| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef NET_CERT_DO_NOTHING_CT_VERIFIER_H_ |
| 6 #define NET_CERT_DO_NOTHING_CT_VERIFIER_H_ |
| 7 |
| 8 #include "base/macros.h" |
| 9 #include "net/base/net_export.h" |
| 10 #include "net/cert/ct_verifier.h" |
| 11 |
| 12 namespace net { |
| 13 |
| 14 // An implementation of CTVerifier that does not validate SCTs. |
| 15 // |
| 16 // SECURITY NOTE: |
| 17 // As Certificate Transparency is an essential part in safeguarding TLS |
| 18 // connections, disabling Certificate Transparency enforcement is a decision |
| 19 // that should not be taken lightly, and it should be made an explicit |
| 20 // decision rather than a potentially accidental decision (such as allowing |
| 21 // for a nullptr instance). By checking Certificate Transparency information, |
| 22 // typically via a net::MultiLogCTVerifier, and enforcing policies related |
| 23 // to Certificate Transparency provided by a net::CTPolicyEnforcer, developers |
| 24 // can help protect their users by ensuring that misissued TLS certificates |
| 25 // are detected. |
| 26 // |
| 27 // However, not every consumer of TLS certificates is using the Web PKI. For |
| 28 // example, they may be using connections authenticated out of band, or may |
| 29 // be using private or local PKIs for which Certificate Transparency is not |
| 30 // relevant. Alternatively, much like how a robust and secure TLS client |
| 31 // requires a regularly updated root certificate store, a robust and secure |
| 32 // Certificate Transparency client requires regular updates. However, since |
| 33 // some clients may not support regular updates, it may be intentional to |
| 34 // disable Certificate Transparency and choose a less-secure default |
| 35 // behavior. |
| 36 // |
| 37 // Consumers of this class should generally try to get a security or design |
| 38 // to discuss the type of net::X509Certificates they will be validating, |
| 39 // and determine whether or not Certificate Transparency is right for the |
| 40 // particular use case. |
| 41 // |
| 42 // Because of the complex nuances related to security tradeoffs, it is |
| 43 // expected that classes which expect a CTVerifier will require one to be |
| 44 // supplied, forcing the caller to make an intentional and explicit decision |
| 45 // about the appropriate security policy, rather than leaving it ambiguous, |
| 46 // such as via a nullptr. This class is intended to indicate an intentional |
| 47 // consideration of CT, and a decision to not support it. |
| 48 class NET_EXPORT DoNothingCTVerifier : public CTVerifier { |
| 49 public: |
| 50 DoNothingCTVerifier(); |
| 51 ~DoNothingCTVerifier() override; |
| 52 |
| 53 int Verify(X509Certificate* cert, |
| 54 const std::string& stapled_ocsp_response, |
| 55 const std::string& sct_list_from_tls_extension, |
| 56 SignedCertificateTimestampAndStatusList* output_scts, |
| 57 const NetLogWithSource& net_log) override; |
| 58 |
| 59 private: |
| 60 DISALLOW_COPY_AND_ASSIGN(DoNothingCTVerifier); |
| 61 }; |
| 62 |
| 63 } // namespace net |
| 64 |
| 65 #endif // NET_CERT_DO_NOTHING_CT_VERIFIER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2540293004:
Add a do-nothing CTVerifier to //net (Closed)
