| OLD | NEW |
| (Empty) |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_CERT_INTERNAL_CERT_ISSUER_SOURCE_NSS_H_ | |
| 6 #define NET_CERT_INTERNAL_CERT_ISSUER_SOURCE_NSS_H_ | |
| 7 | |
| 8 #include "net/base/net_export.h" | |
| 9 #include "net/cert/internal/cert_issuer_source.h" | |
| 10 | |
| 11 namespace net { | |
| 12 | |
| 13 // Returns issuers from NSS. Always returns results synchronously. | |
| 14 // This will return any matches from NSS, possibly including trust anchors, | |
| 15 // blacklisted/distrusted certs, and temporary/cached certs. In the current | |
| 16 // implementation, trust is checked in a separate stage of path building, so | |
| 17 // including trusted certs here doesn't cause any issues. In particular, a trust | |
| 18 // anchor being returned here indicates the path ending in that trust anchor | |
| 19 // must already have been tested and failed to verify, and now the pathbuilder | |
| 20 // is trying to find a different path through that certificate. Including | |
| 21 // distrusted certs is desirable so that those paths can be built (and then fail | |
| 22 // to verify), leading to a better error message. | |
| 23 class NET_EXPORT CertIssuerSourceNSS : public CertIssuerSource { | |
| 24 public: | |
| 25 CertIssuerSourceNSS(); | |
| 26 ~CertIssuerSourceNSS() override; | |
| 27 | |
| 28 // CertIssuerSource implementation: | |
| 29 void SyncGetIssuersOf(const ParsedCertificate* cert, | |
| 30 ParsedCertificateList* issuers) override; | |
| 31 void AsyncGetIssuersOf(const ParsedCertificate* cert, | |
| 32 std::unique_ptr<Request>* out_req) override; | |
| 33 | |
| 34 private: | |
| 35 DISALLOW_COPY_AND_ASSIGN(CertIssuerSourceNSS); | |
| 36 }; | |
| 37 | |
| 38 } // namespace net | |
| 39 | |
| 40 #endif // NET_CERT_INTERNAL_CERT_ISSUER_SOURCE_NSS_H_ | |
| OLD | NEW |