Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(136)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state.h

Issue 1213783005: Send HPKP violation reports when a pin check fails (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index 876f9881dff2d170cbbc3296dd8f2408bd5708b5..45c2320ebd5d2834ace8e07e1787eb70bd08b1e1 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -196,6 +196,13 @@ class NET_EXPORT TransportSecurityState
const std::string& report) = 0;
};
+ // Indicates whether or not a public key pin check should send a
+ // report if a violation is detected.
+ enum PublicKeyPinReportStatus {
+ DO_NOT_SEND_PUBLIC_KEY_PIN_REPORT,
+ SEND_PUBLIC_KEY_PIN_REPORT
+ };
+
TransportSecurityState();
~TransportSecurityState();
@@ -204,10 +211,15 @@ class NET_EXPORT TransportSecurityState
// interface; direct access to DomainStates is best left to tests.
bool ShouldSSLErrorsBeFatal(const std::string& host);
bool ShouldUpgradeToSSL(const std::string& host);
- bool CheckPublicKeyPins(const std::string& host,
- bool is_issued_by_known_root,
- const HashValueVector& hashes,
- std::string* failure_log);
+ bool CheckPublicKeyPins(
+ const std::string& host,
+ bool is_issued_by_known_root,
+ const HashValueVector& hashes,
+ uint16_t port,
+ const scoped_refptr<X509Certificate>& served_certificate_chain,
+ const scoped_refptr<X509Certificate>& validated_certificate_chain,
+ const PublicKeyPinReportStatus report_status,
Ryan Sleevi 2015/06/26 20:22:19 same comments re: raw pointers being cool
estark 2015/07/09 22:18:41 Done.
+ std::string* failure_log);
bool HasPublicKeyPins(const std::string& host);
// Assign a |Delegate| for persisting the transport security state. If
@@ -327,9 +339,14 @@ class NET_EXPORT TransportSecurityState
static bool IsBuildTimely();
// Helper method for actually checking pins.
- bool CheckPublicKeyPinsImpl(const std::string& host,
- const HashValueVector& hashes,
- std::string* failure_log);
+ bool CheckPublicKeyPinsImpl(
+ const std::string& host,
+ const HashValueVector& hashes,
+ uint16_t port,
+ const scoped_refptr<X509Certificate>& served_certificate_chain,
+ const scoped_refptr<X509Certificate>& validated_certificate_chain,
+ const PublicKeyPinReportStatus report_status,
Ryan Sleevi 2015/06/26 20:22:19 ditto
estark 2015/07/09 22:18:41 Done.
+ std::string* failure_log);
// If a Delegate is present, notify it that the internal state has
// changed.
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | net/http/transport_security_state_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698