From dedb594391d9ec31a6eac1eccbdd754ac2ce5ed7 Mon Sep 17 00:00:00 2001 From: "wtc@chromium.org" Date: Tue, 3 Feb 2009 16:51:15 +0000 Subject: Move certificate verification off the IO thread. Move the MapNetErrorToCertStatus and MapCertStatusToNetError functions to cert_status_flags.h so they can be shared with Mac and Linux code. Move the certificate verification function to the X509Certificate class. Right now X509Certificate::Verify is only implemented on Windows. R=eroman BUG=3592 Review URL: http://codereview.chromium.org/14915 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9084 0039d316-1c4b-4281-b951-d872f2087c98 --- net/base/cert_verifier.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'net/base/cert_verifier.h') diff --git a/net/base/cert_verifier.h b/net/base/cert_verifier.h index 06f7cef..051bc25 100644 --- a/net/base/cert_verifier.h +++ b/net/base/cert_verifier.h @@ -13,6 +13,7 @@ namespace net { +class CertVerifyResult; class X509Certificate; // This class represents the task of verifying a certificate. It can only @@ -35,9 +36,10 @@ class CertVerifier { // Verifies the given certificate against the given hostname. Returns OK if // successful or an error code upon failure. // - // The |cert_status| bitmask is always filled out regardless of the return - // value. If the certificate has multiple errors, the corresponding status - // flags are set in |cert_status|, and the error code for the most serious + // The |*verify_result| structure, including the |verify_result->cert_status| + // bitmask, is always filled out regardless of the return value. If the + // certificate has multiple errors, the corresponding status flags are set in + // |verify_result->cert_status|, and the error code for the most serious // error is returned. // // If |rev_checking_enabled| is true, certificate revocation checking is @@ -50,7 +52,7 @@ class CertVerifier { // be passed to the callback when available. // int Verify(X509Certificate* cert, const std::string& hostname, - bool rev_checking_enabled, int* cert_status, + bool rev_checking_enabled, CertVerifyResult* verify_result, CompletionCallback* callback); private: -- cgit v1.1