Index: net/cert/ct_verifier.h |
diff --git a/net/cert/ct_verifier.h b/net/cert/ct_verifier.h |
index 5a6868680c01b09dcab19fe368cb882f27f449a4..054dce6191aa2399be8f64d3c0f5185341c74de0 100644 |
--- a/net/cert/ct_verifier.h |
+++ b/net/cert/ct_verifier.h |
@@ -21,12 +21,15 @@ class NET_EXPORT CTVerifier { |
public: |
virtual ~CTVerifier() {} |
- // Verifies either embedded SCTs or SCTs obtained via the |
- // signed_certificate_timestamp TLS extension or OCSP on the given |cert| |
- // |result| will be filled with these SCTs, divided into categories based on |
- // the verification result. |
+ // Verifies SCTs embedded in the certificate itself, SCTs embedded in a |
+ // stapled OCSP response, and SCTs obtained via the |
+ // signed_certificate_timestamp TLS extension on the given |cert|. |
+ // Only some SCT methods may be used for the given |cert|; unused |
+ // |stapled_ocsp_response| and |sct_list_from_tls_extension| should be left |
Ryan Sleevi
2013/12/11 07:33:05
I don't understand the "unused" comment here, or t
ekasper
2013/12/11 15:40:51
Clarified.
|
+ // empty. |result| will be filled with these SCTs, divided into categories |
+ // based on the verification result. |
virtual int Verify(X509Certificate* cert, |
- const std::string& sct_list_from_ocsp, |
+ const std::string& stapled_ocsp_response, |
const std::string& sct_list_from_tls_extension, |
ct::CTVerifyResult* result, |
const BoundNetLog& net_log) = 0; |