Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(103)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state_static.json

Issue 1139013002: Completely remove SSLv3 support. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« extensions/browser/api/socket/tls_socket.cc ('K') | « net/http/http_network_transaction_unittest.cc ('k') | net/socket/client_socket_pool_manager.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file contains the HSTS preloaded list in a machine readable format. 5 // This file contains the HSTS preloaded list in a machine readable format.
6 6
7 // The top-level element is a dictionary with two keys: "pinsets" maps details 7 // The top-level element is a dictionary with two keys: "pinsets" maps details
8 // of certificate pinning to a name and "entries" contains the HSTS details for 8 // of certificate pinning to a name and "entries" contains the HSTS details for
9 // each host. 9 // each host.
10 // 10 //
11 // "pinsets" is a list of objects. Each object has the following members: 11 // "pinsets" is a list of objects. Each object has the following members:
12 // name: (string) the name of the pinset 12 // name: (string) the name of the pinset
13 // static_spki_hashes: (list of strings) the set of allowed SPKIs hashes 13 // static_spki_hashes: (list of strings) the set of allowed SPKIs hashes
14 // bad_static_spki_hashes: (optional list of strings) the set of forbidden 14 // bad_static_spki_hashes: (optional list of strings) the set of forbidden
15 // SPKIs hashes 15 // SPKIs hashes
16 // 16 //
17 // For a given pinset, a certificate is accepted if at least one of the 17 // For a given pinset, a certificate is accepted if at least one of the
18 // "static_spki_hashes" SPKIs is found in the chain and none of the 18 // "static_spki_hashes" SPKIs is found in the chain and none of the
19 // "bad_static_spki_hashes" SPKIs are. SPKIs are specified as names, which must 19 // "bad_static_spki_hashes" SPKIs are. SPKIs are specified as names, which must
20 // match up with the file of certificates. 20 // match up with the file of certificates.
21 // 21 //
22 // "entries" is a list of objects. Each object has the following members: 22 // "entries" is a list of objects. Each object has the following members:
23 // name: (string) the DNS name of the host in question 23 // name: (string) the DNS name of the host in question
24 // include_subdomains: (optional bool) whether subdomains of |name| are also 24 // include_subdomains: (optional bool) whether subdomains of |name| are also
25 // covered 25 // covered
26 // mode: (optional string) "force-https" iff covered names should require 26 // mode: (optional string) "force-https" iff covered names should require
27 // HTTPS 27 // HTTPS
28 // pins: (optional string) the |name| member of an object in |pinsets| 28 // pins: (optional string) the |name| member of an object in |pinsets|
29 // snionly: (optional bool) if true then this entry is only enforced if TLS is
30 // enabled because the site in question only serves the correct
31 // certificate if SNI is sent. Note that this only covers the case where
32 // TLS has been disabled by explicit configuration. If TLS was disabled
33 // because of SSLv3 fallback, then the entry is still in force and a
34 // fatal certificate error will result. Spurious certificate errors are
35 // an unfortunate result of SSLv3 fallback.
36 29
37 { 30 {
38 "pinsets": [ 31 "pinsets": [
39 { 32 {
40 "name": "test", 33 "name": "test",
41 "static_spki_hashes": [ 34 "static_spki_hashes": [
42 "TestSPKI" 35 "TestSPKI"
43 ] 36 ]
44 }, 37 },
45 { 38 {
(...skipping 2840 matching lines...) Expand 10 before | Expand all | Expand 10 after
2886 "GOOGLETAGSERVICES_COM", 2879 "GOOGLETAGSERVICES_COM",
2887 "DROPBOX_COM", 2880 "DROPBOX_COM",
2888 "YOUTUBE_NOCOOKIE_COM", 2881 "YOUTUBE_NOCOOKIE_COM",
2889 "2MDN_NET", 2882 "2MDN_NET",
2890 "FACEBOOK_COM", 2883 "FACEBOOK_COM",
2891 "SPIDEROAK_COM", 2884 "SPIDEROAK_COM",
2892 "BLOGGER_COM", 2885 "BLOGGER_COM",
2893 "CHROME_COM" 2886 "CHROME_COM"
2894 ] 2887 ]
2895 } 2888 }
OLDNEW
« extensions/browser/api/socket/tls_socket.cc ('K') | « net/http/http_network_transaction_unittest.cc ('k') | net/socket/client_socket_pool_manager.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698