Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(105)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_whitelist.h

Issue 2662673002: Restrict the set of WoSign/StartCom certs to the Alexa Top 1M (Closed)
Patch Set: Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_whitelist.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2015 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ 5 #ifndef NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
6 #define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ 6 #define NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
7 7
8 #include <stddef.h> 8 #include <stddef.h>
9 #include <stdint.h> 9 #include <stdint.h>
10 10
11 #include "base/strings/string_piece.h"
11 #include "crypto/sha2.h" 12 #include "crypto/sha2.h"
12 #include "net/base/hash_value.h" 13 #include "net/base/hash_value.h"
13 #include "net/base/net_export.h" 14 #include "net/base/net_export.h"
14 15
15 namespace net { 16 namespace net {
16 17
17 class X509Certificate; 18 class X509Certificate;
18 19
19 // Returns true if |cert| has been issued by a CA that is constrained from 20 // Returns true if |cert| has been issued by a CA that is constrained from
20 // issuing new certificates and |cert| is not within the whitelist of 21 // issuing new certificates and |cert| is not within the whitelist of
21 // existing certificates. Returns false if |cert| was issued by an 22 // existing certificates. Returns false if |cert| was issued by an
22 // unconstrained CA or if it was in the whitelist for that 23 // unconstrained CA or if it was in the whitelist for that
23 // CA. 24 // CA.
24 // |cert| should be the verified certificate chain, with |public_key_hashes| 25 // |cert| should be the verified certificate chain, with |public_key_hashes|
25 // being the set of hashes of the SPKIs within the verified chain. 26 // being the set of hashes of the SPKIs within the verified chain, and
27 // |hostname| as the GURL-normalized hostname.
26 bool NET_EXPORT_PRIVATE 28 bool NET_EXPORT_PRIVATE
27 IsNonWhitelistedCertificate(const X509Certificate& cert, 29 IsNonWhitelistedCertificate(const X509Certificate& cert,
28 const HashValueVector& public_key_hashes); 30 const HashValueVector& public_key_hashes,
31 base::StringPiece hostname);
32
33 // Returns true if |host| is in (or a subdomain of) a whitelisted host
34 // in |graph|, which is a DAFSA constructed by
35 // //net/tools/dafsa/make_dafsa.py that is |graph_length| bytes long.
36 bool NET_EXPORT_PRIVATE IsWhitelistedHost(const unsigned char* graph,
37 size_t graph_length,
38 base::StringPiece host);
29 39
30 } // namespace net 40 } // namespace net
31 41
32 #endif // NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_ 42 #endif // NET_CERT_CERT_VERIFY_PROC_WHITELIST_H_
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc.cc ('k') | net/cert/cert_verify_proc_whitelist.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698