Update comments based on my new understanding of the

CertGetCertificateChain Function.

R=rvargas
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/2035010

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@47480 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 2 deletions

diff --git a/net/base/x509_certificate_win.cc b/net/base/x509_certificate_win.cc
index ffe5b2c..a02db9b7 100644
--- a/net/base/x509_certificate_win.cc
+++ b/net/base/x509_certificate_win.cc
@@ -536,8 +536,10 @@ int X509Certificate::Verify(const std::string& hostname,
   CERT_CHAIN_PARA chain_para;
   memset(&chain_para, 0, sizeof(chain_para));
   chain_para.cbSize = sizeof(chain_para);
-  // TODO(wtc): Do we still need to request szOID_SERVER_GATED_CRYPTO or
-  // szOID_SGC_NETSCAPE today?
+  // ExtendedKeyUsage.
+  // We still need to request szOID_SERVER_GATED_CRYPTO and szOID_SGC_NETSCAPE
+  // today because some certificate chains need them.  IE also requests these
+  // two usages.
   static const LPSTR usage[] = {
     szOID_PKIX_KP_SERVER_AUTH,
     szOID_SERVER_GATED_CRYPTO,
@@ -558,6 +560,9 @@ int X509Certificate::Verify(const std::string& hostname,
     flags &= ~VERIFY_EV_CERT;
   }
   PCCERT_CHAIN_CONTEXT chain_context;
+  // IE passes a non-NULL pTime argument that specifies the current system
+  // time.  IE passes CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT as the
+  // chain_flags argument.
   if (!CertGetCertificateChain(
            NULL,  // default chain engine, HCCE_CURRENT_USER
            cert_handle_,