Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(111)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.h

Issue 2420203003: Turn off Expect-Staple reporting for private roots (Closed)
Patch Set: test fixes Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/http/transport_security_state.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_
6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <map> 10 #include <map>
(...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after
306 const X509Certificate* validated_certificate_chain, 306 const X509Certificate* validated_certificate_chain,
307 const PublicKeyPinReportStatus report_status, 307 const PublicKeyPinReportStatus report_status,
308 std::string* failure_log); 308 std::string* failure_log);
309 bool HasPublicKeyPins(const std::string& host); 309 bool HasPublicKeyPins(const std::string& host);
310 310
311 // Sends an Expect-Staple report containing the raw |ocsp_response| for 311 // Sends an Expect-Staple report containing the raw |ocsp_response| for
312 // |host_port_pair| if the following conditions are true: 312 // |host_port_pair| if the following conditions are true:
313 // 1. Sending Expect-Staple reports is enabled (via 313 // 1. Sending Expect-Staple reports is enabled (via
314 // |enable_static_expect_staple_|) 314 // |enable_static_expect_staple_|)
315 // 2. A report sender was provided via SetReportSender(). 315 // 2. A report sender was provided via SetReportSender().
316 // 3. The build is timele (i.e. the preload list is fresh). 316 // 3. The build is timely (i.e. the preload list is fresh).
317 // 4. The given host is present on the Expect-Staple preload list. 317 // 4. The given host is present on the Expect-Staple preload list.
318 // 5. |ssl_info| indicates the connection did not provide an OCSP response 318 // 5. |ssl_info| indicates the connection did not provide an OCSP response
319 // indicating a revocation status of GOOD. 319 // indicating a revocation status of GOOD.
320 // 6. The certificate chain in |ssl_info| chains to a known root. Reports
321 // for OCSP responses behind MITM proxies are not useful to site owners.
320 void CheckExpectStaple(const HostPortPair& host_port_pair, 322 void CheckExpectStaple(const HostPortPair& host_port_pair,
321 const SSLInfo& ssl_info, 323 const SSLInfo& ssl_info,
322 const std::string& ocsp_response); 324 const std::string& ocsp_response);
323 325
324 // Returns true if connections to |host|, using the validated certificate 326 // Returns true if connections to |host|, using the validated certificate
325 // |validated_certificate_chain|, are expected to be accompanied with 327 // |validated_certificate_chain|, are expected to be accompanied with
326 // valid Certificate Transparency information that complies with the 328 // valid Certificate Transparency information that complies with the
327 // connection's CTPolicyEnforcer. 329 // connection's CTPolicyEnforcer.
328 // 330 //
329 // The behavior may be further be altered by setting a RequireCTDelegate 331 // The behavior may be further be altered by setting a RequireCTDelegate
(...skipping 264 matching lines...) Expand 10 before | Expand all | Expand 10 after
594 // rate-limiting. 596 // rate-limiting.
595 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> 597 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>>
596 sent_reports_cache_; 598 sent_reports_cache_;
597 599
598 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); 600 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState);
599 }; 601 };
600 602
601 } // namespace net 603 } // namespace net
602 604
603 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ 605 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_
OLDNEW
« no previous file with comments | « no previous file | net/http/transport_security_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698