Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(724)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/base/cert_database.h

Issue 9940001: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: review changes Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp ('K') | « chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp ('k') | net/base/cert_database_nss.cc » ('j') | net/base/cert_database_nss.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/cert_database.h
diff --git a/net/base/cert_database.h b/net/base/cert_database.h
index 2e95624c911c1d070f6d4d1df65a6d93fbdc9e13..5cc13865c51fb09923f9ba6d5fa721a1f79a74ee 100644
--- a/net/base/cert_database.h
+++ b/net/base/cert_database.h
@@ -80,14 +80,20 @@ class NET_EXPORT CertDatabase {
// trusted as a server.
// For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is
// trusted for email.
+ // DISTRUSTED_* specifies that the cert should not be trusted for the given
+ // use, regardless of whether it would otherwise inherit trust from the issuer
wtc 2012/05/22 00:28:39 Nit: use => usage
mattm 2012/05/26 03:41:35 Done.
+ // chain.
// NOTE: The actual constants are defined using an enum instead of static
// consts due to compilation/linkage constraints with template functions.
typedef uint32 TrustBits;
enum {
- UNTRUSTED = 0,
- TRUSTED_SSL = 1 << 0,
- TRUSTED_EMAIL = 1 << 1,
- TRUSTED_OBJ_SIGN = 1 << 2,
+ TRUST_DEFAULT = 0,
wtc 2012/05/22 00:28:39 Please document TRUST_DEFAULT. You can copy from
mattm 2012/05/26 03:41:35 Done.
+ TRUSTED_SSL = 1 << 0,
+ TRUSTED_EMAIL = 1 << 1,
+ TRUSTED_OBJ_SIGN = 1 << 2,
+ DISTRUSTED_SSL = 1 << 3,
+ DISTRUSTED_EMAIL = 1 << 4,
+ DISTRUSTED_OBJ_SIGN = 1 << 5,
};
CertDatabase();
@@ -101,7 +107,7 @@ class NET_EXPORT CertDatabase {
// the platform cert database, or possibly other network error codes.
int AddUserCert(X509Certificate* cert);
-#if defined(USE_NSS) || defined(USE_OPENSSL)
+#if defined(USE_NSS)
// Get a list of unique certificates in the certificate database (one
// instance of all certificates).
void ListCerts(CertificateList* certs);
@@ -158,10 +164,13 @@ class NET_EXPORT CertDatabase {
// not given any trust.
// Any certificates that could not be imported will be listed in
// |not_imported|.
+ // |trust_bits| can be set to explicitly trust or distrust the certificate, or
+ // use TRUST_DEFAULT to inherit trust as normal.
// Returns false if there is an internal error, otherwise true is returned and
// |not_imported| should be checked for any certificates that were not
// imported.
bool ImportServerCert(const CertificateList& certificates,
+ TrustBits trust_bits,
ImportCertFailureList* not_imported);
// Get trust bits for certificate.
« chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp ('K') | « chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp ('k') | net/base/cert_database_nss.cc » ('j') | net/base/cert_database_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698