| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_CERT_CT_POLICY_STATUS_H | 5 #ifndef NET_CERT_CT_POLICY_STATUS_H |
| 6 #define NET_CERT_CT_POLICY_STATUS_H | 6 #define NET_CERT_CT_POLICY_STATUS_H |
| 7 | 7 |
| 8 namespace net { | 8 namespace net { |
| 9 | 9 |
| 10 namespace ct { | 10 namespace ct { |
| 11 | 11 |
| 12 // Information about the connection's compliance with the CT |
| 13 // certificate policy. |
| 14 enum class CertPolicyCompliance { |
| 15 // The connection complied with the certificate policy by |
| 16 // including SCTs that satisfy the policy. |
| 17 CERT_POLICY_COMPLIES_VIA_SCTS = 0, |
| 18 // The connection did not have enough SCTs to comply. |
| 19 CERT_POLICY_NOT_ENOUGH_SCTS, |
| 20 // The connection did not have diverse enough SCTs to comply. |
| 21 CERT_POLICY_NOT_DIVERSE_SCTS, |
| 22 // The connection cannot be considered compliant because the build |
| 23 // isn't timely and therefore log information might be out of date |
| 24 // (for example a log might no longer be considered trustworthy). |
| 25 CERT_POLICY_BUILD_NOT_TIMELY, |
| 26 }; |
| 27 |
| 12 // Information about a connection's compliance with the CT EV | 28 // Information about a connection's compliance with the CT EV |
| 13 // certificate policy. | 29 // certificate policy. |
| 30 // This enum is histogrammed, so do not remove or reorder values. |
| 14 enum class EVPolicyCompliance { | 31 enum class EVPolicyCompliance { |
| 15 // The certificate was not EV, so the EV policy doesn't apply. | 32 // The certificate was not EV, so the EV policy doesn't apply. |
| 16 EV_POLICY_DOES_NOT_APPLY, | 33 EV_POLICY_DOES_NOT_APPLY = 0, |
| 17 // The connection complied with the EV certificate policy by being | 34 // The connection complied with the EV certificate policy by being |
| 18 // included on the EV whitelist. | 35 // included on the EV whitelist. |
| 19 EV_POLICY_COMPLIES_VIA_WHITELIST, | 36 EV_POLICY_COMPLIES_VIA_WHITELIST, |
| 20 // The connection complied with the EV certificate policy by | 37 // The connection complied with the EV certificate policy by |
| 21 // including SCTs that satisfy the policy. | 38 // including SCTs that satisfy the policy. |
| 22 EV_POLICY_COMPLIES_VIA_SCTS, | 39 EV_POLICY_COMPLIES_VIA_SCTS, |
| 23 // The connection did not have enough SCTs to retain its EV | 40 // The connection did not have enough SCTs to retain its EV |
| 24 // status. | 41 // status. |
| 25 EV_POLICY_NOT_ENOUGH_SCTS, | 42 EV_POLICY_NOT_ENOUGH_SCTS, |
| 26 // The connection did not have diverse enough SCTs to retain its | 43 // The connection did not have diverse enough SCTs to retain its |
| 27 // EV status. | 44 // EV status. |
| 28 EV_POLICY_NOT_DIVERSE_SCTS, | 45 EV_POLICY_NOT_DIVERSE_SCTS, |
| 29 // The connection cannot be considered compliant because the build | 46 // The connection cannot be considered compliant because the build |
| 30 // isn't timely and therefore log information might be out of date | 47 // isn't timely and therefore log information might be out of date |
| 31 // (for example a log might no longer be considered trustworthy). | 48 // (for example a log might no longer be considered trustworthy). |
| 32 EV_POLICY_BUILD_NOT_TIMELY, | 49 EV_POLICY_BUILD_NOT_TIMELY, |
| 50 EV_POLICY_MAX, |
| 33 }; | 51 }; |
| 34 | 52 |
| 35 } // namespace ct | 53 } // namespace ct |
| 36 | 54 |
| 37 } // namespace net | 55 } // namespace net |
| 38 | 56 |
| 39 #endif // NET_CERT_CT_POLICY_STATUS_H | 57 #endif // NET_CERT_CT_POLICY_STATUS_H |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1578993003:
Add Expect CT policy that gets checked on all certs (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master