summaryrefslogtreecommitdiff
path: root/security/manager/ssl
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl')
-rw-r--r--security/manager/ssl/CSTrustDomain.cpp6
-rw-r--r--security/manager/ssl/CSTrustDomain.h6
2 files changed, 8 insertions, 4 deletions
diff --git a/security/manager/ssl/CSTrustDomain.cpp b/security/manager/ssl/CSTrustDomain.cpp
index c3b48dca28..0dd357e75d 100644
--- a/security/manager/ssl/CSTrustDomain.cpp
+++ b/security/manager/ssl/CSTrustDomain.cpp
@@ -129,7 +129,8 @@ CSTrustDomain::CheckRevocation(EndEntityOrCA endEntityOrCA,
const CertID& certID, Time time,
Duration validityDuration,
/*optional*/ const Input* stapledOCSPresponse,
- /*optional*/ const Input* aiaExtension)
+ /*optional*/ const Input* aiaExtension,
+ /*optional*/ const Input* sctExtension)
{
// We're relying solely on the CertBlocklist for revocation - and we're
// performing checks on this in GetCertTrust (as per nsNSSCertDBTrustDomain)
@@ -137,7 +138,8 @@ CSTrustDomain::CheckRevocation(EndEntityOrCA endEntityOrCA,
}
Result
-CSTrustDomain::IsChainValid(const DERArray& certChain, Time time)
+CSTrustDomain::IsChainValid(const DERArray& certChain, Time time,
+ const CertPolicyId& requiredPolicy)
{
// Check that our chain is not empty
if (certChain.GetLength() == 0) {
diff --git a/security/manager/ssl/CSTrustDomain.h b/security/manager/ssl/CSTrustDomain.h
index a1e7a21bf0..02448b7dfa 100644
--- a/security/manager/ssl/CSTrustDomain.h
+++ b/security/manager/ssl/CSTrustDomain.h
@@ -36,9 +36,11 @@ public:
const mozilla::pkix::CertID& certID, mozilla::pkix::Time time,
mozilla::pkix::Duration validityDuration,
/*optional*/ const mozilla::pkix::Input* stapledOCSPresponse,
- /*optional*/ const mozilla::pkix::Input* aiaExtension) override;
+ /*optional*/ const mozilla::pkix::Input* aiaExtension,
+ /*optional*/ const mozilla::pkix::Input* sctExtension) override;
virtual Result IsChainValid(const mozilla::pkix::DERArray& certChain,
- mozilla::pkix::Time time) override;
+ mozilla::pkix::Time time,
+ const mozilla::pkix::CertPolicyId& requiredPolicy) override;
virtual Result CheckSignatureDigestAlgorithm(
mozilla::pkix::DigestAlgorithm digestAlg,
mozilla::pkix::EndEntityOrCA endEntityOrCA,