Add information to SSLInfo about CT EV policy compliance

net/ssl/ssl_info.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_SSL_SSL_INFO_H_
 #define NET_SSL_SSL_INFO_H_
 
 #include <vector>
 
 #include "base/memory/ref_counted.h"
 #include "net/base/net_export.h"
 #include "net/cert/cert_status_flags.h"
+#include "net/cert/ct_policy_status.h"
 #include "net/cert/ct_verify_result.h"
 #include "net/cert/sct_status_flags.h"
 #include "net/cert/x509_cert_types.h"
 #include "net/ssl/signed_certificate_timestamp_and_status.h"
 #include "net/ssl/ssl_config.h"
 
 namespace net {
 
 class X509Certificate;
 
@@ skipping 14 matching lines @@
   ~SSLInfo();
   SSLInfo& operator=(const SSLInfo& info);
 
   void Reset();
 
   bool is_valid() const { return cert.get() != NULL; }
 
   // Adds the specified |error| to the cert status.
   void SetCertError(int error);
 
-  // Adds the SignedCertificateTimestamps from ct_verify_result to
-  // |signed_certificate_timestamps|.  SCTs are held in three separate vectors
-  // in ct_verify_result, each vetor representing a particular verification
-  // state, this method associates each of the SCTs with the corresponding
-  // SCTVerifyStatus as it adds it to the |signed_certificate_timestamps| list.
-  void UpdateSignedCertificateTimestamps(
+  // Adds the SignedCertificateTimestamps and policy compliance details
+  // from ct_verify_result to |signed_certificate_timestamps| and
+  // |ct_policy_compliance_details|.  SCTs are held in three separate

[Ryan Sleevi, 2016/02/18 06:46:52]

Since you're updating this, can you fix the double space following . to single
space (that's the dominant style of this file; client_cert_sent seems to be the
only other deviation, and I'm half-tempted to suggest bonus-fixing it in this
CL, and half-appalled that I'd even consider suggesting that)

[estark, 2016/02/18 19:24:32]

Done.

+  // vectors in ct_verify_result, each vetor representing a particular
+  // verification state, this method associates each of the SCTs with
+  // the corresponding SCTVerifyStatus as it adds it to the
+  // |signed_certificate_timestamps| list.
+  void UpdateCertificateTransparencyInfo(
       const ct::CTVerifyResult& ct_verify_result);
 
   // The SSL certificate.
   scoped_refptr<X509Certificate> cert;
 
   // The SSL certificate as received by the client. Can be different
   // from |cert|, which is the chain as built by the client during
   // validation.
   scoped_refptr<X509Certificate> unverified_cert;
 
@@ skipping 45 matching lines @@
   HashValueVector public_key_hashes;
 
   // pinning_failure_log contains a message produced by
   // TransportSecurityState::PKPState::CheckPublicKeyPins in the event of a
   // pinning failure. It is a (somewhat) human-readable string.
   std::string pinning_failure_log;
 
   // List of SignedCertificateTimestamps and their corresponding validation
   // status.
   SignedCertificateTimestampAndStatusList signed_certificate_timestamps;
+
+  // True if Certificate Transparency policies were applied on this
+  // connection and results are available. If true, the field below
+  // (|ev_policy_compliance|) will contain information about whether
+  // the connection complied with the policy and why the connection
+  // was considered non-compliant, if applicable.
+  bool ct_compliance_details_available;
+
+  // Whether the connection complied with the CT EV policy, and if not,
+  // why not. Only meaningful if |ct_compliance_details_available| is
+  // true.
+  ct::EVPolicyCompliance ct_ev_policy_compliance;
 };
 
 }  // namespace net
 
 #endif  // NET_SSL_SSL_INFO_H_