// Copyright 2017 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/cert/internal/revocation_checker.h" #include <optional> #include <string> #include <string_view> #include "base/logging.h" #include "crypto/sha2.h" #include "net/cert/cert_net_fetcher.h" #include "third_party/boringssl/src/pki/common_cert_errors.h" #include "third_party/boringssl/src/pki/crl.h" #include "third_party/boringssl/src/pki/ocsp.h" #include "third_party/boringssl/src/pki/ocsp_verify_result.h" #include "third_party/boringssl/src/pki/parsed_certificate.h" #include "third_party/boringssl/src/pki/trust_store.h" #include "url/gurl.h" namespace net { namespace { void MarkCertificateRevoked(bssl::CertErrors* errors) { … } // Checks the revocation status of |certs[target_cert_index]| according to // |policy|. If the checks failed, returns false and adds errors to // |cert_errors|. // // TODO(eroman): Make the verification time an input. bool CheckCertRevocation(const bssl::ParsedCertificateList& certs, size_t target_cert_index, const RevocationPolicy& policy, base::TimeTicks deadline, std::string_view stapled_ocsp_response, std::optional<int64_t> max_age_seconds, CertNetFetcher* net_fetcher, bssl::CertErrors* cert_errors, bssl::OCSPVerifyResult* stapled_ocsp_verify_result) { … } } // namespace void CheckValidatedChainRevocation( const bssl::ParsedCertificateList& certs, const RevocationPolicy& policy, base::TimeTicks deadline, std::string_view stapled_leaf_ocsp_response, CertNetFetcher* net_fetcher, bssl::CertPathErrors* errors, bssl::OCSPVerifyResult* stapled_ocsp_verify_result) { … } CRLSet::Result CheckChainRevocationUsingCRLSet( const CRLSet* crl_set, const bssl::ParsedCertificateList& certs, bssl::CertPathErrors* errors) { … } } // namespace net
Codebase Browser
chromium