Index: net/base/transport_security_state.h |
=================================================================== |
--- net/base/transport_security_state.h (revision 80114) |
+++ net/base/transport_security_state.h (working copy) |
@@ -8,6 +8,7 @@ |
#include <map> |
#include <string> |
+#include <vector> |
#include "base/basictypes.h" |
#include "base/gtest_prod_util.h" |
@@ -16,6 +17,8 @@ |
namespace net { |
+class X509Certificate; |
+ |
// TransportSecurityState |
// |
// Tracks which hosts have enabled *-Transport-Security. This object manages |
@@ -54,6 +57,7 @@ |
base::Time created; // when this host entry was first created |
base::Time expiry; // the absolute time (UTC) when this record expires |
bool include_subdomains; // subdomains included? |
+ std::vector<std::string> cert_locks; // optional: fingerprint locking |
abarth-chromium
2011/04/04 22:49:36
People seem to like the name "pinning" better than
|
// The follow members are not valid when stored in |enabled_hosts_|. |
bool preloaded; // is this a preloaded entry? |
@@ -71,6 +75,10 @@ |
// *result is filled out. |
bool IsEnabledForHost(DomainState* result, const std::string& host); |
+ // Returns true if our (optional) stronger certificate authority checks |
+ // will accept this signature chain for this domain. |
+ bool IsAcceptableCertificate(const std::string& host, X509Certificate* cert); |
+ |
// Deletes all records created since a given time. |
void DeleteSince(const base::Time& time); |