Index: net/base/cert_verify_result.h |
diff --git a/net/base/cert_verify_result.h b/net/base/cert_verify_result.h |
index faac17a88b77f12da09994266ac6861a1804bfb1..419a1511fae128d46f91b4eca3b184e034a29e9d 100644 |
--- a/net/base/cert_verify_result.h |
+++ b/net/base/cert_verify_result.h |
@@ -1,4 +1,4 @@ |
-// Copyright (c) 2009 The Chromium Authors. All rights reserved. |
+// Copyright (c) 2011 The Chromium Authors. All rights reserved. |
// Use of this source code is governed by a BSD-style license that can be |
// found in the LICENSE file. |
@@ -21,6 +21,7 @@ class CertVerifyResult { |
has_md4 = false; |
has_md5_ca = false; |
has_md2_ca = false; |
+ is_probably_mitm_cert = true; |
wtc
2011/04/06 04:28:38
Why does is_probably_mitm_cert default to true? I
agl
2011/04/06 19:02:02
Done.
|
} |
// Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h |
@@ -32,6 +33,14 @@ class CertVerifyResult { |
bool has_md4; |
bool has_md5_ca; |
bool has_md2_ca; |
+ |
+ // is_probably_mitm_cert is true if we believe that the certificate is a MITM |
+ // certificate. This is determined by checking to see if the root of the |
+ // certificate chain is a well known root. If it isn't then it's probably the |
+ // case that this certificate was generated by a MITM proxy who's root has |
wtc
2011/04/06 04:28:38
Typo: who's => whose
agl
2011/04/06 19:02:02
Done.
|
+ // been installed locally. This is meaningless if the certificate was not |
+ // trusted. |
+ bool is_probably_mitm_cert; |
}; |
} // namespace net |