Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().

If LOAD_VERIFY_EV_CERT is requested on load_flags and revokation checking is performed, Verify() peforms EV certificate verification as well, and sets CERT_STATUS_IS_EV in verify_result. Eliminate X509Certificate::IsEV() BUG=3592 TEST=net_unittests with ALLOW_EXTERNAL_ACCESS=1, \ visit https://www.thawte.com/ and shows EV info. Review URL: http://codereview.chromium.org/125120 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19011 0039d316-1c4b-4281-b951-d872f2087c98
author: ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-06-23 06:35:05 +0000
committer: ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-06-23 06:35:05 +0000
commit: f6555adcd5160d011ea1dc613fa0387dcddd0b6b (patch)
tree: 4020b1afb10822b10da786a4ef8f8522c7e9b0d2 /net/base/x509_certificate.h
parent: 36a784c511d467509d9a70a76b0865f60380ec37 (diff)
download: chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.zip
chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.gz
chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.bz2
1 files changed, 12 insertions, 7 deletions
diff --git a/net/base/x509_certificate.h b/net/base/x509_certificate.h
index a8bdfe9..cdadf54 100644
--- a/net/base/x509_certificate.h
+++ b/net/base/x509_certificate.h
@@ -133,6 +133,11 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
     SOURCE_FROM_NETWORK = 2,      // From the network.
   };
 
+  enum VerifyFlags {
+    VERIFY_REV_CHECKING_ENABLED = 1 << 0,
+    VERIFY_EV_CERT = 1 << 1,
+  };
+
   // Create an X509Certificate from a handle to the certificate object
   // in the underlying crypto library. This is a transfer of ownership;
   // X509Certificate will properly dispose of |cert_handle| for you.
@@ -207,16 +212,14 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
   // |verify_result->cert_status|, and the error code for the most serious
   // error is returned.
   //
-  // If |rev_checking_enabled| is true, certificate revocation checking is
-  // performed.
+  // |flags| is bitwise OR'd of VerifyFlags.
+  // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation
+  // checking is performed.  If VERIFY_EV_CERT is set in |flags| too,
+  // EV certificate verification is performed.
   int Verify(const std::string& hostname,
-             bool rev_checking_enabled,
+             int flags,
              CertVerifyResult* verify_result) const;
 
-  // Returns true if the certificate is an extended-validation (EV)
-  // certificate.
-  bool IsEV(int cert_status) const;
-
   OSCertHandle os_cert_handle() const { return cert_handle_; }
 
  private:
@@ -258,6 +261,8 @@ class X509Certificate : public base::RefCountedThreadSafe<X509Certificate> {
   // Common object initialization code.  Called by the constructors only.
   void Initialize();
 
+  bool VerifyEV() const;
+
   // Creates an OS certificate handle from the BER-encoded representation.
   // Returns NULL on failure.
   static OSCertHandle CreateOSCertHandleFromBytes(const char* data,
author	ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-06-23 06:35:05 +0000
committer	ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-06-23 06:35:05 +0000
commit	f6555adcd5160d011ea1dc613fa0387dcddd0b6b (patch)
tree	4020b1afb10822b10da786a4ef8f8522c7e9b0d2 /net/base/x509_certificate.h
parent	36a784c511d467509d9a70a76b0865f60380ec37 (diff)
download	chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.zip chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.gz chromium_src-f6555adcd5160d011ea1dc613fa0387dcddd0b6b.tar.bz2