diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-28 16:39:40 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-28 16:39:40 +0000 |
| commit | 3b1d3dbe9e1776ba2b4cb2a85f738fd286cebd77 (patch) | |
| tree | 60aff8032b7558e93dcda1de11285e72383ba311 /net/socket/ssl_host_info.h | |
| parent | 26b4f6f621a33c130b0aaa8fccab26cb114ec31a (diff) | |
| download | chromium_src-3b1d3dbe9e1776ba2b4cb2a85f738fd286cebd77.zip chromium_src-3b1d3dbe9e1776ba2b4cb2a85f738fd286cebd77.tar.gz chromium_src-3b1d3dbe9e1776ba2b4cb2a85f738fd286cebd77.tar.bz2 | |
net: merge certificate validation with SSLHostInfo's
Now that SSLHostInfo is doing an opportunistic certificate validation
based on the predicted certificates we can skip a second validation if
we find that the prediction was correct.
(This is behind --enable-snap-start because the SSLHostInfo's aren't
created otherwise.)
BUG=none
TEST=net_unittests
http://codereview.chromium.org/4147003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@64258 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_host_info.h')
| -rw-r--r-- | net/socket/ssl_host_info.h | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/net/socket/ssl_host_info.h b/net/socket/ssl_host_info.h index 6d545a9..f919281 100644 --- a/net/socket/ssl_host_info.h +++ b/net/socket/ssl_host_info.h @@ -78,14 +78,17 @@ class SSLHostInfo { const State& state() const; State* mutable_state(); - // This is true if state().certs.size() > 0 and state().certs[0] has been - // verified for |hostname_|. - bool cert_valid() const; - // If |cert_valid()| returns true, then this contains the result of verifying // the certificate. const CertVerifyResult& cert_verify_result() const; + // WaitForCertVerification returns ERR_IO_PENDING if the certificate chain in + // |state().certs| is still being validated and arranges for the given + // callback to be called when the verification completes. If the verification has + // already finished then WaitForCertVerification returns the result of that + // verification. + int WaitForCertVerification(CompletionCallback* callback); + protected: // Parse parses an opaque blob of data and fills out the public member fields // of this object. It returns true iff the parse was successful. The public @@ -100,7 +103,10 @@ class SSLHostInfo { // This is the hostname that we'll validate the certificates against. const std::string hostname_; - bool cert_valid_; // see the comments for |cert_valid|. + bool cert_verification_complete_; + bool cert_parsing_failed_; + int cert_verification_result_; + CompletionCallback* cert_verification_callback_; // These two members are taken from the SSLConfig. bool rev_checking_enabled_; bool verify_ev_cert_; |