| Index: net/cert/do_nothing_ct_verifier.h
|
| diff --git a/net/cert/do_nothing_ct_verifier.h b/net/cert/do_nothing_ct_verifier.h
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..c1220e294c7b41c4a34cf188b8dd13f490d40316
|
| --- /dev/null
|
| +++ b/net/cert/do_nothing_ct_verifier.h
|
| @@ -0,0 +1,65 @@
|
| +// Copyright 2016 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#ifndef NET_CERT_DO_NOTHING_CT_VERIFIER_H_
|
| +#define NET_CERT_DO_NOTHING_CT_VERIFIER_H_
|
| +
|
| +#include "base/macros.h"
|
| +#include "net/base/net_export.h"
|
| +#include "net/cert/ct_verifier.h"
|
| +
|
| +namespace net {
|
| +
|
| +// An implementation of CTVerifier that does not validate SCTs.
|
| +//
|
| +// SECURITY NOTE:
|
| +// As Certificate Transparency is an essential part in safeguarding TLS
|
| +// connections, disabling Certificate Transparency enforcement is a decision
|
| +// that should not be taken lightly, and it should be made an explicit
|
| +// decision rather than a potentially accidental decision (such as allowing
|
| +// for a nullptr instance). By checking Certificate Transparency information,
|
| +// typically via a net::MultiLogCTVerifier, and enforcing policies related
|
| +// to Certificate Transparency provided by a net::CTPolicyEnforcer, developers
|
| +// can help protect their users by ensuring that misissued TLS certificates
|
| +// are detected.
|
| +//
|
| +// However, not every consumer of TLS certificates is using the Web PKI. For
|
| +// example, they may be using connections authenticated out of band, or may
|
| +// be using private or local PKIs for which Certificate Transparency is not
|
| +// relevant. Alternatively, much like how a robust and secure TLS client
|
| +// requires a regularly updated root certificate store, a robust and secure
|
| +// Certificate Transparency client requires regular updates. However, since
|
| +// some clients may not support regular updates, it may be intentional to
|
| +// disable Certificate Transparency and choose a less-secure default
|
| +// behavior.
|
| +//
|
| +// Consumers of this class should generally try to get a security or design
|
| +// to discuss the type of net::X509Certificates they will be validating,
|
| +// and determine whether or not Certificate Transparency is right for the
|
| +// particular use case.
|
| +//
|
| +// Because of the complex nuances related to security tradeoffs, it is
|
| +// expected that classes which expect a CTVerifier will require one to be
|
| +// supplied, forcing the caller to make an intentional and explicit decision
|
| +// about the appropriate security policy, rather than leaving it ambiguous,
|
| +// such as via a nullptr. This class is intended to indicate an intentional
|
| +// consideration of CT, and a decision to not support it.
|
| +class NET_EXPORT DoNothingCTVerifier : public CTVerifier {
|
| + public:
|
| + DoNothingCTVerifier();
|
| + ~DoNothingCTVerifier() override;
|
| +
|
| + int Verify(X509Certificate* cert,
|
| + const std::string& stapled_ocsp_response,
|
| + const std::string& sct_list_from_tls_extension,
|
| + SignedCertificateTimestampAndStatusList* output_scts,
|
| + const NetLogWithSource& net_log) override;
|
| +
|
| + private:
|
| + DISALLOW_COPY_AND_ASSIGN(DoNothingCTVerifier);
|
| +};
|
| +
|
| +} // namespace net
|
| +
|
| +#endif // NET_CERT_DO_NOTHING_CT_VERIFIER_H_
|
|
|
Chromium Code Reviews
Issue 2540293004:
Add a do-nothing CTVerifier to //net (Closed)
