OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // This protobuffer is intended to store reports from Chrome users of | 5 // This protobuffer is intended to store reports from Chrome users of |
6 // certificate pinning errors. A report will be sent from Chrome when it gets | 6 // certificate pinning errors. A report will be sent from Chrome when it gets |
7 // e.g. a certificate for google.com that chains up to a root CA not expected by | 7 // e.g. a certificate for google.com that chains up to a root CA not expected by |
8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or | 8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or |
9 // other pinning errors such as a blacklisted cert in the chain. The | 9 // other pinning errors such as a blacklisted cert in the chain. The |
10 // report from the user will include the hostname being accessed, | 10 // report from the user will include the hostname being accessed, |
11 // the full certificate chain (in PEM format), and the | 11 // the full certificate chain (in PEM format), and the |
12 // timestamp of when the client tried to access the site. A response is | 12 // timestamp of when the client tried to access the site. A response is |
13 // generated by the frontend and logged, including validation and error checking | 13 // generated by the frontend and logged, including validation and error checking |
14 // done on the client's input data. | 14 // done on the client's input data. |
15 | 15 |
16 | 16 |
17 syntax = "proto2"; | 17 syntax = "proto2"; |
18 | 18 |
19 package chrome_browser_net; | 19 package chrome_browser_net; |
20 | 20 |
| 21 // Chrome requires this. |
| 22 option optimize_for = LITE_RUNTIME; |
| 23 |
21 // Protocol types | 24 // Protocol types |
22 message CertLoggerRequest { | 25 message CertLoggerRequest { |
23 // The hostname being accessed (required as the cert could be valid for | 26 // The hostname being accessed (required as the cert could be valid for |
24 // multiple hosts, e.g. a wildcard or a SubjectAltName. | 27 // multiple hosts, e.g. a wildcard or a SubjectAltName. |
25 required string hostname = 1; | 28 required string hostname = 1; |
26 // The certificate chain as a series of PEM-encoded certificates, including | 29 // The certificate chain as a series of PEM-encoded certificates, including |
27 // intermediates but not necessarily the root. | 30 // intermediates but not necessarily the root. |
28 required string cert_chain = 2; | 31 required string cert_chain = 2; |
29 // The time (in usec since the epoch) when the client attempted to access the | 32 // The time (in usec since the epoch) when the client attempted to access the |
30 // site generating the pinning error. | 33 // site generating the pinning error. |
31 required int64 time_usec = 3; | 34 required int64 time_usec = 3; |
32 }; | 35 }; |
33 | 36 |
34 // The response sent back to the user. | 37 // The response sent back to the user. |
35 message CertLoggerResponse { | 38 message CertLoggerResponse { |
36 enum ResponseCode { | 39 enum ResponseCode { |
37 OK = 1; | 40 OK = 1; |
38 MALFORMED_CERT_DATA = 2; | 41 MALFORMED_CERT_DATA = 2; |
39 HOST_CERT_DONT_MATCH = 3; | 42 HOST_CERT_DONT_MATCH = 3; |
40 ROOT_NOT_RECOGNIZED = 4; | 43 ROOT_NOT_RECOGNIZED = 4; |
41 ROOT_NOT_UNEXPECTED = 5; | 44 ROOT_NOT_UNEXPECTED = 5; |
42 OTHER_ERROR = 6; | 45 OTHER_ERROR = 6; |
43 }; | 46 }; |
44 required ResponseCode response = 1; | 47 required ResponseCode response = 1; |
45 }; | 48 }; |
46 | 49 |
OLD | NEW |