OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file contains the HSTS preloaded list in a machine readable format. | 5 // This file contains the HSTS preloaded list in a machine readable format. |
6 | 6 |
7 // The top-level element is a dictionary with two keys: "pinsets" maps details | 7 // The top-level element is a dictionary with two keys: "pinsets" maps details |
8 // of certificate pinning to a name and "entries" contains the HSTS details for | 8 // of certificate pinning to a name and "entries" contains the HSTS details for |
9 // each host. | 9 // each host. |
10 // | 10 // |
11 // "pinsets" is a list of objects. Each object has the following members: | 11 // "pinsets" is a list of objects. Each object has the following members: |
12 // name: (string) the name of the pinset | 12 // name: (string) the name of the pinset |
13 // static_spki_hashes: (list of strings) the set of allowed SPKIs hashes | 13 // static_spki_hashes: (list of strings) the set of allowed SPKIs hashes |
14 // bad_static_spki_hashes: (optional list of strings) the set of forbidden | 14 // bad_static_spki_hashes: (optional list of strings) the set of forbidden |
15 // SPKIs hashes | 15 // SPKIs hashes |
| 16 // report_uri: (optional string) the URI to send violation reports to; |
| 17 // reports will be in the format defined in RFC 7469 |
16 // | 18 // |
17 // For a given pinset, a certificate is accepted if at least one of the | 19 // For a given pinset, a certificate is accepted if at least one of the |
18 // "static_spki_hashes" SPKIs is found in the chain and none of the | 20 // "static_spki_hashes" SPKIs is found in the chain and none of the |
19 // "bad_static_spki_hashes" SPKIs are. SPKIs are specified as names, which must | 21 // "bad_static_spki_hashes" SPKIs are. SPKIs are specified as names, which must |
20 // match up with the file of certificates. | 22 // match up with the file of certificates. |
21 // | 23 // |
22 // "entries" is a list of objects. Each object has the following members: | 24 // "entries" is a list of objects. Each object has the following members: |
23 // name: (string) the DNS name of the host in question | 25 // name: (string) the DNS name of the host in question |
24 // include_subdomains: (optional bool) whether subdomains of |name| are also | 26 // include_subdomains: (optional bool) whether subdomains of |name| are also |
25 // covered | 27 // covered |
26 // mode: (optional string) "force-https" iff covered names should require | 28 // mode: (optional string) "force-https" iff covered names should require |
27 // HTTPS | 29 // HTTPS |
28 // pins: (optional string) the |name| member of an object in |pinsets| | 30 // pins: (optional string) the |name| member of an object in |pinsets| |
29 | 31 |
30 { | 32 { |
31 "pinsets": [ | 33 "pinsets": [ |
32 { | 34 { |
33 "name": "test", | 35 "name": "test", |
34 "static_spki_hashes": [ | 36 "static_spki_hashes": [ |
35 "TestSPKI" | 37 "TestSPKI" |
36 ] | 38 ] |
37 }, | 39 }, |
38 { | 40 { |
39 "name": "google", | 41 "name": "google", |
40 "static_spki_hashes": [ | 42 "static_spki_hashes": [ |
41 "GoogleBackup2048", | 43 "GoogleBackup2048", |
42 "GoogleG2", | 44 "GoogleG2", |
43 "GeoTrustGlobal" | 45 "GeoTrustGlobal" |
44 ] | 46 ], |
| 47 "report_uri": "http://clients3.google.com/cert_upload_json" |
45 }, | 48 }, |
46 { | 49 { |
47 "name": "tor", | 50 "name": "tor", |
48 "static_spki_hashes": [ | 51 "static_spki_hashes": [ |
49 "RapidSSL", | 52 "RapidSSL", |
50 "DigiCertEVRoot", | 53 "DigiCertEVRoot", |
51 "Tor1", | 54 "Tor1", |
52 "Tor2", | 55 "Tor2", |
53 "Tor3" | 56 "Tor3" |
54 ] | 57 ] |
(...skipping 3601 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3656 "SPIDEROAK_COM", | 3659 "SPIDEROAK_COM", |
3657 "BLOGGER_COM", | 3660 "BLOGGER_COM", |
3658 "CHROME_COM", | 3661 "CHROME_COM", |
3659 "GVT3_COM", | 3662 "GVT3_COM", |
3660 "GVT2_COM", | 3663 "GVT2_COM", |
3661 "GOOGLE", | 3664 "GOOGLE", |
3662 "GGPHT_COM", | 3665 "GGPHT_COM", |
3663 "BLOGSPOT_COM" | 3666 "BLOGSPOT_COM" |
3664 ] | 3667 ] |
3665 } | 3668 } |
OLD | NEW |