Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(209)

Unified Diff: net/cert/cert_verify_proc_whitelist.h

Issue 2613833002: Restrict the set of WoSign/StartCom certs to the Alexa Top 1M (Closed)
Patch Set: Review feedback Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_whitelist.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cert/cert_verify_proc_whitelist.h
diff --git a/net/cert/cert_verify_proc_whitelist.h b/net/cert/cert_verify_proc_whitelist.h
index 6456320150fed48bdcb6e5b8825be4883aef75d0..2c7dfd5bda19d1d1e50e3663d7643c903824326b 100644
--- a/net/cert/cert_verify_proc_whitelist.h
+++ b/net/cert/cert_verify_proc_whitelist.h
@@ -8,6 +8,7 @@
#include <stddef.h>
#include <stdint.h>
+#include "base/strings/string_piece.h"
#include "crypto/sha2.h"
#include "net/base/hash_value.h"
#include "net/base/net_export.h"
@@ -22,10 +23,19 @@ class X509Certificate;
// unconstrained CA or if it was in the whitelist for that
// CA.
// |cert| should be the verified certificate chain, with |public_key_hashes|
-// being the set of hashes of the SPKIs within the verified chain.
+// being the set of hashes of the SPKIs within the verified chain, and
+// |hostname| as the GURL-normalized hostname.
bool NET_EXPORT_PRIVATE
IsNonWhitelistedCertificate(const X509Certificate& cert,
- const HashValueVector& public_key_hashes);
+ const HashValueVector& public_key_hashes,
+ base::StringPiece hostname);
+
+// Returns true if |host| is in (or a subdomain of) a whitelisted host
+// in |graph|, which is a DAFSA constructed by
+// //net/tools/dafsa/make_dafsa.py that is |graph_length| bytes long.
+bool NET_EXPORT_PRIVATE IsWhitelistedHost(const unsigned char* graph,
+ size_t graph_length,
+ base::StringPiece host);
} // namespace net
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_whitelist.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698