Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2230)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/cert/ct_policy_status.h

Issue 1652603002: Add information to SSLInfo about CT EV policy compliance (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: some cleanup Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cert/ct_policy_enforcer_unittest.cc ('K') | « net/cert/ct_policy_enforcer_unittest.cc ('k') | net/cert/ct_verify_result.h » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/ct_policy_status.h
diff --git a/net/cert/ct_policy_status.h b/net/cert/ct_policy_status.h
new file mode 100644
index 0000000000000000000000000000000000000000..0255b9b155d4d914fc4a402c7f72e5c7f4e14a7b
--- /dev/null
+++ b/net/cert/ct_policy_status.h
@@ -0,0 +1,38 @@
+// Copyright 2016 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef NET_CERT_CT_POLICY_STATUS_H
Ryan Sleevi 2016/02/18 06:46:51 There's supposed to be a newline between 3 & 4 (an
estark 2016/02/18 19:24:32 Done.
+#define NET_CERT_CT_POLICY_STATUS_H
+
+namespace net {
+
+namespace ct {
+
+// Information about a connection's compliance with the CT EV
+// certificate policy.
+enum EVPolicyCompliance {
Ryan Sleevi 2016/02/18 06:46:51 Do you want to enum class this so you can forward
estark 2016/02/18 19:24:32 Done.
+ // The certificate was not EV, so the EV policy doesn't apply.
+ EV_POLICY_DOES_NOT_APPLY = 0,
Ryan Sleevi 2016/02/18 06:46:51 Do you still need this explicit numbering? If you
estark 2016/02/18 19:24:31 I think I started UMAing it in a follow-up CL. I'l
+ // The connection complied with the EV certificate policy by being
+ // included on the EV whitelist.
+ EV_POLICY_COMPLIES_VIA_WHITELIST,
+ // The connection complied with the EV certificate policy by
+ // including SCTs that satisfy the policy.
+ EV_POLICY_COMPLIES_VIA_SCTS,
+ // The connection did not have enough SCTs to retain its EV
+ // status.
+ EV_POLICY_NOT_ENOUGH_SCTS,
+ // The connection did not have diverse enough SCTs to retain its
+ // EV status.
+ EV_POLICY_NOT_DIVERSE_SCTS,
+ // The connection cannot be considered compliant because the build
+ // isn't timely and therefore log information might be out of date
+ // (for example a log might no longer be considered trustworthy).
+ EV_POLICY_BUILD_NOT_TIMELY,
+};
+
+} // namespace ct
+
+} // namespace net
+
+#endif // NET_CERT_CT_POLICY_STATUS_H
« net/cert/ct_policy_enforcer_unittest.cc ('K') | « net/cert/ct_policy_enforcer_unittest.cc ('k') | net/cert/ct_verify_result.h » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698