• Home
Name Date Size #Lines LOC

..--

internal/03-May-2024-9,0326,114

pki/03-May-2024-24,96615,332

BUILD.gnD03-May-2024890 2923

DIR_METADATAD03-May-2024414 1110

README.mdD03-May-20241.9 KiB4333

asn1_util.ccD03-May-202410.6 KiB332192

asn1_util.hD03-May-20243.4 KiB7425

caching_cert_verifier.ccD03-May-20247.5 KiB201109

caching_cert_verifier.hD03-May-20246 KiB15081

caching_cert_verifier_unittest.ccD03-May-202413.4 KiB359287

cert_and_ct_verifier.ccD03-May-20243.3 KiB8452

cert_and_ct_verifier.hD03-May-20242 KiB5936

cert_and_ct_verifier_unittest.ccD03-May-202413.9 KiB361261

cert_database.ccD03-May-20241.5 KiB5231

cert_database.hD03-May-20243.3 KiB10246

cert_database_mac.ccD03-May-20244.8 KiB14894

cert_net_fetcher.hD03-May-20243.1 KiB9542

cert_status_flags.ccD03-May-20243.8 KiB10481

cert_status_flags.hD03-May-20241.8 KiB4918

cert_status_flags_list.hD03-May-20241.9 KiB4821

cert_type.hD03-May-2024900 2912

cert_verifier.ccD03-May-20245.5 KiB151122

cert_verifier.hD03-May-202410.3 KiB250102

cert_verifier_unittest.ccD03-May-20245.7 KiB141109

cert_verify_proc.ccD03-May-202434.2 KiB911636

cert_verify_proc.hD03-May-202410.7 KiB263127

cert_verify_proc_android.ccD03-May-202415.4 KiB390266

cert_verify_proc_android.hD03-May-20241.4 KiB4628

cert_verify_proc_android_unittest.ccD03-May-202414.2 KiB341240

cert_verify_proc_blocklist.incD03-May-202430.7 KiB428425

cert_verify_proc_builtin.ccD03-May-202436.9 KiB959657

cert_verify_proc_builtin.hD03-May-20242.3 KiB7148

cert_verify_proc_builtin_unittest.ccD03-May-202431.8 KiB798578

cert_verify_proc_ios.ccD03-May-202419.8 KiB524386

cert_verify_proc_ios.hD03-May-20241.8 KiB5529

cert_verify_proc_unittest.ccD03-May-2024237.7 KiB6,1394,302

cert_verify_result.ccD03-May-20242.6 KiB9366

cert_verify_result.hD03-May-20244.3 KiB11236

client_cert_verifier.hD03-May-20241.1 KiB4323

coalescing_cert_verifier.ccD03-May-202418.2 KiB482273

coalescing_cert_verifier.hD03-May-20243.2 KiB8741

coalescing_cert_verifier_unittest.ccD03-May-202423.8 KiB597373

crl_set.ccD03-May-202414.5 KiB462305

crl_set.hD03-May-20245.3 KiB13353

crl_set_fuzzer.ccD03-May-20241 KiB3422

crl_set_unittest.ccD03-May-20249.4 KiB221175

ct_log_response_parser.ccD03-May-20244.3 KiB13098

ct_log_response_parser.hD03-May-20241 KiB3418

ct_log_response_parser_unittest.ccD03-May-20245.7 KiB156116

ct_log_verifier.ccD03-May-202411.2 KiB321199

ct_log_verifier.hD03-May-20244 KiB10350

ct_log_verifier_unittest.ccD03-May-202430.2 KiB759534

ct_log_verifier_util.ccD03-May-2024798 3018

ct_log_verifier_util.hD03-May-2024600 239

ct_objects_extractor.ccD03-May-202416.2 KiB427306

ct_objects_extractor.hD03-May-20242.7 KiB6122

ct_objects_extractor_unittest.ccD03-May-20247.3 KiB193137

ct_policy_enforcer.ccD03-May-2024496 1910

ct_policy_enforcer.hD03-May-20241.9 KiB6230

ct_policy_status.hD03-May-20241.2 KiB3413

ct_sct_to_string.ccD03-May-20242.1 KiB7967

ct_sct_to_string.hD03-May-20241.2 KiB3716

ct_serialization.ccD03-May-202413.8 KiB401324

ct_serialization.hD03-May-20244.2 KiB10141

ct_serialization_unittest.ccD03-May-20249.9 KiB273197

ct_signed_certificate_timestamp_log_param.ccD03-May-20243 KiB9764

ct_signed_certificate_timestamp_log_param.hD03-May-20241.2 KiB3314

ct_verifier.hD03-May-20241.9 KiB4620

decode_signed_certificate_timestamp_fuzzer.ccD03-May-2024667 2113

