Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(715)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state.h

Issue 2034843003: Add Expect-Staple to preload list (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Test enable_static_expect_staple_ is followed Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/http/transport_security_state.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index 14c080a4b65ae6e72f4a37f965dfa8974fc89dd1..b74b78d64fdb60664dfd3de3b0c2cd41e420b0dc 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -198,6 +198,23 @@ class NET_EXPORT TransportSecurityState
GURL report_uri;
};
+ // An ExpectStapleState describes a site that expects valid OCSP information
+ // to be stapled to its certificate on every connection.
+ class NET_EXPORT ExpectStapleState {
+ public:
+ ExpectStapleState();
+ ~ExpectStapleState();
+
+ // The domain which matched during a search for this Expect-Staple entry
+ std::string domain;
+
+ // The URI reports are sent to if a valid OCSP response is not stapled
+ GURL report_uri;
+
+ // True if subdomains are subject to this policy
+ bool include_subdomains;
+ };
+
// An interface for asynchronously sending HPKP violation reports.
class NET_EXPORT ReportSender {
public:
@@ -447,6 +464,14 @@ class NET_EXPORT TransportSecurityState
bool GetStaticExpectCTState(const std::string& host,
ExpectCTState* expect_ct_result) const;
+ // Returns true and updates |*expect_staple_result| iff there is a static
+ // (built-in) state for |host| with expect_staple=true, or if |host| is a
+ // subdomain of another domain with expect_staple=true and
+ // include_subdomains_for_expect_staple=true.
+ bool GetStaticExpectStapleState(
+ const std::string& host,
+ ExpectStapleState* expect_staple_result) const;
+
// The sets of hosts that have enabled TransportSecurity. |domain| will always
// be empty for a STSState or PKPState in these maps; the domain
// comes from the map keys instead. In addition, |upgrade_mode| in the
@@ -465,6 +490,9 @@ class NET_EXPORT TransportSecurityState
// True if static expect-CT state should be used.
bool enable_static_expect_ct_;
+ // True if static expect-staple state should be used.
+ bool enable_static_expect_staple_;
+
ExpectCTReporter* expect_ct_reporter_;
// Keeps track of reports that have been sent recently for
« no previous file with comments | « no previous file | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698