Chromium Code Reviews Chromium Code Reviews
Issue 2800993002:
Add a key purpose parameter to Certificate PathBuilder. (Closed)
| Index: net/cert/internal/verify_certificate_chain.h |
| diff --git a/net/cert/internal/verify_certificate_chain.h b/net/cert/internal/verify_certificate_chain.h |
| index 5ebecb5e0ad57f6d46e6e3e0637bb25df4a46406..754906d6c5b2419e55bc501c9c2345a5de0ead56 100644 |
| --- a/net/cert/internal/verify_certificate_chain.h |
| +++ b/net/cert/internal/verify_certificate_chain.h |
| @@ -23,6 +23,13 @@ struct GeneralizedTime; |
| class SignaturePolicy; |
| class TrustAnchor; |
| +// The key purpose (extended key usage) to check for during verification. |
| +enum class KeyPurpose { |
| + KEY_PURPOSE_ANY, |
|
mattm
2017/04/06 22:16:03
nit: With enum class I think it's fine to leave of
eroman
2017/04/07 00:39:40
I ran into a couple of problems with macro conflic
mattm
2017/04/07 02:56:36
Ugh, macro conflicts. Don't worry about it too muc
eroman
2017/04/07 22:13:08
Checking with trybots now, I can definitely settle
|
| + KEY_PURPOSE_SERVER_AUTH, |
| + KEY_PURPOSE_CLIENT_AUTH, |
| +}; |
| + |
| // VerifyCertificateChain() verifies a certificate path (chain) based on the |
| // rules in RFC 5280. The caller is responsible for building the path and |
| // finding the trust anchor. |
| @@ -56,6 +63,9 @@ class TrustAnchor; |
| // time: |
| // The UTC time to use for expiration checks. |
| // |
| +// key_purpose: |
| +// The key purpose that the target certificate needs to be valid for. |
| +// |
| // --------- |
| // Outputs |
| // --------- |
| @@ -72,6 +82,7 @@ NET_EXPORT bool VerifyCertificateChain(const ParsedCertificateList& certs, |
| const TrustAnchor* trust_anchor, |
| const SignaturePolicy* signature_policy, |
| const der::GeneralizedTime& time, |
| + KeyPurpose required_key_purpose, |
| CertPathErrors* errors); |
| // TODO(crbug.com/634443): Move exported errors to a central location? |