do_nothing_ct_verifier.ccD03-May-2024684 2515

do_nothing_ct_verifier.hD03-May-20242.9 KiB6720

ev_root_ca_metadata.ccD03-May-20244.6 KiB165115

ev_root_ca_metadata.hD03-May-20242.3 KiB8044

ev_root_ca_metadata_unittest.ccD03-May-20243.6 KiB10057

known_roots.ccD03-May-20241.7 KiB6141

known_roots.hD03-May-20241.1 KiB3312

known_roots_nss.ccD03-May-20242.1 KiB5830

known_roots_nss.hD03-May-2024571 218

known_roots_unittest.ccD03-May-20241.2 KiB4429

merkle_audit_proof.ccD03-May-20241.3 KiB4224

merkle_audit_proof.hD03-May-20241.5 KiB4922

merkle_audit_proof_unittest.ccD03-May-20242 KiB5235

merkle_consistency_proof.ccD03-May-2024652 2414

merkle_consistency_proof.hD03-May-20241 KiB4221

merkle_tree_leaf.ccD03-May-20241.7 KiB5538

merkle_tree_leaf.hD03-May-20242.3 KiB7027

merkle_tree_leaf_unittest.ccD03-May-20244.1 KiB13191

mock_cert_net_fetcher.ccD03-May-20241.5 KiB4831

mock_cert_net_fetcher.hD03-May-20242.3 KiB7042

mock_cert_verifier.ccD03-May-20245 KiB172132

mock_cert_verifier.hD03-May-20243.5 KiB10760

mock_client_cert_verifier.ccD03-May-20241.1 KiB4226

mock_client_cert_verifier.hD03-May-20241.8 KiB5627

multi_log_ct_verifier.ccD03-May-20247.6 KiB219162

multi_log_ct_verifier.hD03-May-20243.3 KiB10063

multi_log_ct_verifier_unittest.ccD03-May-20249.7 KiB276213

multi_threaded_cert_verifier.ccD03-May-202411.4 KiB301208

multi_threaded_cert_verifier.hD03-May-20243.1 KiB9356

multi_threaded_cert_verifier_unittest.ccD03-May-202414.6 KiB396312

nss_cert_database.ccD03-May-202422 KiB638460

nss_cert_database.hD03-May-202414.3 KiB355141

nss_cert_database_chromeos.ccD03-May-20245.3 KiB150108

nss_cert_database_chromeos.hD03-May-20242.9 KiB7739

nss_cert_database_chromeos_unittest.ccD03-May-202414 KiB368260

nss_cert_database_unittest.ccD03-May-202448.7 KiB1,218918

nss_profile_filter_chromeos.ccD03-May-20244.3 KiB11783

nss_profile_filter_chromeos.hD03-May-20241.8 KiB5124

nss_profile_filter_chromeos_unittest.ccD03-May-20248.4 KiB211171

ocsp_revocation_status.hD03-May-2024519 2211

ocsp_verify_result.ccD03-May-2024727 2514

ocsp_verify_result.hD03-May-20242.5 KiB7628

pem.ccD03-May-20244.1 KiB13990

pem.hD03-May-20243 KiB8732

pem_unittest.ccD03-May-20246 KiB206164

root_cert_list_generated.hD03-May-2024136.6 KiB3,8343,808

root_store.protoD03-May-20241.2 KiB3829

scoped_nss_types.hD03-May-2024629 2916

sct_auditing_delegate.hD03-May-2024870 3118

sct_status_flags.ccD03-May-2024559 2415

sct_status_flags.hD03-May-20241.6 KiB5016

signed_certificate_timestamp.ccD03-May-20243.2 KiB9877

signed_certificate_timestamp.hD03-May-20244.5 KiB15287

signed_certificate_timestamp_and_status.ccD03-May-2024828 2614

signed_certificate_timestamp_and_status.hD03-May-20241.1 KiB3923

signed_certificate_timestamp_unittest.ccD03-May-20241.7 KiB6240

signed_tree_head.ccD03-May-20242.1 KiB6245

signed_tree_head.hD03-May-20241.8 KiB6137

symantec_certs.ccD03-May-202415.3 KiB241226

symantec_certs.hD03-May-20241.8 KiB4314

symantec_certs_unittest.ccD03-May-20242.1 KiB5435

test_keychain_search_list_mac.ccD03-May-20241.4 KiB5635

test_keychain_search_list_mac.hD03-May-20241.4 KiB4922

test_root_certs.ccD03-May-20243.3 KiB12790

test_root_certs.hD03-May-20246 KiB17889

test_root_certs_android.ccD03-May-2024791 3320

test_root_certs_builtin.ccD03-May-2024409 209

test_root_certs_ios.ccD03-May-20241.5 KiB5941

test_root_certs_unittest.ccD03-May-202411.7 KiB280197

