Chromium Code Reviews Chromium Code Reviews
Issue 11970012:
Add a check for server and CA certificates in device policies to the ONC validator. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 <!DOCTYPE html> | 1 <!DOCTYPE html> |
| 2 <html> | 2 <html> |
| 3 <head> | 3 <head> |
| 4 <meta charset="utf-8"> | 4 <meta charset="utf-8"> |
| 5 <link rel="stylesheet" href="onc_spec.css" > | 5 <link rel="stylesheet" href="onc_spec.css" > |
| 6 <script src="onc_spec.js"></script> | 6 <script src="onc_spec.js"></script> |
| 7 <title>Open Network Configuration Format</title> | 7 <title>Open Network Configuration Format</title> |
| 8 </head> | 8 </head> |
| 9 <body> | 9 <body> |
| 10 | 10 |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 112 | 112 |
| 113 <section> | 113 <section> |
| 114 <h1>GUIDs and Updating</h1> | 114 <h1>GUIDs and Updating</h1> |
| 115 <p> | 115 <p> |
| 116 This format allows for importing updated network configurations and | 116 This format allows for importing updated network configurations and |
| 117 certificates by providing GUIDs to each network configuration and | 117 certificates by providing GUIDs to each network configuration and |
| 118 certificate so they can be modified or even removed in future updates. | 118 certificate so they can be modified or even removed in future updates. |
| 119 </p> | 119 </p> |
| 120 | 120 |
| 121 <p> | 121 <p> |
| 122 GUIDs are meant to be stable and unique. When they refer to the same entity, | 122 GUIDs are non-empty strings that are meant to be stable and unique. When |
| 123 they should be the same between ONC files. No two different networks or | 123 they refer to the same entity, they should be the same between ONC files. No |
| 124 certificates should have the same GUID, similarly a network and certificate | 124 two different networks or certificates should have the same GUID, similarly |
| 125 should not have the same GUID. A single ONC file should not contain the same | 125 a network and certificate should not have the same GUID. A single ONC file |
| 126 entity twice (with the same GUID). Failing any of these tests indicates the | 126 should not contain the same entity twice (with the same GUID). Failing any |
| 127 ONC file is not valid. | 127 of these tests indicates the ONC file is not valid. |
| 128 </p> | 128 </p> |
| 129 | 129 |
| 130 <p> | 130 <p> |
| 131 Any GUID referred to in an ONC file must be present in the same ONC file. In | 131 Any GUID referred to in an ONC file must be present in the same ONC file. In |
| 132 particular, it is an error to create a certificate in one ONC file and refer | 132 particular, it is an error to create a certificate in one ONC file and refer |
| 133 to it in a NetworkConfiguration in another ONC file and not define it there, | 133 to it in a NetworkConfiguration in another ONC file and not define it there, |
| 134 even if the previous ONC file has been imported. | 134 even if the previous ONC file has been imported. |
| 135 </p> | 135 </p> |
| 136 </section> | 136 </section> |
| 137 | 137 |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 238 </span> | 238 </span> |
| 239 Ethernet settings. | 239 Ethernet settings. |
| 240 </dd> | 240 </dd> |
| 241 | 241 |
| 242 <dt class="field">GUID</dt> | 242 <dt class="field">GUID</dt> |
| 243 <dd> | 243 <dd> |
| 244 <span class="field_meta"> | 244 <span class="field_meta"> |
| 245 (required) | 245 (required) |
| 246 <span class="type">string</span> | 246 <span class="type">string</span> |
| 247 </span> | 247 </span> |
| 248 a unique identifier for this network connection, which exists to make it | 248 A unique identifier for this network connection, which exists to make it |
| 249 possible to update previously imported configurations | 249 possible to update previously imported configurations. Must have a length |
|
pastarmovj
2013/01/16 14:49:38
Isn't "Must not be empty." Less robot sounding? :)
pneubeck (no reviews)
2013/01/16 14:53:18
I wanted to prevent that somebody may mix it up wi
| |
| 250 greater than zero. | |
| 250 </dd> | 251 </dd> |
| 251 | 252 |
| 252 <dt class="field">IPConfigs</dt> | 253 <dt class="field">IPConfigs</dt> |
| 253 <dd> | 254 <dd> |
| 254 <span class="field_meta"> | 255 <span class="field_meta"> |
| 255 (optional if <span class="field">Remove</span> is | 256 (optional if <span class="field">Remove</span> is |
| 256 <span class="value">false</span>, otherwise ignored) | 257 <span class="value">false</span>, otherwise ignored) |
| 257 <span class="type">array of IPConfig</span> | 258 <span class="type">array of IPConfig</span> |
| 258 </span> | 259 </span> |
| 259 Static IPv4 or IPv6 parameters to associate with this connection. | 260 Static IPv4 or IPv6 parameters to associate with this connection. |
| (...skipping 1309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1569 The <span class="type">Certificate</span> type contains the following: | 1570 The <span class="type">Certificate</span> type contains the following: |
| 1570 </p> | 1571 </p> |
| 1571 | 1572 |
| 1572 <dl class="field_list"> | 1573 <dl class="field_list"> |
| 1573 <dt class="field">GUID</dt> | 1574 <dt class="field">GUID</dt> |
| 1574 <dd> | 1575 <dd> |
| 1575 <span class="field_meta"> | 1576 <span class="field_meta"> |
| 1576 (required) | 1577 (required) |
| 1577 <span class="type">string</span> | 1578 <span class="type">string</span> |
| 1578 </span> | 1579 </span> |
| 1579 unique identification for certificate | 1580 A unique identifier for this certificate. Must have a length greater than |
| 1581 zero. | |
| 1580 </dd> | 1582 </dd> |
| 1581 | 1583 |
| 1582 <dt class="field">PKCS12</dt> | 1584 <dt class="field">PKCS12</dt> |
| 1583 <dd> | 1585 <dd> |
| 1584 <span class="field_meta"> | 1586 <span class="field_meta"> |
| 1585 (required if <span class="field">Type</span> is | 1587 (required if <span class="field">Type</span> is |
| 1586 <span class="value">Client</span>, otherwise ignored) | 1588 <span class="value">Client</span>, otherwise ignored) |
| 1587 <span class="type">string</span> | 1589 <span class="type">string</span> |
| 1588 </span> For certificates with | 1590 </span> For certificates with |
| 1589 private keys, this is the base64 encoding of the a PKCS#12 file. | 1591 private keys, this is the base64 encoding of the a PKCS#12 file. |
| (...skipping 480 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2070 is transmitted or saved to disk should be secure. On client device, when | 2072 is transmitted or saved to disk should be secure. On client device, when |
| 2071 user names for connections that are user-specific are persisted to disk, | 2073 user names for connections that are user-specific are persisted to disk, |
| 2072 they should be stored in a location that is encrypted. Users can also opt in | 2074 they should be stored in a location that is encrypted. Users can also opt in |
| 2073 these cases to not save their user credentials in the config file and will | 2075 these cases to not save their user credentials in the config file and will |
| 2074 instead be prompted when they are needed. | 2076 instead be prompted when they are needed. |
| 2075 </p> | 2077 </p> |
| 2076 </section> | 2078 </section> |
| 2077 </section> | 2079 </section> |
| 2078 </body> | 2080 </body> |
| 2079 </html> | 2081 </html> |
| OLD | NEW |
