• Home
Name Date Size #Lines LOC

..--

internal/06-Sep-2024-8,2815,563

BUILD.gnD06-Sep-2024919 3024

DIR_METADATAD06-Sep-2024414 1110

README.mdD06-Sep-20242.1 KiB4636

asn1_util.ccD06-Sep-202411.2 KiB349209

asn1_util.hD06-Sep-20243.4 KiB7425

caching_cert_verifier.ccD06-Sep-20247.7 KiB204109

caching_cert_verifier.hD06-Sep-20246 KiB15081

caching_cert_verifier_unittest.ccD06-Sep-202413.4 KiB359287

cert_and_ct_verifier.ccD06-Sep-20243.3 KiB8452

cert_and_ct_verifier.hD06-Sep-20242 KiB5936

cert_and_ct_verifier_unittest.ccD06-Sep-202413.8 KiB360260

cert_database.ccD06-Sep-20242.1 KiB6638

cert_database.hD06-Sep-20243.4 KiB10143

cert_database_mac.ccD06-Sep-20242.8 KiB9458

cert_database_unittest.ccD06-Sep-20242.9 KiB9570

cert_net_fetcher.hD06-Sep-20243.1 KiB9542

cert_status_flags.ccD06-Sep-20243.8 KiB10481

cert_status_flags.hD06-Sep-20241.8 KiB4918

cert_status_flags_list.hD06-Sep-20241.9 KiB4820

cert_type.hD06-Sep-2024900 2912

cert_verifier.ccD06-Sep-20245.3 KiB148119

cert_verifier.hD06-Sep-20249.8 KiB239101

cert_verifier_unittest.ccD06-Sep-20245.7 KiB141109

cert_verify_proc.ccD06-Sep-202432.2 KiB851584

cert_verify_proc.hD06-Sep-202411.3 KiB279138

cert_verify_proc_android.ccD06-Sep-202415.3 KiB387264

cert_verify_proc_android.hD06-Sep-20241.3 KiB4326

cert_verify_proc_android_unittest.ccD06-Sep-202413.9 KiB340239

cert_verify_proc_blocklist.incD06-Sep-202431.3 KiB436433

cert_verify_proc_builtin.ccD06-Sep-202437.6 KiB974673

cert_verify_proc_builtin.hD06-Sep-20241.1 KiB3720

cert_verify_proc_builtin_unittest.ccD06-Sep-202436.1 KiB909664

cert_verify_proc_ios.ccD06-Sep-202420 KiB522385

cert_verify_proc_ios.hD06-Sep-20241.6 KiB5227

cert_verify_proc_unittest.ccD06-Sep-2024237.1 KiB6,1074,257

cert_verify_result.ccD06-Sep-20242.1 KiB7150

cert_verify_result.hD06-Sep-20243.8 KiB10234

client_cert_verifier.hD06-Sep-20241.1 KiB4323

coalescing_cert_verifier.ccD06-Sep-202418.2 KiB482273

coalescing_cert_verifier.hD06-Sep-20243.2 KiB8741

coalescing_cert_verifier_unittest.ccD06-Sep-202423.8 KiB597373

crl_set.ccD06-Sep-202414.5 KiB462305

crl_set.hD06-Sep-20245.3 KiB13353

crl_set_fuzzer.ccD06-Sep-20241 KiB3422

crl_set_unittest.ccD06-Sep-20249.4 KiB221175

ct_log_response_parser.ccD06-Sep-20244.3 KiB13199

ct_log_response_parser.hD06-Sep-20241 KiB3418

ct_log_response_parser_unittest.ccD06-Sep-20245.7 KiB156116

ct_log_verifier.ccD06-Sep-202411.2 KiB321199

ct_log_verifier.hD06-Sep-20244 KiB10350

ct_log_verifier_unittest.ccD06-Sep-202430.2 KiB759534

ct_log_verifier_util.ccD06-Sep-2024798 3018

ct_log_verifier_util.hD06-Sep-2024600 239

ct_objects_extractor.ccD06-Sep-202416 KiB422304

ct_objects_extractor.hD06-Sep-20242.9 KiB6624

ct_objects_extractor_unittest.ccD06-Sep-20247.3 KiB193137

ct_policy_enforcer.ccD06-Sep-2024496 1910

ct_policy_enforcer.hD06-Sep-20241.9 KiB6230

ct_policy_status.hD06-Sep-20241.2 KiB3413

ct_sct_to_string.ccD06-Sep-20242.1 KiB7967

ct_sct_to_string.hD06-Sep-20241.2 KiB3716

ct_serialization.ccD06-Sep-202414 KiB412334

ct_serialization.hD06-Sep-20244.2 KiB10242

ct_serialization_unittest.ccD06-Sep-20249.9 KiB273197

ct_signed_certificate_timestamp_log_param.ccD06-Sep-20243 KiB9764

ct_signed_certificate_timestamp_log_param.hD06-Sep-20241.2 KiB3314

