chrome/browser/net/cert_logger.proto - Issue 1117173005: Include cert status in invalid certificate reports

Side by Side Diff: chrome/browser/net/cert_logger.proto

Issue 1117173005: Include cert status in invalid certificate reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4 //	4 //

5 // This protobuffer is intended to store reports from Chrome users of	5 // This protobuffer is intended to store reports from Chrome users of

6 // certificate errors. A report will be sent from Chrome when it gets	6 // certificate errors. A report will be sent from Chrome when it gets

7 // e.g. a certificate for google.com that chains up to a root CA not expected by	7 // e.g. a certificate for google.com that chains up to a root CA not expected by

8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or	8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or

9 // other pinning errors such as a blacklisted cert in the chain, or	9 // other pinning errors such as a blacklisted cert in the chain, or

10 // (when opted in) other certificate validation errors like an expired	10 // (when opted in) other certificate validation errors like an expired

(...skipping 21 matching lines...) Expand all Loading...
32 required string cert_chain = 2;	32 required string cert_chain = 2;

33 // The time (in usec since the epoch) when the client attempted to access the	33 // The time (in usec since the epoch) when the client attempted to access the

34 // site generating the pinning error.	34 // site generating the pinning error.

35 required int64 time_usec = 3;	35 required int64 time_usec = 3;

36 // public_key_hash contains the string forms of the hashes calculated for	36 // public_key_hash contains the string forms of the hashes calculated for

37 // the chain. (I.e. "sha1/<base64 data>".)	37 // the chain. (I.e. "sha1/<base64 data>".)

38 repeated string public_key_hash = 4;	38 repeated string public_key_hash = 4;

39 // pin contains the string forms of the pins that were matched against for	39 // pin contains the string forms of the pins that were matched against for

40 // this host.	40 // this host.

41 repeated string pin = 5;	41 repeated string pin = 5;

	42 // The result of validating this certificate chain. A bitmask of

	43 // status flags as defined in //net/cert/cert_status_flags.h

	44 optional uint32 cert_status = 6;
	Ryan Sleevi 2015/05/06 00:00:33 The //net flags are API compatible, but are not de The //net flags are API compatible, but are not defined as a stable API (that is, we can change the status flags, so long as we handle the disk cache issues that arise) While it sounds duplicative, I'd suggest you define your own enum here, then map the CertStatusFlags to it. estark 2015/05/06 00:50:20 Done. (Now it's reporting the most serious error, Show quoted text On 2015/05/06 00:00:33, Ryan Sleevi wrote: > The //net flags are API compatible, but are not defined as a stable API (that > is, we can change the status flags, so long as we handle the disk cache issues > that arise) > > While it sounds duplicative, I'd suggest you define your own enum here, then map > the CertStatusFlags to it. Done. (Now it's reporting the most serious error, like \|MapCertStatusToNetError\|.)
42 };	45 };

43	46

44 // A wrapper proto containing an encrypted CertLoggerRequest	47 // A wrapper proto containing an encrypted CertLoggerRequest

45 message EncryptedCertLoggerRequest {	48 message EncryptedCertLoggerRequest {

46 // An encrypted, serialized CertLoggerRequest	49 // An encrypted, serialized CertLoggerRequest

47 required bytes encrypted_report = 1;	50 required bytes encrypted_report = 1;

48 // The server public key version that was used to derive the shared secret.	51 // The server public key version that was used to derive the shared secret.

49 required uint32 server_public_key_version = 2;	52 required uint32 server_public_key_version = 2;

50 // The client public key that corresponds to the private key that was used	53 // The client public key that corresponds to the private key that was used

51 // to derive the shared secret.	54 // to derive the shared secret.

(...skipping 12 matching lines...) Expand all Loading...
64 enum ResponseCode {	67 enum ResponseCode {

65 OK = 1;	68 OK = 1;

66 MALFORMED_CERT_DATA = 2;	69 MALFORMED_CERT_DATA = 2;

67 HOST_CERT_DONT_MATCH = 3;	70 HOST_CERT_DONT_MATCH = 3;

68 ROOT_NOT_RECOGNIZED = 4;	71 ROOT_NOT_RECOGNIZED = 4;

69 ROOT_NOT_UNEXPECTED = 5;	72 ROOT_NOT_UNEXPECTED = 5;

70 OTHER_ERROR = 6;	73 OTHER_ERROR = 6;

71 };	74 };

72 required ResponseCode response = 1;	75 required ResponseCode response = 1;

73 };	76 };

OLD	NEW

« no previous file with comments | « no previous file | chrome/browser/net/certificate_error_reporter.cc » ('j') | no next file with comments »