Allow certificate revocation checking to be enabled/disabled independent of the OS settings on OS X.

R=agl BUG=78523, 79533 TEST=See bug for test case Review URL: http://codereview.chromium.org/6824069 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81702 0039d316-1c4b-4281-b951-d872f2087c98
author: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-04-15 05:02:27 +0000
committer: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-04-15 05:02:27 +0000
commit: 84bfe14746393de3041b7a906aa69c5ac298d04b (patch)
tree: 9094d62e1c1e2da2dc8d9439d6ee867ab20647b6 /third_party/apple_apsl
parent: 52d3effc94111150965c9b386ab564e5c04e862b (diff)
download: chromium_src-84bfe14746393de3041b7a906aa69c5ac298d04b.zip
chromium_src-84bfe14746393de3041b7a906aa69c5ac298d04b.tar.gz
chromium_src-84bfe14746393de3041b7a906aa69c5ac298d04b.tar.bz2
2 files changed, 94 insertions, 1 deletions
diff --git a/third_party/apple_apsl/README.chromium b/third_party/apple_apsl/README.chromium
index c64b81f..b2d1ca9 100644
--- a/third_party/apple_apsl/README.chromium
+++ b/third_party/apple_apsl/README.chromium
@@ -1,7 +1,9 @@
 Name: Darwin
 URL: http://www.opensource.apple.com/
+Version: unknown
+Security Critical: yes
 
-Three files are excerpted here:
+Four files are excerpted here:
 
 malloc.h from:
 http://www.opensource.apple.com/source/Libc/Libc-583/include/malloc/malloc.h
@@ -32,3 +34,10 @@ Modifications:
 - Renamed __CFAllocator to ChromeCFAllocator9and10 to avoid possible name
   conflicts.
 - Added a presumed definition of ChromeCFAllocator11.
+
+cssmapplePriv.h from:
+http://www.opensource.apple.com/source/libsecurity_cssm/libsecurity_cssm-31536/lib/cssmapplePriv.h
+
+Modifications:
+- Removed unneeded definitions for internal Apple CSP DL enums and structs
+- Added a comment explaining its usage
+\ No newline at end of file
diff --git a/third_party/apple_apsl/cssmapplePriv.h b/third_party/apple_apsl/cssmapplePriv.h
new file mode 100644
index 0000000..45151d6
--- /dev/null
+++ b/third_party/apple_apsl/cssmapplePriv.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2000-2004 Apple Computer, Inc. All Rights Reserved.
+ * 
+ * @APPLE_LICENSE_HEADER_START@
+ * 
+ * This file contains Original Code and/or Modifications of Original Code
+ * as defined in and that are subject to the Apple Public Source License
+ * Version 2.0 (the 'License'). You may not use this file except in
+ * compliance with the License. Please obtain a copy of the License at
+ * http://www.opensource.apple.com/apsl/ and read it before using this
+ * file.
+ * 
+ * The Original Code and all software distributed under the License are
+ * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
+ * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
+ * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
+ * Please see the License for the specific language governing rights and
+ * limitations under the License.
+ * 
+ * @APPLE_LICENSE_HEADER_END@
+ *
+ * cssmapplePriv.h -- Private CSSM features specific to Apple's Implementation
+ */
+
+/* Though this is a private header, it is the recommended means by Apple for
+ * configuring OCSP options, as the required structures that are documented
+ * as part of their public API, at:
+ * http://developer.apple.com/documentation/Security/Reference/SecAppleTrustPolicyModuleSpec/Apple_Trust_Policy_Module_Functional_Specification.pdf
+ * See also http://lists.apple.com/archives/apple-cdsa/2008/Aug/msg00008.html
+ */
+ 
+#ifndef _CSSMAPPLE_PRIV_H_
+#define _CSSMAPPLE_PRIV_H_  1
+
+#include <Security/cssmtype.h>
+#include <Security/cssmapple.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+ 
+/* 
+ * Options for X509TP's CSSM_TP_CertGroupVerify for policy 
+ * CSSMOID_APPLE_TP_REVOCATION_OCSP. A pointer to, and length of, one 
+ * of these is optionally placed in 
+ * CSSM_TP_VERIFY_CONTEXT.Cred->Policy.PolicyIds[n].FieldValue.
+ */
+
+#define CSSM_APPLE_TP_OCSP_OPTS_VERSION		0
+
+typedef uint32 CSSM_APPLE_TP_OCSP_OPT_FLAGS;
+enum {
+	// require OCSP verification for each cert; default is "try"
+	CSSM_TP_ACTION_OCSP_REQUIRE_PER_CERT			= 0x00000001,
+	// require OCSP verification for certs which claim an OCSP responder
+	CSSM_TP_ACTION_OCSP_REQUIRE_IF_RESP_PRESENT 	= 0x00000002,
+	// disable network OCSP transactions
+	CSSM_TP_ACTION_OCSP_DISABLE_NET					= 0x00000004,
+	// disable reads from local OCSP cache
+	CSSM_TP_ACTION_OCSP_CACHE_READ_DISABLE			= 0x00000008,
+	// disable reads from local OCSP cache
+	CSSM_TP_ACTION_OCSP_CACHE_WRITE_DISABLE			= 0x00000010,
+	// if set and positive OCSP verify for given cert, no further revocation
+	// checking need be done on that cert
+	CSSM_TP_ACTION_OCSP_SUFFICIENT					= 0x00000020,
+	// generate nonce in OCSP request
+	CSSM_TP_OCSP_GEN_NONCE							= 0x00000040,
+	// when generating nonce, require matching nonce in response
+	CSSM_TP_OCSP_REQUIRE_RESP_NONCE					= 0x00000080
+};
+
+typedef struct {
+	uint32							Version;	
+	CSSM_APPLE_TP_OCSP_OPT_FLAGS	Flags;
+	CSSM_DATA_PTR					LocalResponder;		/* URI */
+	CSSM_DATA_PTR					LocalResponderCert;	/* X509 DER encoded cert */
+} CSSM_APPLE_TP_OCSP_OPTIONS;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif	/* _CSSMAPPLE_PRIV_H_ */
author	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-04-15 05:02:27 +0000
committer	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-04-15 05:02:27 +0000
commit	84bfe14746393de3041b7a906aa69c5ac298d04b (patch)
tree	9094d62e1c1e2da2dc8d9439d6ee867ab20647b6 /third_party/apple_apsl
parent	52d3effc94111150965c9b386ab564e5c04e862b (diff)
download	chromium_src-84bfe14746393de3041b7a906aa69c5ac298d04b.zip chromium_src-84bfe14746393de3041b7a906aa69c5ac298d04b.tar.gz chromium_src-84bfe14746393de3041b7a906aa69c5ac298d04b.tar.bz2