diff options
| author | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-23 06:35:05 +0000 |
|---|---|---|
| committer | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-06-23 06:35:05 +0000 |
| commit | f6555adcd5160d011ea1dc613fa0387dcddd0b6b (patch) | |
| tree | 4020b1afb10822b10da786a4ef8f8522c7e9b0d2 /net/base/cert_verifier.cc | |
| parent | 36a784c511d467509d9a70a76b0865f60380ec37 (diff) | |
| download | chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.zip chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.gz chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.bz2 | |
Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().
If LOAD_VERIFY_EV_CERT is requested on load_flags
and revokation checking is performed, Verify() peforms
EV certificate verification as well, and sets
CERT_STATUS_IS_EV in verify_result.
Eliminate X509Certificate::IsEV()
BUG=3592
TEST=net_unittests with ALLOW_EXTERNAL_ACCESS=1, \
visit https://www.thawte.com/ and shows EV info.
Review URL: http://codereview.chromium.org/125120
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19011 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/cert_verifier.cc')
| -rw-r--r-- | net/base/cert_verifier.cc | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/net/base/cert_verifier.cc b/net/base/cert_verifier.cc index e907e30..70be229 100644 --- a/net/base/cert_verifier.cc +++ b/net/base/cert_verifier.cc @@ -22,12 +22,12 @@ class CertVerifier::Request : Request(CertVerifier* verifier, X509Certificate* cert, const std::string& hostname, - bool rev_checking_enabled, + int flags, CertVerifyResult* verify_result, CompletionCallback* callback) : cert_(cert), hostname_(hostname), - rev_checking_enabled_(rev_checking_enabled), + flags_(flags), verifier_(verifier), verify_result_(verify_result), callback_(callback), @@ -39,7 +39,7 @@ class CertVerifier::Request : void DoVerify() { // Running on the worker thread - error_ = cert_->Verify(hostname_, rev_checking_enabled_, &result_); + error_ = cert_->Verify(hostname_, flags_, &result_); #if defined(OS_LINUX) // Detach the thread from NSPR. // Calling NSS functions attaches the thread to NSPR, which stores @@ -95,7 +95,8 @@ class CertVerifier::Request : // Set on the origin thread, read on the worker thread. scoped_refptr<X509Certificate> cert_; std::string hostname_; - bool rev_checking_enabled_; + // bitwise OR'd of X509Certificate::VerifyFlags. + int flags_; // Only used on the origin thread (where Verify was called). CertVerifier* verifier_; @@ -123,7 +124,7 @@ CertVerifier::~CertVerifier() { int CertVerifier::Verify(X509Certificate* cert, const std::string& hostname, - bool rev_checking_enabled, + int flags, CertVerifyResult* verify_result, CompletionCallback* callback) { DCHECK(!request_) << "verifier already in use"; @@ -131,13 +132,12 @@ int CertVerifier::Verify(X509Certificate* cert, // Do a synchronous verification. if (!callback) { CertVerifyResult result; - int rv = cert->Verify(hostname, rev_checking_enabled, &result); + int rv = cert->Verify(hostname, flags, &result); *verify_result = result; return rv; } - request_ = new Request(this, cert, hostname, rev_checking_enabled, - verify_result, callback); + request_ = new Request(this, cert, hostname, flags, verify_result, callback); // Dispatch to worker thread... if (!WorkerPool::PostTask(FROM_HERE, |