
79 extern CertErrorId kValidityFailedNotBefore; | 79 extern CertErrorId kValidityFailedNotBefore; |
80 | 80 |
81 } // namespace net | 81 } // namespace net |
82 | 82 |
83 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ | 83 #endif // NET_CERT_INTERNAL_VERIFY_CERTIFICATE_CHAIN_H_ |
OLD | NEW |