| // Copyright (c) 2017 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_CERT_KNOWN_ROOTS_MAC_H_ |
| #define NET_CERT_KNOWN_ROOTS_MAC_H_ |
| |
| #include <Security/Security.h> |
| |
| namespace net { |
| |
| // IsKnownRoot returns true if the given certificate is one that we believe |
| // is a standard (as opposed to user-installed) root. |
| // |
| // NOTE: The first call will lazily initialize the known roots, which requires |
| // holding crypto::GetMacSecurityServicesLock(). Callers must therefore either |
| // acquire that lock prior to calling this, or eagerly initialize beforehand |
| // using InitializeKnownRoots(). |
| bool IsKnownRoot(SecCertificateRef cert); |
| |
| // Calling this is optional as initialization will otherwise be done lazily when |
| // calling IsKnownRoot(). When calling this, the current thread must NOT already |
| // be holding/ crypto::GetMacSecurityServicesLock(). |
| void InitializeKnownRoots(); |
| |
| } // namespace net |
| |
| #endif // NET_CERT_KNOWN_ROOTS_MAC_H_ |