Name Date Size #Lines LOC

..--

internal/H25-Apr-2025-8,6515,853

BUILD.gnH A D25-Apr-2025919 3024

DIR_METADATAH A D25-Apr-2025105 76

README.mdH A D25-Apr-20252.1 KiB4636

asn1_util.ccH A D25-Apr-202511 KiB347206

asn1_util.hH A D25-Apr-20253.3 KiB7525

caching_cert_verifier.ccH A D25-Apr-20257.7 KiB204109

caching_cert_verifier.hH A D25-Apr-20256 KiB15081

caching_cert_verifier_unittest.ccH A D25-Apr-202513.4 KiB359287

cert_database.ccH A D25-Apr-20252.1 KiB6638

cert_database.hH A D25-Apr-20253.4 KiB10143

cert_database_mac.ccH A D25-Apr-20252.8 KiB9458

cert_database_unittest.ccH A D25-Apr-20252.9 KiB9570

cert_net_fetcher.hH A D25-Apr-20253.1 KiB9542

cert_status_flags.ccH A D25-Apr-20252.1 KiB5940

cert_status_flags.hH A D25-Apr-20251.3 KiB4017

cert_status_flags_list.hH A D25-Apr-20251.9 KiB4820

cert_type.hH A D25-Apr-2025900 2912

cert_verifier.ccH A D25-Apr-20256 KiB165133

cert_verifier.hH A D25-Apr-20259.7 KiB239101

cert_verifier_unittest.ccH A D25-Apr-20255.7 KiB141109

cert_verify_proc.ccH A D25-Apr-202533.4 KiB877606

cert_verify_proc.hH A D25-Apr-202513.7 KiB337173

cert_verify_proc_android.ccH A D25-Apr-202515.6 KiB387264

cert_verify_proc_android.hH A D25-Apr-20251.4 KiB4427

cert_verify_proc_android_unittest.ccH A D25-Apr-202513.9 KiB340239

cert_verify_proc_blocklist.incH A D25-Apr-202531.8 KiB444441

cert_verify_proc_builtin.ccH A D25-Apr-202550.6 KiB1,282923

cert_verify_proc_builtin.hH A D25-Apr-20251.3 KiB4124

cert_verify_proc_builtin_unittest.ccH A D25-Apr-202579.5 KiB1,9891,516

cert_verify_proc_ios.ccH A D25-Apr-202520.2 KiB524386

cert_verify_proc_ios.hH A D25-Apr-20251.7 KiB5328

cert_verify_proc_unittest.ccH A D25-Apr-2025235.7 KiB6,0724,240

cert_verify_result.ccH A D25-Apr-20252.2 KiB7352

cert_verify_result.hH A D25-Apr-20253.8 KiB10234

client_cert_verifier.hH A D25-Apr-20251.1 KiB4323

coalescing_cert_verifier.ccH A D25-Apr-202518.5 KiB491275

coalescing_cert_verifier.hH A D25-Apr-20253.2 KiB8741

coalescing_cert_verifier_unittest.ccH A D25-Apr-202523.8 KiB597373

crl_set.ccH A D25-Apr-202514.5 KiB462305

crl_set.hH A D25-Apr-20255.3 KiB13353

crl_set_fuzzer.ccH A D25-Apr-20251 KiB3422

crl_set_unittest.ccH A D25-Apr-20259.5 KiB223176

ct_log_response_parser.ccH A D25-Apr-20254.3 KiB13199

ct_log_response_parser.hH A D25-Apr-2025994 3317

ct_log_response_parser_unittest.ccH A D25-Apr-20255.7 KiB157117

ct_log_verifier.ccH A D25-Apr-202511.2 KiB321199

ct_log_verifier.hH A D25-Apr-20254 KiB10350

ct_log_verifier_unittest.ccH A D25-Apr-202530.2 KiB759534

ct_log_verifier_util.ccH A D25-Apr-2025766 2917

ct_log_verifier_util.hH A D25-Apr-2025600 239

ct_objects_extractor.ccH A D25-Apr-202516 KiB423304

ct_objects_extractor.hH A D25-Apr-20252.9 KiB6624

ct_objects_extractor_unittest.ccH A D25-Apr-20257.3 KiB193136

ct_policy_enforcer.ccH A D25-Apr-2025715 2817

ct_policy_enforcer.hH A D25-Apr-20252.9 KiB9044

ct_policy_status.ccH A D25-Apr-2025963 3323

ct_policy_status.hH A D25-Apr-20251.3 KiB3815

ct_sct_to_string.ccH A D25-Apr-20252.1 KiB7967

ct_sct_to_string.hH A D25-Apr-20251.2 KiB3716

ct_serialization.ccH A D25-Apr-202514 KiB414335

ct_serialization.hH A D25-Apr-20254.1 KiB10242

ct_serialization_unittest.ccH A D25-Apr-20259.9 KiB274198

ct_signed_certificate_timestamp_log_param.ccH A D25-Apr-20253 KiB9764

ct_signed_certificate_timestamp_log_param.hH A D25-Apr-20251.2 KiB3414

ct_verifier.hH A D25-Apr-20251.6 KiB4319

