Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(430)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/ssl_info.h

Issue 1652603002: Add information to SSLInfo about CT EV policy compliance (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: some cleanup Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/socket/ssl_client_socket_nss.cc ('K') | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_info.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/ssl_info.h
diff --git a/net/ssl/ssl_info.h b/net/ssl/ssl_info.h
index 40dec2865729bb3e431dfc1641f46d0a6086193e..e4dc6c75329ed3cf484bf1ccac267ad008eae686 100644
--- a/net/ssl/ssl_info.h
+++ b/net/ssl/ssl_info.h
@@ -10,6 +10,7 @@
#include "base/memory/ref_counted.h"
#include "net/base/net_export.h"
#include "net/cert/cert_status_flags.h"
+#include "net/cert/ct_policy_status.h"
#include "net/cert/ct_verify_result.h"
#include "net/cert/sct_status_flags.h"
#include "net/cert/x509_cert_types.h"
@@ -44,12 +45,14 @@ class NET_EXPORT SSLInfo {
// Adds the specified |error| to the cert status.
void SetCertError(int error);
- // Adds the SignedCertificateTimestamps from ct_verify_result to
- // |signed_certificate_timestamps|. SCTs are held in three separate vectors
- // in ct_verify_result, each vetor representing a particular verification
- // state, this method associates each of the SCTs with the corresponding
- // SCTVerifyStatus as it adds it to the |signed_certificate_timestamps| list.
- void UpdateSignedCertificateTimestamps(
+ // Adds the SignedCertificateTimestamps and policy compliance details
+ // from ct_verify_result to |signed_certificate_timestamps| and
+ // |ct_policy_compliance_details|. SCTs are held in three separate
Ryan Sleevi 2016/02/18 06:46:52 Since you're updating this, can you fix the double
estark 2016/02/18 19:24:32 Done.
+ // vectors in ct_verify_result, each vetor representing a particular
+ // verification state, this method associates each of the SCTs with
+ // the corresponding SCTVerifyStatus as it adds it to the
+ // |signed_certificate_timestamps| list.
+ void UpdateCertificateTransparencyInfo(
const ct::CTVerifyResult& ct_verify_result);
// The SSL certificate.
@@ -115,6 +118,18 @@ class NET_EXPORT SSLInfo {
// List of SignedCertificateTimestamps and their corresponding validation
// status.
SignedCertificateTimestampAndStatusList signed_certificate_timestamps;
+
+ // True if Certificate Transparency policies were applied on this
+ // connection and results are available. If true, the field below
+ // (|ev_policy_compliance|) will contain information about whether
+ // the connection complied with the policy and why the connection
+ // was considered non-compliant, if applicable.
+ bool ct_compliance_details_available;
+
+ // Whether the connection complied with the CT EV policy, and if not,
+ // why not. Only meaningful if |ct_compliance_details_available| is
+ // true.
+ ct::EVPolicyCompliance ct_ev_policy_compliance;
};
} // namespace net
« net/socket/ssl_client_socket_nss.cc ('K') | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_info.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698