Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(27)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc.h

Issue 21572002: Add UMA entry for intranet SSL warnings (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 7 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« chrome/browser/ssl/ssl_blocking_page.cc ('K') | « chrome/browser/ssl/ssl_blocking_page.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_ 5 #ifndef NET_CERT_CERT_VERIFY_PROC_H_
6 #define NET_CERT_CERT_VERIFY_PROC_H_ 6 #define NET_CERT_CERT_VERIFY_PROC_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 int flags, 59 int flags,
60 CRLSet* crl_set, 60 CRLSet* crl_set,
61 const CertificateList& additional_trust_anchors, 61 const CertificateList& additional_trust_anchors,
62 CertVerifyResult* verify_result); 62 CertVerifyResult* verify_result);
63 63
64 // Returns true if the implementation supports passing additional trust 64 // Returns true if the implementation supports passing additional trust
65 // anchors to the Verify() call. The |additional_trust_anchors| parameter 65 // anchors to the Verify() call. The |additional_trust_anchors| parameter
66 // passed to Verify() is ignored when this returns false. 66 // passed to Verify() is ignored when this returns false.
67 virtual bool SupportsAdditionalTrustAnchors() const = 0; 67 virtual bool SupportsAdditionalTrustAnchors() const = 0;
68 68
69 // Returns true if |hostname| contains a name that is non-unique among
70 // certificates (eg: an "internal server name").
71 //
72 // While such names are not scheduled to be deprecated until 1 November 2015
73 // according to the CA/Browser Forum Baseline Requirements (v1.1), they
74 // represent a real risk for the deployment of new gTLDs, and thus being
75 // phased out ahead of the hard deadline.
76 // TODO(rsleevi): http://crbug.com/119212 - Also match internal IP address
77 // ranges.
78 static bool IsHostnameNonUnique(const std::string& hostname);
79
69 protected: 80 protected:
70 CertVerifyProc(); 81 CertVerifyProc();
71 virtual ~CertVerifyProc(); 82 virtual ~CertVerifyProc();
72 83
73 private: 84 private:
74 friend class base::RefCountedThreadSafe<CertVerifyProc>; 85 friend class base::RefCountedThreadSafe<CertVerifyProc>;
75 friend class CertVerifyProcNonUniqueNameTest; 86 friend class CertVerifyProcNonUniqueNameTest;
76 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts); 87 FRIEND_TEST_ALL_PREFIXES(CertVerifyProcTest, DigiNotarCerts);
77 88
78 // Performs the actual verification using the desired underlying 89 // Performs the actual verification using the desired underlying
79 // cryptographic library. 90 // cryptographic library.
80 virtual int VerifyInternal(X509Certificate* cert, 91 virtual int VerifyInternal(X509Certificate* cert,
81 const std::string& hostname, 92 const std::string& hostname,
82 int flags, 93 int flags,
83 CRLSet* crl_set, 94 CRLSet* crl_set,
84 const CertificateList& additional_trust_anchors, 95 const CertificateList& additional_trust_anchors,
85 CertVerifyResult* verify_result) = 0; 96 CertVerifyResult* verify_result) = 0;
86 97
87 // Returns true if |cert| is explicitly blacklisted. 98 // Returns true if |cert| is explicitly blacklisted.
88 static bool IsBlacklisted(X509Certificate* cert); 99 static bool IsBlacklisted(X509Certificate* cert);
89 100
90 // IsPublicKeyBlacklisted returns true iff one of |public_key_hashes| (which 101 // IsPublicKeyBlacklisted returns true iff one of |public_key_hashes| (which
91 // are hashes of SubjectPublicKeyInfo structures) is explicitly blocked. 102 // are hashes of SubjectPublicKeyInfo structures) is explicitly blocked.
92 static bool IsPublicKeyBlacklisted(const HashValueVector& public_key_hashes); 103 static bool IsPublicKeyBlacklisted(const HashValueVector& public_key_hashes);
93 104
94 // Returns true if |hostname| contains a name that is non-unique among
95 // certificates (eg: an "internal server name").
96 //
97 // While such names are not scheduled to be deprecated until 1 November 2015
98 // according to the CA/Browser Forum Baseline Requirements (v1.1), they
99 // represent a real risk for the deployment of new gTLDs, and thus being
100 // phased out ahead of the hard deadline.
101 // TODO(rsleevi): http://crbug.com/119212 - Also match internal IP address
102 // ranges.
103 static bool IsHostnameNonUnique(const std::string& hostname);
104
105 DISALLOW_COPY_AND_ASSIGN(CertVerifyProc); 105 DISALLOW_COPY_AND_ASSIGN(CertVerifyProc);
106 }; 106 };
107 107
108 } // namespace net 108 } // namespace net
109 109
110 #endif // NET_CERT_CERT_VERIFY_PROC_H_ 110 #endif // NET_CERT_CERT_VERIFY_PROC_H_
OLDNEW
« chrome/browser/ssl/ssl_blocking_page.cc ('K') | « chrome/browser/ssl/ssl_blocking_page.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698