Index: chrome/browser/net/cert_logger.proto |
=================================================================== |
--- chrome/browser/net/cert_logger.proto (revision 0) |
+++ chrome/browser/net/cert_logger.proto (revision 0) |
@@ -0,0 +1,49 @@ |
+// Copyright (c) 2011 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+// |
+// This protobuffer is intended to store reports from Chrome users of |
+// certificate pinning errors. A report will be sent from Chrome when it gets |
+// e.g. a certificate for google.com that chains up to a root CA not expected by |
+// Chrome for that origin, such as DigiNotar (compromised in July 2011), or |
+// other pinning errors such as a blacklisted cert in the chain. The |
+// report from the user will include the hostname being accessed, |
+// the full certificate chain (in PEM format), and the |
+// timestamp of when the client tried to access the site. A response is |
+// generated by the frontend and logged, including validation and error checking |
+// done on the client's input data. |
+ |
+ |
+syntax = "proto2"; |
+ |
+package chrome_browser_net; |
+ |
+// Chrome requires this. |
+option optimize_for = LITE_RUNTIME; |
+ |
+// Protocol types |
+message CertLoggerRequest { |
+ // The hostname being accessed (required as the cert could be valid for |
+ // multiple hosts, e.g. a wildcard or a SubjectAltName. |
+ required string hostname = 1; |
+ // The certificate chain as a series of PEM-encoded certificates, including |
+ // intermediates but not necessarily the root. |
+ required string cert_chain = 2; |
+ // The time (in usec since the epoch) when the client attempted to access the |
+ // site generating the pinning error. |
+ required int64 time_usec = 3; |
+}; |
+ |
+// The response sent back to the user. |
+message CertLoggerResponse { |
+ enum ResponseCode { |
+ OK = 1; |
+ MALFORMED_CERT_DATA = 2; |
+ HOST_CERT_DONT_MATCH = 3; |
+ ROOT_NOT_RECOGNIZED = 4; |
+ ROOT_NOT_UNEXPECTED = 5; |
+ OTHER_ERROR = 6; |
+ }; |
+ required ResponseCode response = 1; |
+}; |
+ |