Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(735)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/ssl_info.h

Issue 1652603002: Add information to SSLInfo about CT EV policy compliance (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rsleevi nits Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_info.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/ssl_info.h
diff --git a/net/ssl/ssl_info.h b/net/ssl/ssl_info.h
index 40dec2865729bb3e431dfc1641f46d0a6086193e..39353693728304888ed9b8a21920603f78a044a7 100644
--- a/net/ssl/ssl_info.h
+++ b/net/ssl/ssl_info.h
@@ -18,6 +18,12 @@
namespace net {
+namespace ct {
+
+enum class EVPolicyCompliance;
+
+} // namespace ct
+
class X509Certificate;
// SSL connection info.
@@ -44,12 +50,14 @@ class NET_EXPORT SSLInfo {
// Adds the specified |error| to the cert status.
void SetCertError(int error);
- // Adds the SignedCertificateTimestamps from ct_verify_result to
- // |signed_certificate_timestamps|. SCTs are held in three separate vectors
- // in ct_verify_result, each vetor representing a particular verification
- // state, this method associates each of the SCTs with the corresponding
- // SCTVerifyStatus as it adds it to the |signed_certificate_timestamps| list.
- void UpdateSignedCertificateTimestamps(
+ // Adds the SignedCertificateTimestamps and policy compliance details
+ // from ct_verify_result to |signed_certificate_timestamps| and
+ // |ct_policy_compliance_details|. SCTs are held in three separate
+ // vectors in ct_verify_result, each vetor representing a particular
+ // verification state, this method associates each of the SCTs with
+ // the corresponding SCTVerifyStatus as it adds it to the
+ // |signed_certificate_timestamps| list.
+ void UpdateCertificateTransparencyInfo(
const ct::CTVerifyResult& ct_verify_result);
// The SSL certificate.
@@ -115,6 +123,18 @@ class NET_EXPORT SSLInfo {
// List of SignedCertificateTimestamps and their corresponding validation
// status.
SignedCertificateTimestampAndStatusList signed_certificate_timestamps;
+
+ // True if Certificate Transparency policies were applied on this
+ // connection and results are available. If true, the field below
+ // (|ev_policy_compliance|) will contain information about whether
+ // the connection complied with the policy and why the connection
+ // was considered non-compliant, if applicable.
+ bool ct_compliance_details_available;
+
+ // Whether the connection complied with the CT EV policy, and if not,
+ // why not. Only meaningful if |ct_compliance_details_available| is
+ // true.
+ ct::EVPolicyCompliance ct_ev_policy_compliance;
};
} // namespace net
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_info.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698