1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_CERT_VERIFY_PROC_NSS_H_ 6 #define NET_CERT_CERT_VERIFY_PROC_NSS_H_ 7 8 #include <certt.h> 9 10 #include "net/base/net_export.h" 11 #include "net/cert/cert_verify_proc.h" 12 13 namespace net { 14 15 // Performs certificate path construction and validation using NSS's libpkix. 16 class NET_EXPORT_PRIVATE CertVerifyProcNSS : public CertVerifyProc { 17 public: 18 CertVerifyProcNSS(); 19 20 virtual bool SupportsAdditionalTrustAnchors() const OVERRIDE; 21 22 protected: 23 virtual ~CertVerifyProcNSS(); 24 25 // Like VerifyInternal, but adds a |chain_verify_callback| to override trust 26 // decisions. See the documentation for CERTChainVerifyCallback and 27 // CERTChainVerifyCallbackFunc in NSS's lib/certdb/certt.h. 28 int VerifyInternalImpl(X509Certificate* cert, 29 const std::string& hostname, 30 int flags, 31 CRLSet* crl_set, 32 const CertificateList& additional_trust_anchors, 33 CERTChainVerifyCallback* chain_verify_callback, 34 CertVerifyResult* verify_result); 35 36 private: 37 virtual int VerifyInternal(X509Certificate* cert, 38 const std::string& hostname, 39 int flags, 40 CRLSet* crl_set, 41 const CertificateList& additional_trust_anchors, 42 CertVerifyResult* verify_result) OVERRIDE; 43 }; 44 45 } // namespace net 46 47 #endif // NET_CERT_CERT_VERIFY_PROC_NSS_H_ 48