ct_verifier.hD06-Sep-20241.6 KiB4219

decode_signed_certificate_timestamp_fuzzer.ccD06-Sep-2024667 2113

do_nothing_ct_verifier.ccD06-Sep-2024652 2414

do_nothing_ct_verifier.hD06-Sep-20242.9 KiB6619

ev_root_ca_metadata.ccD06-Sep-20244.6 KiB166116

ev_root_ca_metadata.hD06-Sep-20242.3 KiB8044

ev_root_ca_metadata_unittest.ccD06-Sep-20243.5 KiB9453

known_roots.ccD06-Sep-20241.7 KiB6141

known_roots.hD06-Sep-20241.1 KiB3312

known_roots_unittest.ccD06-Sep-20241.2 KiB4429

merkle_audit_proof.ccD06-Sep-20241.3 KiB4224

merkle_audit_proof.hD06-Sep-20241.5 KiB4922

merkle_audit_proof_unittest.ccD06-Sep-20242 KiB5235

merkle_consistency_proof.ccD06-Sep-2024652 2414

merkle_consistency_proof.hD06-Sep-20241 KiB4221

merkle_tree_leaf.ccD06-Sep-20241.7 KiB5538

merkle_tree_leaf.hD06-Sep-20242.3 KiB7027

merkle_tree_leaf_unittest.ccD06-Sep-20244.1 KiB13191

mock_cert_net_fetcher.ccD06-Sep-20241.5 KiB4831

mock_cert_net_fetcher.hD06-Sep-20242.3 KiB7042

mock_cert_verifier.ccD06-Sep-20245 KiB172132

mock_cert_verifier.hD06-Sep-20243.5 KiB10760

mock_client_cert_verifier.ccD06-Sep-20241.1 KiB4226

mock_client_cert_verifier.hD06-Sep-20241.8 KiB5627

multi_log_ct_verifier.ccD06-Sep-20247.1 KiB206152

multi_log_ct_verifier.hD06-Sep-20243.2 KiB9760

multi_log_ct_verifier_unittest.ccD06-Sep-20249.5 KiB274211

multi_threaded_cert_verifier.ccD06-Sep-20249.4 KiB260185

multi_threaded_cert_verifier.hD06-Sep-20242.7 KiB8150

multi_threaded_cert_verifier_unittest.ccD06-Sep-202414.6 KiB396312

nss_cert_database.ccD06-Sep-202423.7 KiB682492

nss_cert_database.hD06-Sep-202414.5 KiB360147

nss_cert_database_chromeos.ccD06-Sep-20245.3 KiB150108

nss_cert_database_chromeos.hD06-Sep-20242.9 KiB7739

nss_cert_database_chromeos_unittest.ccD06-Sep-202414.3 KiB375267

nss_cert_database_unittest.ccD06-Sep-202453.5 KiB1,3481,004

nss_profile_filter_chromeos.ccD06-Sep-20244.3 KiB11783

nss_profile_filter_chromeos.hD06-Sep-20241.8 KiB5124

nss_profile_filter_chromeos_unittest.ccD06-Sep-20248.4 KiB211171

root_cert_list_generated.hD06-Sep-2024136.6 KiB3,8343,808

root_store.protoD06-Sep-20241.2 KiB3829

scoped_nss_types.hD06-Sep-2024629 2916

sct_auditing_delegate.hD06-Sep-2024870 3118

sct_status_flags.ccD06-Sep-2024559 2415

sct_status_flags.hD06-Sep-20241.6 KiB5016

signed_certificate_timestamp.ccD06-Sep-20243.2 KiB9877

signed_certificate_timestamp.hD06-Sep-20244.5 KiB15287

signed_certificate_timestamp_and_status.ccD06-Sep-2024828 2614

signed_certificate_timestamp_and_status.hD06-Sep-20241.1 KiB3923

signed_certificate_timestamp_unittest.ccD06-Sep-20241.7 KiB6240

signed_tree_head.ccD06-Sep-20242.1 KiB6245

signed_tree_head.hD06-Sep-20241.8 KiB6137

symantec_certs.ccD06-Sep-202415.3 KiB241226

symantec_certs.hD06-Sep-20241.8 KiB4314

symantec_certs_unittest.ccD06-Sep-20242.1 KiB5435

test_keychain_search_list_mac.ccD06-Sep-20241.4 KiB5635

test_keychain_search_list_mac.hD06-Sep-20241.4 KiB4922

test_root_certs.ccD06-Sep-20243.6 KiB13295

test_root_certs.hD06-Sep-20245.7 KiB17084

test_root_certs_android.ccD06-Sep-2024791 3320

test_root_certs_builtin.ccD06-Sep-2024409 209

test_root_certs_ios.ccD06-Sep-20241.5 KiB6042

test_root_certs_unittest.ccD06-Sep-202411.7 KiB281198

time_conversions.ccD06-Sep-20241,022 3221

