net/http/transport_security_state.h - Issue 2034843003: Add Expect-Staple to preload list

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/transport_security_state.h

Issue 2034843003: Add Expect-Staple to preload list (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Update test domain names Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/transport_security_state.h

diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h

index 14c080a4b65ae6e72f4a37f965dfa8974fc89dd1..b74b78d64fdb60664dfd3de3b0c2cd41e420b0dc 100644

--- a/net/http/transport_security_state.h

+++ b/net/http/transport_security_state.h

@@ -198,6 +198,23 @@ class NET_EXPORT TransportSecurityState

GURL report_uri;

};

+ // An ExpectStapleState describes a site that expects valid OCSP information

+ // to be stapled to its certificate on every connection.

+ class NET_EXPORT ExpectStapleState {

+ public:

+ ExpectStapleState();

+ ~ExpectStapleState();

+ // The domain which matched during a search for this Expect-Staple entry

+ std::string domain;

+ // The URI reports are sent to if a valid OCSP response is not stapled

+ GURL report_uri;

+ // True if subdomains are subject to this policy

+ bool include_subdomains;

+ };

// An interface for asynchronously sending HPKP violation reports.

class NET_EXPORT ReportSender {

public:

@@ -447,6 +464,14 @@ class NET_EXPORT TransportSecurityState

bool GetStaticExpectCTState(const std::string& host,

ExpectCTState* expect_ct_result) const;

+ // Returns true and updates |*expect_staple_result| iff there is a static

+ // (built-in) state for |host| with expect_staple=true, or if |host| is a

+ // subdomain of another domain with expect_staple=true and

+ // include_subdomains_for_expect_staple=true.

+ bool GetStaticExpectStapleState(

+ const std::string& host,

+ ExpectStapleState* expect_staple_result) const;

// The sets of hosts that have enabled TransportSecurity. |domain| will always

// be empty for a STSState or PKPState in these maps; the domain

// comes from the map keys instead. In addition, |upgrade_mode| in the

@@ -465,6 +490,9 @@ class NET_EXPORT TransportSecurityState

// True if static expect-CT state should be used.

bool enable_static_expect_ct_;

+ // True if static expect-staple state should be used.

+ bool enable_static_expect_staple_;

estark 2016/06/03 22:31:36 need to initialize this in the TSS constructor

ExpectCTReporter* expect_ct_reporter_;

// Keeps track of reports that have been sent recently for

« no previous file with comments | « no previous file | net/http/transport_security_state.cc » ('j') | no next file with comments »