Index: net/base/cert_verify_result.h |
diff --git a/net/base/cert_verify_result.h b/net/base/cert_verify_result.h |
index e4fb84af8ec88c0ae64bc9d45b86f34b79519738..2e4c250c34b38531ae5911def37a59bc96b8d9ef 100644 |
--- a/net/base/cert_verify_result.h |
+++ b/net/base/cert_verify_result.h |
@@ -9,12 +9,14 @@ |
#include <vector> |
#include "net/base/net_api.h" |
+#include "base/memory/ref_counted.h" |
#include "net/base/x509_cert_types.h" |
namespace net { |
-// The result of certificate verification. Eventually this may contain the |
-// certificate chain that was constructed during certificate verification. |
+class X509Certificate; |
+ |
+// The result of certificate verification. |
class NET_API CertVerifyResult { |
public: |
CertVerifyResult(); |
@@ -22,7 +24,18 @@ class NET_API CertVerifyResult { |
void Reset(); |
- // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h |
+ // The certificate and chain that was constructed during verification. |
+ // Note that the though the verified certificate will match the originally |
+ // supplied certificate, the intermediate certificates stored within may |
+ // be substantially different. In the event of a verification failure, this |
+ // will contain the chain as supplied by the server. This may be NULL if |
+ // running within the sandbox. |
+ scoped_refptr<X509Certificate> verified_cert; |
+ |
+ // Bitmask of CERT_STATUS_* from net/base/cert_status_flags.h. Note that |
+ // these status flags apply to the certificate chain returned in |
+ // |verified_cert|, rather than the originally supplied certificate |
+ // chain. |
int cert_status; |
// Properties of the certificate chain. |