Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1276)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state_static.json

Issue 1267383002: Allow preloaded pins to contain report URIs; remove special-case reporting (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase fixup Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/transport_security_state_static.h ('k') | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file contains the HSTS preloaded list in a machine readable format. 5 // This file contains the HSTS preloaded list in a machine readable format.
6 6
7 // The top-level element is a dictionary with two keys: "pinsets" maps details 7 // The top-level element is a dictionary with two keys: "pinsets" maps details
8 // of certificate pinning to a name and "entries" contains the HSTS details for 8 // of certificate pinning to a name and "entries" contains the HSTS details for
9 // each host. 9 // each host.
10 // 10 //
11 // "pinsets" is a list of objects. Each object has the following members: 11 // "pinsets" is a list of objects. Each object has the following members:
12 // name: (string) the name of the pinset 12 // name: (string) the name of the pinset
13 // static_spki_hashes: (list of strings) the set of allowed SPKIs hashes 13 // static_spki_hashes: (list of strings) the set of allowed SPKIs hashes
14 // bad_static_spki_hashes: (optional list of strings) the set of forbidden 14 // bad_static_spki_hashes: (optional list of strings) the set of forbidden
15 // SPKIs hashes 15 // SPKIs hashes
16 // report_uri: (optional string) the URI to send violation reports to;
17 // reports will be in the format defined in RFC 7469
16 // 18 //
17 // For a given pinset, a certificate is accepted if at least one of the 19 // For a given pinset, a certificate is accepted if at least one of the
18 // "static_spki_hashes" SPKIs is found in the chain and none of the 20 // "static_spki_hashes" SPKIs is found in the chain and none of the
19 // "bad_static_spki_hashes" SPKIs are. SPKIs are specified as names, which must 21 // "bad_static_spki_hashes" SPKIs are. SPKIs are specified as names, which must
20 // match up with the file of certificates. 22 // match up with the file of certificates.
21 // 23 //
22 // "entries" is a list of objects. Each object has the following members: 24 // "entries" is a list of objects. Each object has the following members:
23 // name: (string) the DNS name of the host in question 25 // name: (string) the DNS name of the host in question
24 // include_subdomains: (optional bool) whether subdomains of |name| are also 26 // include_subdomains: (optional bool) whether subdomains of |name| are also
25 // covered 27 // covered
26 // mode: (optional string) "force-https" iff covered names should require 28 // mode: (optional string) "force-https" iff covered names should require
27 // HTTPS 29 // HTTPS
28 // pins: (optional string) the |name| member of an object in |pinsets| 30 // pins: (optional string) the |name| member of an object in |pinsets|
29 31
30 { 32 {
31 "pinsets": [ 33 "pinsets": [
32 { 34 {
33 "name": "test", 35 "name": "test",
34 "static_spki_hashes": [ 36 "static_spki_hashes": [
35 "TestSPKI" 37 "TestSPKI"
36 ] 38 ]
37 }, 39 },
38 { 40 {
39 "name": "google", 41 "name": "google",
40 "static_spki_hashes": [ 42 "static_spki_hashes": [
41 "GoogleBackup2048", 43 "GoogleBackup2048",
42 "GoogleG2", 44 "GoogleG2",
43 "GeoTrustGlobal" 45 "GeoTrustGlobal"
44 ] 46 ],
47 "report_uri": "http://clients3.google.com/cert_upload_json"
45 }, 48 },
46 { 49 {
47 "name": "tor", 50 "name": "tor",
48 "static_spki_hashes": [ 51 "static_spki_hashes": [
49 "RapidSSL", 52 "RapidSSL",
50 "DigiCertEVRoot", 53 "DigiCertEVRoot",
51 "Tor1", 54 "Tor1",
52 "Tor2", 55 "Tor2",
53 "Tor3" 56 "Tor3"
54 ] 57 ]
(...skipping 3601 matching lines...) Expand 10 before | Expand all | Expand 10 after
3656 "SPIDEROAK_COM", 3659 "SPIDEROAK_COM",
3657 "BLOGGER_COM", 3660 "BLOGGER_COM",
3658 "CHROME_COM", 3661 "CHROME_COM",
3659 "GVT3_COM", 3662 "GVT3_COM",
3660 "GVT2_COM", 3663 "GVT2_COM",
3661 "GOOGLE", 3664 "GOOGLE",
3662 "GGPHT_COM", 3665 "GGPHT_COM",
3663 "BLOGSPOT_COM" 3666 "BLOGSPOT_COM"
3664 ] 3667 ]
3665 } 3668 }
OLDNEW
« no previous file with comments | « net/http/transport_security_state_static.h ('k') | net/http/transport_security_state_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698