OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This is the list of CertStatus flags and their values. | 5 // This is the list of CertStatus flags and their values. |
6 // | 6 // |
7 // Defines the values using a macro CERT_STATUS_FLAG, | 7 // Defines the values using a macro CERT_STATUS_FLAG, |
8 // so it can be expanded differently in some places | 8 // so it can be expanded differently in some places |
9 | 9 |
10 // The possible status bits for CertStatus. | 10 // The possible status bits for CertStatus. |
11 // Bits 0 to 15 are for errors. | 11 // Bits 0 to 15 are for errors. |
12 CERT_STATUS_FLAG(COMMON_NAME_INVALID, 1 << 0); | 12 CERT_STATUS_FLAG(COMMON_NAME_INVALID, 1 << 0); |
13 CERT_STATUS_FLAG(DATE_INVALID, 1 << 1); | 13 CERT_STATUS_FLAG(DATE_INVALID, 1 << 1); |
14 CERT_STATUS_FLAG(AUTHORITY_INVALID, 1 << 2); | 14 CERT_STATUS_FLAG(AUTHORITY_INVALID, 1 << 2); |
15 // 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP). | 15 // 1 << 3 is reserved for ERR_CERT_CONTAINS_ERRORS (not useful with WinHTTP). |
16 CERT_STATUS_FLAG(NO_REVOCATION_MECHANISM, 1 << 4); | 16 CERT_STATUS_FLAG(NO_REVOCATION_MECHANISM, 1 << 4); |
17 CERT_STATUS_FLAG(UNABLE_TO_CHECK_REVOCATION, 1 << 5); | 17 CERT_STATUS_FLAG(UNABLE_TO_CHECK_REVOCATION, 1 << 5); |
18 CERT_STATUS_FLAG(REVOKED, 1 << 6); | 18 CERT_STATUS_FLAG(REVOKED, 1 << 6); |
19 CERT_STATUS_FLAG(INVALID, 1 << 7); | 19 CERT_STATUS_FLAG(INVALID, 1 << 7); |
20 // Weak means "too weak to be used safely" (e.g. MD2, MD5) | 20 // Weak means "too weak to be used safely" (e.g. MD2, MD5) |
21 CERT_STATUS_FLAG(WEAK_SIGNATURE_ALGORITHM, 1 << 8); | 21 CERT_STATUS_FLAG(WEAK_SIGNATURE_ALGORITHM, 1 << 8); |
22 // 1 << 9 was used for CERT_STATUS_NOT_IN_DNS | 22 // 1 << 9 was used for CERT_STATUS_NOT_IN_DNS |
23 CERT_STATUS_FLAG(NON_UNIQUE_NAME, 1 << 10); | 23 CERT_STATUS_FLAG(NON_UNIQUE_NAME, 1 << 10); |
24 CERT_STATUS_FLAG(WEAK_KEY, 1 << 11); | 24 CERT_STATUS_FLAG(WEAK_KEY, 1 << 11); |
25 // 1 << 12 was used for CERT_STATUS_WEAK_DH_KEY | 25 // 1 << 12 was used for CERT_STATUS_WEAK_DH_KEY |
26 CERT_STATUS_FLAG(PINNED_KEY_MISSING, 1 << 13); | 26 CERT_STATUS_FLAG(PINNED_KEY_MISSING, 1 << 13); |
27 CERT_STATUS_FLAG(NAME_CONSTRAINT_VIOLATION, 1 << 14); | 27 CERT_STATUS_FLAG(NAME_CONSTRAINT_VIOLATION, 1 << 14); |
28 // Deprecated means "Valid beyond the deprecation period" (e.g. SHA-1 in 2017) | |
palmer
2014/08/28 21:23:13
Nit: Punctuation
| |
29 // If used after the deprecation period, it becomes WEAK_SIGNATURE_ALGORITHM | |
30 CERT_STATUS_FLAG(DEPRECATED_SIGNATURE_ALGORITHM, 1 << 15); | |
28 | 31 |
29 // Bits 16 to 31 are for non-error statuses. | 32 // Bits 16 to 31 are for non-error statuses. |
30 CERT_STATUS_FLAG(IS_EV, 1 << 16); | 33 CERT_STATUS_FLAG(IS_EV, 1 << 16); |
31 CERT_STATUS_FLAG(REV_CHECKING_ENABLED, 1 << 17); | 34 CERT_STATUS_FLAG(REV_CHECKING_ENABLED, 1 << 17); |
32 // Bit 18 was CERT_STATUS_IS_DNSSEC | 35 // Bit 18 was CERT_STATUS_IS_DNSSEC |
33 | 36 |
34 // Bits 32 to 48 are for errors. | 37 // Bits 32 to 48 are for errors. |
OLD | NEW |