| eroman | f2971fd | 2017-04-20 20:10:45 | [diff] [blame^] | 1 | // Copyright (c) 2017 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "net/cert/known_roots_nss.h" |
| 6 | |
| 7 | #include <cert.h> |
| 8 | #include <pk11pub.h> |
| 9 | |
| 10 | #include <memory> |
| 11 | |
| 12 | namespace net { |
| 13 | |
| 14 | // IsKnownRoot returns true if the given certificate is one that we believe |
| 15 | // is a standard (as opposed to user-installed) root. |
| 16 | bool IsKnownRoot(CERTCertificate* root) { |
| 17 | if (!root || !root->slot) |
| 18 | return false; |
| 19 | |
| 20 | // This magic name is taken from |
| 21 | // http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ckfw/builtins/constants.c&rev=1.13&mark=86,89#79 |
| 22 | return 0 == strcmp(PK11_GetSlotName(root->slot), "NSS Builtin Objects"); |
| 23 | } |
| 24 | |
| 25 | } // namespace net |