decode_signed_certificate_timestamp_fuzzer.ccH A D25-Apr-2025690 2314

do_nothing_ct_verifier.ccH A D25-Apr-2025680 2615

do_nothing_ct_verifier.hH A D25-Apr-20252.9 KiB6820

ev_root_ca_metadata.ccH A D25-Apr-20254.6 KiB166116

ev_root_ca_metadata.hH A D25-Apr-20252.4 KiB8246

ev_root_ca_metadata_unittest.ccH A D25-Apr-20253.5 KiB9453

known_roots.ccH A D25-Apr-20251.7 KiB6141

known_roots.hH A D25-Apr-20251.1 KiB3312

known_roots_unittest.ccH A D25-Apr-20251.2 KiB4429

merkle_audit_proof.ccH A D25-Apr-20251.3 KiB4224

merkle_audit_proof.hH A D25-Apr-20251.5 KiB4922

merkle_audit_proof_unittest.ccH A D25-Apr-20252 KiB5235

merkle_consistency_proof.ccH A D25-Apr-2025652 2414

merkle_consistency_proof.hH A D25-Apr-20251 KiB4221

merkle_tree_leaf.ccH A D25-Apr-20251.7 KiB5538

merkle_tree_leaf.hH A D25-Apr-20252.3 KiB7027

merkle_tree_leaf_unittest.ccH A D25-Apr-20254 KiB13191

mock_cert_net_fetcher.ccH A D25-Apr-20251.5 KiB4831

mock_cert_net_fetcher.hH A D25-Apr-20252.3 KiB7042

mock_cert_verifier.ccH A D25-Apr-20257.2 KiB227183

mock_cert_verifier.hH A D25-Apr-20254.2 KiB12673

mock_client_cert_verifier.ccH A D25-Apr-20251.1 KiB4226

mock_client_cert_verifier.hH A D25-Apr-20251.8 KiB5627

multi_log_ct_verifier.ccH A D25-Apr-20256.5 KiB188139

multi_log_ct_verifier.hH A D25-Apr-20252.4 KiB7141

multi_log_ct_verifier_unittest.ccH A D25-Apr-20258.6 KiB244190

multi_threaded_cert_verifier.ccH A D25-Apr-20259.4 KiB260185

multi_threaded_cert_verifier.hH A D25-Apr-20252.7 KiB8150

multi_threaded_cert_verifier_unittest.ccH A D25-Apr-202514.7 KiB397313

nss_cert_database.ccH A D25-Apr-202523.8 KiB683492

nss_cert_database.hH A D25-Apr-202514.6 KiB361147

nss_cert_database_chromeos.ccH A D25-Apr-20255.3 KiB150108

nss_cert_database_chromeos.hH A D25-Apr-20252.9 KiB7739

nss_cert_database_chromeos_unittest.ccH A D25-Apr-202514.3 KiB375267

nss_cert_database_unittest.ccH A D25-Apr-202554.6 KiB1,3771,033

nss_profile_filter_chromeos.ccH A D25-Apr-20254.2 KiB11682

nss_profile_filter_chromeos.hH A D25-Apr-20251.8 KiB5124

nss_profile_filter_chromeos_unittest.ccH A D25-Apr-20258.4 KiB211171

root_cert_list_generated.hH A D25-Apr-2025136.6 KiB3,8343,808

root_store.protoH A D25-Apr-20252.4 KiB6652

scoped_nss_types.hH A D25-Apr-2025629 2916

sct_auditing_delegate.hH A D25-Apr-2025870 3118

sct_status_flags.ccH A D25-Apr-2025559 2415

sct_status_flags.hH A D25-Apr-20251.6 KiB5016

signed_certificate_timestamp.ccH A D25-Apr-20253.2 KiB9877

signed_certificate_timestamp.hH A D25-Apr-20254.5 KiB15287

signed_certificate_timestamp_and_status.ccH A D25-Apr-2025828 2614

signed_certificate_timestamp_and_status.hH A D25-Apr-20251.1 KiB3923

signed_certificate_timestamp_unittest.ccH A D25-Apr-20251.7 KiB6240

signed_tree_head.ccH A D25-Apr-20252.1 KiB6144

signed_tree_head.hH A D25-Apr-20251.8 KiB6137

symantec_certs.ccH A D25-Apr-202515.3 KiB241226

symantec_certs.hH A D25-Apr-20251.8 KiB4314

symantec_certs_unittest.ccH A D25-Apr-20252.1 KiB5435

test_keychain_search_list_mac.ccH A D25-Apr-20251.4 KiB5635

test_keychain_search_list_mac.hH A D25-Apr-20251.4 KiB4922

test_root_certs.ccH A D25-Apr-20253.6 KiB13396

test_root_certs.hH A D25-Apr-20255.7 KiB17084

test_root_certs_android.ccH A D25-Apr-2025791 3320

test_root_certs_builtin.ccH A D25-Apr-2025409 209

test_root_certs_ios.ccH A D25-Apr-20251.5 KiB6042

test_root_certs_unittest.ccH A D25-Apr-202512.6 KiB301212

