Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1145)

Unified Diff: chrome/browser/net/cert_logger.proto

Issue 8302019: Recommit fraudulent certificate reporting infrastructure. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/net/chrome_fraudulent_certificate_reporter.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/cert_logger.proto
===================================================================
--- chrome/browser/net/cert_logger.proto (revision 0)
+++ chrome/browser/net/cert_logger.proto (revision 0)
@@ -0,0 +1,49 @@
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// This protobuffer is intended to store reports from Chrome users of
+// certificate pinning errors. A report will be sent from Chrome when it gets
+// e.g. a certificate for google.com that chains up to a root CA not expected by
+// Chrome for that origin, such as DigiNotar (compromised in July 2011), or
+// other pinning errors such as a blacklisted cert in the chain. The
+// report from the user will include the hostname being accessed,
+// the full certificate chain (in PEM format), and the
+// timestamp of when the client tried to access the site. A response is
+// generated by the frontend and logged, including validation and error checking
+// done on the client's input data.
+
+
+syntax = "proto2";
+
+package chrome_browser_net;
+
+// Chrome requires this.
+option optimize_for = LITE_RUNTIME;
+
+// Protocol types
+message CertLoggerRequest {
+ // The hostname being accessed (required as the cert could be valid for
+ // multiple hosts, e.g. a wildcard or a SubjectAltName.
+ required string hostname = 1;
+ // The certificate chain as a series of PEM-encoded certificates, including
+ // intermediates but not necessarily the root.
+ required string cert_chain = 2;
+ // The time (in usec since the epoch) when the client attempted to access the
+ // site generating the pinning error.
+ required int64 time_usec = 3;
+};
+
+// The response sent back to the user.
+message CertLoggerResponse {
+ enum ResponseCode {
+ OK = 1;
+ MALFORMED_CERT_DATA = 2;
+ HOST_CERT_DONT_MATCH = 3;
+ ROOT_NOT_RECOGNIZED = 4;
+ ROOT_NOT_UNEXPECTED = 5;
+ OTHER_ERROR = 6;
+ };
+ required ResponseCode response = 1;
+};
+
« no previous file with comments | « no previous file | chrome/browser/net/chrome_fraudulent_certificate_reporter.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698