Chromium Code Reviews Chromium Code Reviews
Issue 2076363002:
Introduce the ability to require CT for specific hosts (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@require_ct_enforcer| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file intentionally does not have header guards, it's included | 5 // This file intentionally does not have header guards, it's included |
| 6 // inside a macro to generate enum values. | 6 // inside a macro to generate enum values. |
| 7 | 7 |
| 8 // This file contains the list of network errors. | 8 // This file contains the list of network errors. |
| 9 | 9 |
| 10 // | 10 // |
| (...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 349 // Resolving a hostname to an IP address list included the IPv4 address | 349 // Resolving a hostname to an IP address list included the IPv4 address |
| 350 // "127.0.53.53". This is a special IP address which ICANN has recommended to | 350 // "127.0.53.53". This is a special IP address which ICANN has recommended to |
| 351 // indicate there was a name collision, and alert admins to a potential | 351 // indicate there was a name collision, and alert admins to a potential |
| 352 // problem. | 352 // problem. |
| 353 NET_ERROR(ICANN_NAME_COLLISION, -166) | 353 NET_ERROR(ICANN_NAME_COLLISION, -166) |
| 354 | 354 |
| 355 // The SSL server presented a certificate which could not be decoded. This is | 355 // The SSL server presented a certificate which could not be decoded. This is |
| 356 // not a certificate error code as no X509Certificate object is available. This | 356 // not a certificate error code as no X509Certificate object is available. This |
| 357 // error is fatal. | 357 // error is fatal. |
| 358 NET_ERROR(SSL_SERVER_CERT_BAD_FORMAT, -167) | 358 NET_ERROR(SSL_SERVER_CERT_BAD_FORMAT, -167) |
| 359 | |
| 359 // Certificate Transparency: Received a signed tree head that failed to parse. | 360 // Certificate Transparency: Received a signed tree head that failed to parse. |
| 360 NET_ERROR(CT_STH_PARSING_FAILED, -168) | 361 NET_ERROR(CT_STH_PARSING_FAILED, -168) |
| 362 | |
| 361 // Certificate Transparency: Received a signed tree head whose JSON parsing was | 363 // Certificate Transparency: Received a signed tree head whose JSON parsing was |
| 362 // OK but was missing some of the fields. | 364 // OK but was missing some of the fields. |
| 363 NET_ERROR(CT_STH_INCOMPLETE, -169) | 365 NET_ERROR(CT_STH_INCOMPLETE, -169) |
| 364 | 366 |
| 365 // The attempt to reuse a connection to send proxy auth credentials failed | 367 // The attempt to reuse a connection to send proxy auth credentials failed |
| 366 // before the AuthController was used to generate credentials. The caller should | 368 // before the AuthController was used to generate credentials. The caller should |
| 367 // reuse the controller with a new connection. This error is only used | 369 // reuse the controller with a new connection. This error is only used |
| 368 // internally by the network stack. | 370 // internally by the network stack. |
| 369 NET_ERROR(UNABLE_TO_REUSE_CONNECTION_FOR_PROXY_AUTH, -170) | 371 NET_ERROR(UNABLE_TO_REUSE_CONNECTION_FOR_PROXY_AUTH, -170) |
| 370 | 372 |
| 371 // Certificate Transparency: Failed to parse the received consistency proof. | 373 // Certificate Transparency: Failed to parse the received consistency proof. |
| 372 NET_ERROR(CT_CONSISTENCY_PROOF_PARSING_FAILED, -171) | 374 NET_ERROR(CT_CONSISTENCY_PROOF_PARSING_FAILED, -171) |
| 373 | 375 |
| 376 // Certificate Transparency was required for this connection, but the server | |
| 377 // did not provide CT information that complied with the policy. | |
| 378 NET_ERROR(SSL_CERTIFICATE_TRANSPARENCY_REQUIRED, -172) | |
|
mmenke
2016/06/18 00:59:28
Should there be error page text for this, reusing
| |
| 379 | |
| 374 // Certificate error codes | 380 // Certificate error codes |
| 375 // | 381 // |
| 376 // The values of certificate error codes must be consecutive. | 382 // The values of certificate error codes must be consecutive. |
| 377 | 383 |
| 378 // The server responded with a certificate whose common name did not match | 384 // The server responded with a certificate whose common name did not match |
| 379 // the host name. This could mean: | 385 // the host name. This could mean: |
| 380 // | 386 // |
| 381 // 1. An attacker has redirected our traffic to their server and is | 387 // 1. An attacker has redirected our traffic to their server and is |
| 382 // presenting a certificate for which they know the private key. | 388 // presenting a certificate for which they know the private key. |
| 383 // | 389 // |
| (...skipping 440 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 824 NET_ERROR(DNS_TIMED_OUT, -803) | 830 NET_ERROR(DNS_TIMED_OUT, -803) |
| 825 | 831 |
| 826 // The entry was not found in cache, for cache-only lookups. | 832 // The entry was not found in cache, for cache-only lookups. |
| 827 NET_ERROR(DNS_CACHE_MISS, -804) | 833 NET_ERROR(DNS_CACHE_MISS, -804) |
| 828 | 834 |
| 829 // Suffix search list rules prevent resolution of the given host name. | 835 // Suffix search list rules prevent resolution of the given host name. |
| 830 NET_ERROR(DNS_SEARCH_EMPTY, -805) | 836 NET_ERROR(DNS_SEARCH_EMPTY, -805) |
| 831 | 837 |
| 832 // Failed to sort addresses according to RFC3484. | 838 // Failed to sort addresses according to RFC3484. |
| 833 NET_ERROR(DNS_SORT_ERROR, -806) | 839 NET_ERROR(DNS_SORT_ERROR, -806) |
| OLD | NEW |
