net/base/cert_verify_result.h - Issue 6793041: net: add ability to distinguish user-added root CAs.

Side by Side Diff: net/base/cert_verify_result.h

Issue 6793041: net: add ability to distinguish user-added root CAs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: ... Created 9 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2009 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_BASE_CERT_VERIFY_RESULT_H_	5 #ifndef NET_BASE_CERT_VERIFY_RESULT_H_

6 #define NET_BASE_CERT_VERIFY_RESULT_H_	6 #define NET_BASE_CERT_VERIFY_RESULT_H_

7 #pragma once	7 #pragma once

8	8

9 namespace net {	9 namespace net {

10	10

11 // The result of certificate verification. Eventually this may contain the	11 // The result of certificate verification. Eventually this may contain the

12 // certificate chain that was constructed during certificate verification.	12 // certificate chain that was constructed during certificate verification.

13 class CertVerifyResult {	13 class CertVerifyResult {

14 public:	14 public:

15 CertVerifyResult() { Reset(); }	15 CertVerifyResult() { Reset(); }

16	16

17 void Reset() {	17 void Reset() {

18 cert_status = 0;	18 cert_status = 0;

19 has_md5 = false;	19 has_md5 = false;

20 has_md2 = false;	20 has_md2 = false;

21 has_md4 = false;	21 has_md4 = false;

22 has_md5_ca = false;	22 has_md5_ca = false;

23 has_md2_ca = false;	23 has_md2_ca = false;

	24 is_probably_mitm_cert = true;
	wtc 2011/04/06 04:28:38 Why does is_probably_mitm_cert default to true? I Why does is_probably_mitm_cert default to true? I guess we have to presume a cert is probably a MITM cert. You can define this member as is_issued_by_known_root. Then it can default to false. (The IsRootedAtKnownRoot functions in x509_certificate_{mac,win}.cc can be renamed IsIssuedByKnownRoot.) agl 2011/04/06 19:02:02 Done. Show quoted text On 2011/04/06 04:28:38, wtc wrote: > Why does is_probably_mitm_cert default to true? I guess > we have to presume a cert is probably a MITM cert. > > You can define this member as is_issued_by_known_root. > Then it can default to false. (The IsRootedAtKnownRoot > functions in x509_certificate_{mac,win}.cc can be renamed > IsIssuedByKnownRoot.) Done.
24 }	25 }

25	26

26 // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h	27 // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h

27 int cert_status;	28 int cert_status;

28	29

29 // Properties of the certificate chain.	30 // Properties of the certificate chain.

30 bool has_md5;	31 bool has_md5;

31 bool has_md2;	32 bool has_md2;

32 bool has_md4;	33 bool has_md4;

33 bool has_md5_ca;	34 bool has_md5_ca;

34 bool has_md2_ca;	35 bool has_md2_ca;

	36

	37 // is_probably_mitm_cert is true if we believe that the certificate is a MITM

	38 // certificate. This is determined by checking to see if the root of the

	39 // certificate chain is a well known root. If it isn't then it's probably the

	40 // case that this certificate was generated by a MITM proxy who's root has
	wtc 2011/04/06 04:28:38 Typo: who's => whose Typo: who's => whose agl 2011/04/06 19:02:02 Done. Show quoted text On 2011/04/06 04:28:38, wtc wrote: > Typo: who's => whose Done.
	41 // been installed locally. This is meaningless if the certificate was not

	42 // trusted.

	43 bool is_probably_mitm_cert;

35 };	44 };

36	45

37 } // namespace net	46 } // namespace net

38	47

39 #endif // NET_BASE_CERT_VERIFY_RESULT_H_	48 #endif // NET_BASE_CERT_VERIFY_RESULT_H_

OLD	NEW

« no previous file with comments | « no previous file | net/base/x509_certificate.h » ('j') | net/base/x509_certificate.h » ('J')