Index: net/cert/ct_verifier.h |
diff --git a/net/cert/ct_verifier.h b/net/cert/ct_verifier.h |
index 290a0474a649138733c902fdc5a8e47b6210f12d..0c13895f7f0c9bb5595bc530b7bd529857dadb5d 100644 |
--- a/net/cert/ct_verifier.h |
+++ b/net/cert/ct_verifier.h |
@@ -5,6 +5,8 @@ |
#ifndef NET_CERT_CT_VERIFIER_H_ |
#define NET_CERT_CT_VERIFIER_H_ |
+#include <string> |
+ |
#include "net/base/net_export.h" |
namespace net { |
@@ -36,6 +38,14 @@ class NET_EXPORT CTVerifier { |
const std::string& sct_list_from_tls_extension, |
ct::CTVerifyResult* result, |
const BoundNetLog& net_log) = 0; |
+ |
+ // Returns true if the collection of SCTs for the given certificate |
+ // conforms with the CT/EV policy, false otherwise. |
+ // |cert| is the certificate for which the SCTs apply (this is needed |
+ // to determine the certificate's lifetime). |
+ // |ct_result| is the CTVerifyResult filled in by the Verify call. |
+ virtual bool DoesConformToCTEVPolicy(X509Certificate* cert, |
+ const ct::CTVerifyResult& ct_result) = 0; |
Ryan Sleevi
2014/08/05 22:19:10
Comments elsewhere regarding layering, but you can
Eran Messeri
2014/10/20 17:26:30
Moved to a separate class (this interface now only
|
}; |
} // namespace net |