net/base/cert_database.h - Issue 9940001: Fix imported server certs being distrusted in NSS 3.13.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/cert_database.h

Issue 9940001: Fix imported server certs being distrusted in NSS 3.13. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: cleanups Created 8 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« chrome/browser/chromeos/cros/onc_network_parser_unittest.cc ('K') | « chrome/third_party/mozilla_security_manager/nsNSSCertHelper.cpp ('k') | net/base/cert_database_nss.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/base/cert_database.h

diff --git a/net/base/cert_database.h b/net/base/cert_database.h

index 2e95624c911c1d070f6d4d1df65a6d93fbdc9e13..8a2803e492987af6ba2dcde59c119ef48b16585d 100644

--- a/net/base/cert_database.h

+++ b/net/base/cert_database.h

@@ -80,14 +80,21 @@ class NET_EXPORT CertDatabase {

// trusted as a server.

// For EMAIL_CERT, only TRUSTED_EMAIL makes sense, and specifies the cert is

// trusted for email.

+ // DISTRUSTED_* specifies that the cert should not be trusted for the given

+ // usage, regardless of whether it would otherwise inherit trust from the

+ // issuer chain.

+ // Use TRUST_DEFAULT to inherit trust as normal.

// NOTE: The actual constants are defined using an enum instead of static

// consts due to compilation/linkage constraints with template functions.

typedef uint32 TrustBits;

enum {

- UNTRUSTED = 0,

- TRUSTED_SSL = 1 << 0,

- TRUSTED_EMAIL = 1 << 1,

- TRUSTED_OBJ_SIGN = 1 << 2,

+ TRUST_DEFAULT = 0,

+ TRUSTED_SSL = 1 << 0,

+ TRUSTED_EMAIL = 1 << 1,

+ TRUSTED_OBJ_SIGN = 1 << 2,

+ DISTRUSTED_SSL = 1 << 3,

+ DISTRUSTED_EMAIL = 1 << 4,

+ DISTRUSTED_OBJ_SIGN = 1 << 5,

};

CertDatabase();

@@ -101,7 +108,7 @@ class NET_EXPORT CertDatabase {

// the platform cert database, or possibly other network error codes.

int AddUserCert(X509Certificate* cert);

-#if defined(USE_NSS) || defined(USE_OPENSSL)

+#if defined(USE_NSS)

// Get a list of unique certificates in the certificate database (one

// instance of all certificates).

void ListCerts(CertificateList* certs);

@@ -158,10 +165,13 @@ class NET_EXPORT CertDatabase {

// not given any trust.

// Any certificates that could not be imported will be listed in

// |not_imported|.

+ // |trust_bits| can be set to explicitly trust or distrust the certificate, or

+ // use TRUST_DEFAULT to inherit trust as normal.

// Returns false if there is an internal error, otherwise true is returned and

// |not_imported| should be checked for any certificates that were not

// imported.

bool ImportServerCert(const CertificateList& certificates,

+ TrustBits trust_bits,

ImportCertFailureList* not_imported);

// Get trust bits for certificate.