test_root_certs_win.ccD03-May-20248.9 KiB213118

trial_comparison_cert_verifier.ccD03-May-202422.7 KiB627406

trial_comparison_cert_verifier.hD03-May-20245.6 KiB14376

trial_comparison_cert_verifier_unittest.ccD03-May-2024105.6 KiB2,5802,000

trial_comparison_cert_verifier_util.ccD03-May-20249 KiB234158

trial_comparison_cert_verifier_util.hD03-May-20241.8 KiB5033

x509_cert_types.ccD03-May-20243.4 KiB9681

x509_cert_types.hD03-May-20241.7 KiB5428

x509_cert_types_unittest.ccD03-May-20243.9 KiB10283

x509_certificate.ccD03-May-202426.2 KiB766568

x509_certificate.hD03-May-202413.6 KiB321128

x509_certificate_net_log_param.ccD03-May-2024723 2818

x509_certificate_net_log_param.hD03-May-2024617 2612

x509_certificate_unittest.ccD03-May-202456.3 KiB1,3711,040

x509_util.ccD03-May-202418.4 KiB537442

x509_util.hD03-May-20246.5 KiB18288

x509_util_android.ccD03-May-2024421 178

x509_util_apple.ccD03-May-20246.2 KiB176142

x509_util_apple.hD03-May-20243.2 KiB8037

x509_util_apple_unittest.ccD03-May-20248.6 KiB205160

x509_util_nss.ccD03-May-202414.7 KiB448368

x509_util_nss.hD03-May-20247.6 KiB17165

x509_util_nss_unittest.ccD03-May-202417.5 KiB450364

x509_util_unittest.ccD03-May-202444.3 KiB806698

x509_util_win.ccD03-May-20244.6 KiB12491

x509_util_win.hD03-May-20242.7 KiB6829

README.md

1# Certificate verification
2
3This directory contains the core code for verifying server certificates.
4Limited support is also included for verifying client certificates, but only to
5the extent they chain to a server-supplied set of issuers.
6
7Server certificate verification emphasizes the standards/policy for
8publicly trusted certificates:
9
10 * Basic X.509 digital certificates
11 * RFC 5280
12 * CA/Browser Forum Baseline Requirements
13 * CRLSets
14 * Certificate Transparency
15
16The core logic of certificate verification is implemented synchronously, as it
17may need to integrate with synchronous OS-provided APIs. This synchronous
18implementation is performed through the [CertVerifyProc](cert_verify_proc.h)
19interface, which is a thread-agnostic/thread-safe interface that can be used to
20verify certificates synchronously on arbitrary worker threads.
21
22The top-level interface for verifying server certificates is the asynchronous
23[CertVerifier](cert_verifier.h).
24
25[MultiThreadedCertVerifier](multi_threaded_cert_verifier.h) is an
26implementation of `CertVerifier` that executes `CertVerifyProc` synchronously
27on worker threads.
28
29[CertVerifyProcBuiltin](cert_verify_proc_builtin.h) is a cross-platform
30implementation which implements path building internally. It only relies on
31platform integrations for obtaining the trusted root certificates.
32
33The other `CertVerifyProc` implementations are for integrating
34with the underlying platform's certificate verification library. For example,
35[CertVerifyProcWin](cert_verify_proc_win.h) delegates
36certificate verification to Windows' CryptoAPI.
37
38Browser-specific policy checks are applied even when using the platform's
39certificate verifier. For instance, a certificate chain the OS deemed valid
40could ultimately be rejected by `CertVerifyProc` since it independently
41checks the chain for CRLSet revocation, use of weak keys, Baseline Requirements
42validity, name constraints, weak signature algorithms, and more.
43