gecko-dev/security/certverifier/ExtendedValidation.h
David Keeler 8b85837b61 bug 1372656 - load loadable roots on a background thread r=Cykesiopka,jcj
In a profile, loading the loadable roots PKCS#11 module (i.e. the built-in root
CA module) accounted for about 60% of the time to initialize PSM/NSS. Since we
only need the roots module loaded when we're actually looking for an issuing
certificate or querying a certificate's trust, we can do the load
asynchronously (where it hopefully finishes before we actually need it, because
otherwise we'll have to wait anyway).

MozReview-Commit-ID: JyY6NtpQAUj

--HG--
extra : rebase_source : f63a697b18a409dd042289afa2b727b09f81f19f
2017-06-08 16:10:00 -07:00

44 lines
1.4 KiB
C++

/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef ExtendedValidation_h
#define ExtendedValidation_h
#include "ScopedNSSTypes.h"
#include "certt.h"
#include "nsNSSShutDown.h"
namespace mozilla { namespace pkix { struct CertPolicyId; } }
namespace mozilla { namespace psm {
nsresult LoadExtendedValidationInfo(
const nsNSSShutDownPreventionLock& proofOfLock);
/**
* Finds the first policy OID in the given cert that is known to be an EV policy
* OID.
*
* @param cert
* The cert to find the first EV policy of.
* @param policy
* The found policy.
* @param policyOidTag
* The OID tag of the found policy.
* @return true if a suitable policy was found, false otherwise.
*/
bool GetFirstEVPolicy(CERTCertificate& cert,
/*out*/ mozilla::pkix::CertPolicyId& policy,
/*out*/ SECOidTag& policyOidTag);
// CertIsAuthoritativeForEVPolicy does NOT evaluate whether the cert is trusted
// or distrusted.
bool CertIsAuthoritativeForEVPolicy(const UniqueCERTCertificate& cert,
const mozilla::pkix::CertPolicyId& policy);
} } // namespace mozilla::psm
#endif // ExtendedValidation_h