Index: net/cert/ct_verify_result.h |
diff --git a/net/cert/ct_verify_result.h b/net/cert/ct_verify_result.h |
index aa90164193b0cdf9c532d5e13ba2994491348766..082afee4b3afe946a38007e4e660da591cb1bcc3 100644 |
--- a/net/cert/ct_verify_result.h |
+++ b/net/cert/ct_verify_result.h |
@@ -7,6 +7,7 @@ |
#include <vector> |
+#include "net/cert/ct_policy_enforcer.h" |
#include "net/cert/signed_certificate_timestamp.h" |
namespace net { |
@@ -15,9 +16,9 @@ namespace ct { |
typedef std::vector<scoped_refptr<SignedCertificateTimestamp> > SCTList; |
-// Holds Signed Certificate Timestamps, depending on their verification results. |
-// More information could be tracked here about SCTs, but for the current UI |
-// this categorization is enough. |
+// Holds Signed Certificate Timestamps, depending on their verification |
+// results, and information about CT policies that were applied on the |
+// connection. |
struct NET_EXPORT CTVerifyResult { |
CTVerifyResult(); |
~CTVerifyResult(); |
@@ -28,6 +29,12 @@ struct NET_EXPORT CTVerifyResult { |
SCTList invalid_scts; |
// SCTs from unknown logs and as such are unverifiable. |
SCTList unknown_logs_scts; |
+ |
+ // True if any CT policies were applied on this connection. |
+ bool ct_policies_applied; |
+ // The result of evaluating whether the connection complies with the |
+ // EV CT policy. |
+ CTPolicyEnforcer::EVPolicyCompliance ev_policy_compliance; |
Eran Messeri
2016/02/10 17:41:09
Wouldn't it make sense to have the EVPolicyComplia
Ryan Sleevi
2016/02/10 17:57:06
That would seem to defeat the goal of making CTPol
estark
2016/02/11 01:54:21
Done. (separate header)
|
}; |
} // namespace ct |