| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <map> | 10 #include <map> |
| (...skipping 304 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 315 // |enable_static_expect_staple_|) | 315 // |enable_static_expect_staple_|) |
| 316 // 2. A report sender was provided via SetReportSender(). | 316 // 2. A report sender was provided via SetReportSender(). |
| 317 // 3. The build is timely (i.e. the preload list is fresh). | 317 // 3. The build is timely (i.e. the preload list is fresh). |
| 318 // 4. The given host is present on the Expect-Staple preload list. | 318 // 4. The given host is present on the Expect-Staple preload list. |
| 319 // 5. |ssl_info| indicates the connection did not provide an OCSP response | 319 // 5. |ssl_info| indicates the connection did not provide an OCSP response |
| 320 // indicating a revocation status of GOOD. | 320 // indicating a revocation status of GOOD. |
| 321 // 6. The certificate chain in |ssl_info| chains to a known root. Reports | 321 // 6. The certificate chain in |ssl_info| chains to a known root. Reports |
| 322 // for OCSP responses behind MITM proxies are not useful to site owners. | 322 // for OCSP responses behind MITM proxies are not useful to site owners. |
| 323 void CheckExpectStaple(const HostPortPair& host_port_pair, | 323 void CheckExpectStaple(const HostPortPair& host_port_pair, |
| 324 const SSLInfo& ssl_info, | 324 const SSLInfo& ssl_info, |
| 325 const std::string& ocsp_response); | 325 base::StringPiece ocsp_response); |
| 326 | 326 |
| 327 // Returns true if connections to |host|, using the validated certificate | 327 // Returns true if connections to |host|, using the validated certificate |
| 328 // |validated_certificate_chain|, are expected to be accompanied with | 328 // |validated_certificate_chain|, are expected to be accompanied with |
| 329 // valid Certificate Transparency information that complies with the | 329 // valid Certificate Transparency information that complies with the |
| 330 // connection's CTPolicyEnforcer. | 330 // connection's CTPolicyEnforcer. |
| 331 // | 331 // |
| 332 // The behavior may be further be altered by setting a RequireCTDelegate | 332 // The behavior may be further be altered by setting a RequireCTDelegate |
| 333 // via |SetRequireCTDelegate()|. | 333 // via |SetRequireCTDelegate()|. |
| 334 bool ShouldRequireCT(const std::string& host, | 334 bool ShouldRequireCT(const std::string& host, |
| 335 const X509Certificate* validated_certificate_chain, | 335 const X509Certificate* validated_certificate_chain, |
| (...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 597 // rate-limiting. | 597 // rate-limiting. |
| 598 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> | 598 ExpiringCache<std::string, bool, base::TimeTicks, std::less<base::TimeTicks>> |
| 599 sent_reports_cache_; | 599 sent_reports_cache_; |
| 600 | 600 |
| 601 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 601 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 602 }; | 602 }; |
| 603 | 603 |
| 604 } // namespace net | 604 } // namespace net |
| 605 | 605 |
| 606 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 606 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2604513002:
Optimize CT & OCSP handling code (Closed)