time_conversions.hD06-Sep-20241.1 KiB3919

time_conversions_unittest.ccD06-Sep-20244.4 KiB12497

x509_cert_types.ccD06-Sep-20243.4 KiB9779

x509_cert_types.hD06-Sep-20242.1 KiB6330

x509_cert_types_unittest.ccD06-Sep-20244 KiB10283

x509_certificate.ccD06-Sep-202427.2 KiB778574

x509_certificate.hD06-Sep-202414.4 KiB341139

x509_certificate_net_log_param.ccD06-Sep-2024723 2818

x509_certificate_net_log_param.hD06-Sep-2024617 2612

x509_certificate_unittest.ccD06-Sep-202459.5 KiB1,4481,105

x509_util.ccD06-Sep-202418.8 KiB545448

x509_util.hD06-Sep-20246.5 KiB18288

x509_util_android.ccD06-Sep-2024564 2111

x509_util_apple.ccD06-Sep-20246.4 KiB180146

x509_util_apple.hD06-Sep-20243.3 KiB8239

x509_util_apple_unittest.ccD06-Sep-20248.7 KiB206161

x509_util_nss.ccD06-Sep-202414.7 KiB449369

x509_util_nss.hD06-Sep-20247.6 KiB17165

x509_util_nss_unittest.ccD06-Sep-202417 KiB447360

x509_util_unittest.ccD06-Sep-202444.3 KiB806698

x509_util_win.ccD06-Sep-20244.6 KiB12491

x509_util_win.hD06-Sep-20242.7 KiB6829

README.md

1# Certificate verification
2
3This directory contains the core code for verifying server certificates.
4Limited support is also included for verifying client certificates, but only to
5the extent they chain to a server-supplied set of issuers.
6
7Server certificate verification emphasizes the standards/policy for
8publicly trusted certificates:
9
10 * Basic X.509 digital certificates
11 * RFC 5280
12 * CA/Browser Forum Baseline Requirements
13 * CRLSets
14 * Certificate Transparency
15
16The core logic of certificate verification is implemented synchronously, as it
17may need to integrate with synchronous OS-provided APIs. This synchronous
18implementation is performed through the [CertVerifyProc](cert_verify_proc.h)
19interface, which is a thread-agnostic/thread-safe interface that can be used to
20verify certificates synchronously on arbitrary worker threads.
21
22The top-level interface for verifying server certificates is the asynchronous
23[CertVerifier](cert_verifier.h).
24
25[MultiThreadedCertVerifier](multi_threaded_cert_verifier.h) is an
26implementation of `CertVerifier` that executes `CertVerifyProc` synchronously
27on worker threads.
28
29[CertVerifyProcBuiltin](cert_verify_proc_builtin.h) is a cross-platform
30implementation which implements path building internally. It only relies on
31platform integrations for obtaining user and enterprise configured trusted root
32certificates. The publicly trusted root certificates are supplied by the
33[Chrome Root Store](../data/ssl/chrome_root_store/README.md).
34
35The other `CertVerifyProc` implementations are for integrating
36with the underlying platform's certificate verification library.
37There are 2 platform implementations:
38[CertVerifyProcAndroid](cert_verify_proc_android.h) and
39[CertVerifyProcIOS](cert_verify_proc_ios.h).
40
41Browser-specific policy checks are applied even when using the platform's
42certificate verifier. For instance, a certificate chain the OS deemed valid
43could ultimately be rejected by `CertVerifyProc` since it independently
44checks the chain for CRLSet revocation, use of weak keys, Baseline Requirements
45validity, name constraints, weak signature algorithms, and more.
46