Index: net/ssl/ssl_info.h |
diff --git a/net/ssl/ssl_info.h b/net/ssl/ssl_info.h |
index 40dec2865729bb3e431dfc1641f46d0a6086193e..e4dc6c75329ed3cf484bf1ccac267ad008eae686 100644 |
--- a/net/ssl/ssl_info.h |
+++ b/net/ssl/ssl_info.h |
@@ -10,6 +10,7 @@ |
#include "base/memory/ref_counted.h" |
#include "net/base/net_export.h" |
#include "net/cert/cert_status_flags.h" |
+#include "net/cert/ct_policy_status.h" |
#include "net/cert/ct_verify_result.h" |
#include "net/cert/sct_status_flags.h" |
#include "net/cert/x509_cert_types.h" |
@@ -44,12 +45,14 @@ class NET_EXPORT SSLInfo { |
// Adds the specified |error| to the cert status. |
void SetCertError(int error); |
- // Adds the SignedCertificateTimestamps from ct_verify_result to |
- // |signed_certificate_timestamps|. SCTs are held in three separate vectors |
- // in ct_verify_result, each vetor representing a particular verification |
- // state, this method associates each of the SCTs with the corresponding |
- // SCTVerifyStatus as it adds it to the |signed_certificate_timestamps| list. |
- void UpdateSignedCertificateTimestamps( |
+ // Adds the SignedCertificateTimestamps and policy compliance details |
+ // from ct_verify_result to |signed_certificate_timestamps| and |
+ // |ct_policy_compliance_details|. SCTs are held in three separate |
Ryan Sleevi
2016/02/18 06:46:52
Since you're updating this, can you fix the double
estark
2016/02/18 19:24:32
Done.
|
+ // vectors in ct_verify_result, each vetor representing a particular |
+ // verification state, this method associates each of the SCTs with |
+ // the corresponding SCTVerifyStatus as it adds it to the |
+ // |signed_certificate_timestamps| list. |
+ void UpdateCertificateTransparencyInfo( |
const ct::CTVerifyResult& ct_verify_result); |
// The SSL certificate. |
@@ -115,6 +118,18 @@ class NET_EXPORT SSLInfo { |
// List of SignedCertificateTimestamps and their corresponding validation |
// status. |
SignedCertificateTimestampAndStatusList signed_certificate_timestamps; |
+ |
+ // True if Certificate Transparency policies were applied on this |
+ // connection and results are available. If true, the field below |
+ // (|ev_policy_compliance|) will contain information about whether |
+ // the connection complied with the policy and why the connection |
+ // was considered non-compliant, if applicable. |
+ bool ct_compliance_details_available; |
+ |
+ // Whether the connection complied with the CT EV policy, and if not, |
+ // why not. Only meaningful if |ct_compliance_details_available| is |
+ // true. |
+ ct::EVPolicyCompliance ct_ev_policy_compliance; |
}; |
} // namespace net |