Chromium Code Reviews Chromium Code Reviews
Issue 1652603002:
Add information to SSLInfo about CT EV policy compliance (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/cert/ct_verify_result.h |
| diff --git a/net/cert/ct_verify_result.h b/net/cert/ct_verify_result.h |
| index aa90164193b0cdf9c532d5e13ba2994491348766..082afee4b3afe946a38007e4e660da591cb1bcc3 100644 |
| --- a/net/cert/ct_verify_result.h |
| +++ b/net/cert/ct_verify_result.h |
| @@ -7,6 +7,7 @@ |
| #include <vector> |
| +#include "net/cert/ct_policy_enforcer.h" |
| #include "net/cert/signed_certificate_timestamp.h" |
| namespace net { |
| @@ -15,9 +16,9 @@ namespace ct { |
| typedef std::vector<scoped_refptr<SignedCertificateTimestamp> > SCTList; |
| -// Holds Signed Certificate Timestamps, depending on their verification results. |
| -// More information could be tracked here about SCTs, but for the current UI |
| -// this categorization is enough. |
| +// Holds Signed Certificate Timestamps, depending on their verification |
| +// results, and information about CT policies that were applied on the |
| +// connection. |
| struct NET_EXPORT CTVerifyResult { |
| CTVerifyResult(); |
| ~CTVerifyResult(); |
| @@ -28,6 +29,12 @@ struct NET_EXPORT CTVerifyResult { |
| SCTList invalid_scts; |
| // SCTs from unknown logs and as such are unverifiable. |
| SCTList unknown_logs_scts; |
| + |
| + // True if any CT policies were applied on this connection. |
| + bool ct_policies_applied; |
| + // The result of evaluating whether the connection complies with the |
| + // EV CT policy. |
| + CTPolicyEnforcer::EVPolicyCompliance ev_policy_compliance; |
|
Eran Messeri
2016/02/10 17:41:09
Wouldn't it make sense to have the EVPolicyComplia
Ryan Sleevi
2016/02/10 17:57:06
That would seem to defeat the goal of making CTPol
estark
2016/02/11 01:54:21
Done. (separate header)
|
| }; |
| } // namespace ct |
