summaryrefslogtreecommitdiffstats
path: root/net/base/cert_verify_result.h
Commit message (Collapse)AuthorAgeFilesLines
* net: Add NET_API to net/baservargas@google.com2011-05-181-1/+2
| | | | | | | | BUG=76997 TEST=NONE Review URL: http://codereview.chromium.org/6969077 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@85785 0039d316-1c4b-4281-b951-d872f2087c98
* Another attempt at fixing Clang build after r81259agl@chromium.org2011-04-121-0/+1
| | | | | | | | | | | | | | (First attempt in r81260.) In file included from ./net/base/cert_verifier.h:16: ./net/base/cert_verify_result.h:17:1: error: [chromium-style] Complex class/struct needs a declared destructor. class CertVerifyResult { ^ BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81262 0039d316-1c4b-4281-b951-d872f2087c98
* Fix Clang build after r81259agl@chromium.org2011-04-121-12/+3
| | | | | | | | | | | | | | | In file included from ./net/base/cert_verifier.h:16: ./net/base/cert_verify_result.h:19:3: error: [chromium-style] Complex constructor has an inlined body. CertVerifyResult() { Reset(); } ^ ./net/base/cert_verify_result.h:17:1: error: [chromium-style] Complex class/struct needs a declared destructor. class CertVerifyResult { ^ BUG=none TEST=none git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81260 0039d316-1c4b-4281-b951-d872f2087c98
* net: add support for checking if a known public key is in a chain.agl@chromium.org2011-04-121-0/+10
| | | | | | | | | | | | | | | This is intended for use with future support for HSTS or CAA pinning of certificate chains. Since we build certificate chains from a pool of certificates, and certificates get reissued with updated expiries etc, only the public keys in the chain will always match. Thus we match on SHA1 hashes of SubjectPublicKeyInfos. BUG=none TEST=net_unittests Review URL: http://codereview.chromium.org/6821010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81259 0039d316-1c4b-4281-b951-d872f2087c98
* net: add ability to distinguish user-added root CAs.agl@chromium.org2011-04-071-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | We have several places where a need to distinguish `real' root CAs from user-added root CAs will be useful: 1) Monoscope wants to inspect correctly signed, but unknown certificates, but doesn't want to deal with proxy MITM certificates. 2) HSTS is likely to add a method for pinning to a certificate, but we don't want to break every proxy MITM with it. This change adds several lists of known, `real' roots. These lists present an ongoing maintainance issue. However, in the event that the lists are incomplete in the future, we fail open. This is because roots not in these lists are treated as user-added and user-added roots have more authority than `real' roots. In some sense, this is a problem because it might be a security issue that new roots are given too much authority. On the other hand, we're not breaking things when we're behind on updating the lists so the maintainance issue isn't too pressing. BUG=none TEST=none Review URL: http://codereview.chromium.org/6793041 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80778 0039d316-1c4b-4281-b951-d872f2087c98
* https: add support for DNS exclusion and switch to TXT records.agl@chromium.org2010-08-281-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | (This code has no effect unless --enable-dnssec-certs is given.) The existing DNSSEC code will process embeded chains in certificates and validate CERT records there in. The format of the CERT record was just something made up as a proof of concept. This change switches that code to using TXT records which are at least used by some other code. Additionally, when --enable-dnssec-certs is given. TXT record lookups are triggered for each HTTPS connection. If DNSSEC secure, these lookups can validate a HTTPS certificate. Even without DNSSEC, they can by used for exclusion: if TLS fingerprints are given, but the certificate doesn't match any of them, then the certificate is rejected. The next step in this series will be to perform the TXT lookup for some percentage of dev channel users in order to measure the latency impact. For this experiment, all behavioural changes will be disabled. BUG=none TEST=net_unittests http://codereview.chromium.org/3148037/show git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57787 0039d316-1c4b-4281-b951-d872f2087c98
* `#pragma once` for app, base, chrome, gfx, ipc, net, skia, viewsthakis@chromium.org2010-07-261-0/+1
| | | | | | | | | BUG=50273 TEST=everything still builds, build is 10% faster on windows, same speed on mac/linux TBR: erg git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53716 0039d316-1c4b-4281-b951-d872f2087c98
* NO CODE CHANGEdeanm@chromium.org2009-03-111-1/+0
| | | | | | | | | Normalize end of file newlines in net/. All files end in a single newline. Review URL: http://codereview.chromium.org/43079 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11442 0039d316-1c4b-4281-b951-d872f2087c98
* Add X509Certificate::Verify stubs for Mac and Linux.wtc@chromium.org2009-02-051-4/+11
| | | | | | | | | | | | | | | | | They do nothing but return ERR_NOT_IMPLEMENTED. In SSLClientSocketWin, call X509Certificate::CreateFromHandle only once and store the result in the server_cert_ member. Add the CertVerifyResult::Reset method to clear all members. R=eroman BUG=3592 Review URL: http://codereview.chromium.org/21071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9272 0039d316-1c4b-4281-b951-d872f2087c98
* Move certificate verification off the IO thread.wtc@chromium.org2009-02-031-0/+31
Move the MapNetErrorToCertStatus and MapCertStatusToNetError functions to cert_status_flags.h so they can be shared with Mac and Linux code. Move the certificate verification function to the X509Certificate class. Right now X509Certificate::Verify is only implemented on Windows. R=eroman BUG=3592 Review URL: http://codereview.chromium.org/14915 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9084 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-01-31 07:48:14 +0000