time_conversions.ccH A D25-Apr-20251,022 3221

time_conversions.hH A D25-Apr-20251.2 KiB4323

time_conversions_unittest.ccH A D25-Apr-20254.3 KiB12396

x509_cert_types.ccH A D25-Apr-20253.4 KiB9779

x509_cert_types.hH A D25-Apr-20252.1 KiB6330

x509_cert_types_unittest.ccH A D25-Apr-20254 KiB10283

x509_certificate.ccH A D25-Apr-202527.3 KiB779575

x509_certificate.hH A D25-Apr-202514.3 KiB341139

x509_certificate_fuzztest.ccH A D25-Apr-2025516 2211

x509_certificate_net_log_param.ccH A D25-Apr-2025723 2818

x509_certificate_net_log_param.hH A D25-Apr-2025617 2612

x509_certificate_unittest.ccH A D25-Apr-202559.6 KiB1,4491,106

x509_util.ccH A D25-Apr-202521.2 KiB603502

x509_util.hH A D25-Apr-20257.8 KiB209102

x509_util_android.ccH A D25-Apr-2025559 2111

x509_util_apple.ccH A D25-Apr-20256.2 KiB178144

x509_util_apple.hH A D25-Apr-20253.3 KiB8340

x509_util_apple_unittest.ccH A D25-Apr-20258.6 KiB205159

x509_util_nss.ccH A D25-Apr-202514.7 KiB449369

x509_util_nss.hH A D25-Apr-20257.8 KiB17467

x509_util_nss_unittest.ccH A D25-Apr-202517.1 KiB449361

x509_util_unittest.ccH A D25-Apr-202544.2 KiB806698

x509_util_win.ccH A D25-Apr-20254.7 KiB12692

x509_util_win.hH A D25-Apr-20252.7 KiB6829

README.md

1# Certificate verification
2
3This directory contains the core code for verifying server certificates.
4Limited support is also included for verifying client certificates, but only to
5the extent they chain to a server-supplied set of issuers.
6
7Server certificate verification emphasizes the standards/policy for
8publicly trusted certificates:
9
10 * Basic X.509 digital certificates
11 * RFC 5280
12 * CA/Browser Forum Baseline Requirements
13 * CRLSets
14 * Certificate Transparency
15
16The core logic of certificate verification is implemented synchronously, as it
17may need to integrate with synchronous OS-provided APIs. This synchronous
18implementation is performed through the [CertVerifyProc](cert_verify_proc.h)
19interface, which is a thread-agnostic/thread-safe interface that can be used to
20verify certificates synchronously on arbitrary worker threads.
21
22The top-level interface for verifying server certificates is the asynchronous
23[CertVerifier](cert_verifier.h).
24
25[MultiThreadedCertVerifier](multi_threaded_cert_verifier.h) is an
26implementation of `CertVerifier` that executes `CertVerifyProc` synchronously
27on worker threads.
28
29[CertVerifyProcBuiltin](cert_verify_proc_builtin.h) is a cross-platform
30implementation which implements path building internally. It only relies on
31platform integrations for obtaining user and enterprise configured trusted root
32certificates. The publicly trusted root certificates are supplied by the
33[Chrome Root Store](../data/ssl/chrome_root_store/README.md).
34
35The other `CertVerifyProc` implementations are for integrating
36with the underlying platform's certificate verification library.
37There are 2 platform implementations:
38[CertVerifyProcAndroid](cert_verify_proc_android.h) and
39[CertVerifyProcIOS](cert_verify_proc_ios.h).
40
41Browser-specific policy checks are applied even when using the platform's
42certificate verifier. For instance, a certificate chain the OS deemed valid
43could ultimately be rejected by `CertVerifyProc` since it independently
44checks the chain for CRLSet revocation, use of weak keys, Baseline Requirements
45validity, name constraints, weak signature algorithms, and more.
46