Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1047)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/transport_security_state.h

Issue 2066603004: Return enum from TransportSecurityState::CheckPublicKeyPins (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Set CERT_STATUS_PINNED_KEY_MISSING Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/transport_security_state.h
diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h
index c0dade1b2bb60e590e30e068a9c11aa4f01bce31..403d8c5b6268025f36830453ac8a2838faadd179 100644
--- a/net/http/transport_security_state.h
+++ b/net/http/transport_security_state.h
@@ -103,6 +103,20 @@ class NET_EXPORT TransportSecurityState
std::map<std::string, STSState>::const_iterator end_;
};
+ // PKPStatus describes the result of a pinning check.
+ enum class PKPStatus {
+ // Pinning was enabled and the necessary pins were not present.
+ VIOLATED,
+
+ // Pinning was not enabled, or pinning was enabled and the certificate
+ // satisfied the pins.
+ OK,
+
+ // Pinning was enabled and the certificate did not satisfy the pins, but the
+ // violation was ignored due to local policy, such as a local trust anchor.
+ BYPASSED,
+ };
+
// A PKPState describes the public key pinning state.
class NET_EXPORT PKPState {
public:
@@ -251,13 +265,14 @@ class NET_EXPORT TransportSecurityState
// when is_issued_by_known_root is false.
bool ShouldSSLErrorsBeFatal(const std::string& host);
bool ShouldUpgradeToSSL(const std::string& host);
- bool CheckPublicKeyPins(const HostPortPair& host_port_pair,
- bool is_issued_by_known_root,
- const HashValueVector& hashes,
- const X509Certificate* served_certificate_chain,
- const X509Certificate* validated_certificate_chain,
- const PublicKeyPinReportStatus report_status,
- std::string* failure_log);
+ PKPStatus CheckPublicKeyPins(
+ const HostPortPair& host_port_pair,
+ bool is_issued_by_known_root,
+ const HashValueVector& hashes,
+ const X509Certificate* served_certificate_chain,
+ const X509Certificate* validated_certificate_chain,
+ const PublicKeyPinReportStatus report_status,
+ std::string* failure_log);
bool HasPublicKeyPins(const std::string& host);
// Assign a |Delegate| for persisting the transport security state. If
@@ -403,7 +418,7 @@ class NET_EXPORT TransportSecurityState
static bool IsBuildTimely();
// Helper method for actually checking pins.
- bool CheckPublicKeyPinsImpl(
+ PKPStatus CheckPublicKeyPinsImpl(
const HostPortPair& host_port_pair,
bool is_issued_by_known_root,
const HashValueVector& hashes,
@@ -444,7 +459,7 @@ class NET_EXPORT TransportSecurityState
// |report_status| says to), this method sends an HPKP violation
// report containing |served_certificate_chain| and
// |validated_certificate_chain|.
- bool CheckPinsAndMaybeSendReport(
+ PKPStatus CheckPinsAndMaybeSendReport(
const HostPortPair& host_port_pair,
bool is_issued_by_known_root,
const TransportSecurityState::PKPState& pkp_state,
« no previous file with comments | « net/http/http_security_headers_unittest.cc ('k') | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698