Chromium Code Reviews Chromium Code Reviews
Issue 303133006:
Added net_log logging statments for CertVerifyResult (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/base/net_log_event_type_list.h |
| diff --git a/net/base/net_log_event_type_list.h b/net/base/net_log_event_type_list.h |
| index 10d9c593b2f6b1376e5f7e13eb0c44fa044ba52f..3b6ff6778eb5780bd160b72cdb9a67424cee8012 100644 |
| --- a/net/base/net_log_event_type_list.h |
| +++ b/net/base/net_log_event_type_list.h |
| @@ -1881,12 +1881,52 @@ EVENT_TYPE(CHROME_POLICY_ABORTED_REQUEST) |
| EVENT_TYPE(CERT_VERIFIER_REQUEST) |
| // This event is created when we start a CertVerifier job. |
| +// The BEGIN phase event parameters are: |
| +// { |
| +// "certificates": <A list of PEM encoded certificates, the first one |
| +// being the certificate to verify and the remaining |
| +// being intermediate certificates to assist path |
| +// building. Only present when byte logging is enabled.> |
| +// } |
|
wtc
2014/06/02 22:29:47
Please fix the indentation of lines 1885-1890. The
|
| +// |
| // The END phase event parameters are: |
| // { |
| -// "certificates": <A list of PEM encoded certificates, the first one |
| -// being the certificate to verify and the remaining |
| -// being intermediate certificates to assist path |
| -// building. Only present when byte logging is enabled.> |
| +// "cert_status": <Bitmask of CERT_STATUS_* |
| +// from net/base/cert_status_flags.h> |
| +// "common_name_fallback_used": <True if a fallback to the common name |
| +// was used when matching the host |
| +// name, rather than using the |
| +// subjectAltName.> |
| +// "has_md2": <True if a certificate in the certificate chain is signed with |
| +// a MD2 signature.> |
| +// "has_md4": <True if a certificate in the certificate chain is signed with |
| +// a MD4 signature.> |
| +// "has_md5": <True if a certificate in the certificate chain is signed with |
| +// a MD5 signature.> |
| +// "is_issued_by_additional_trust_anchor": <True if the root CA used for |
| +// this verification came from the |
| +// list of additional trust |
| +// anchors.> |
| +// "is_issued_by_known_root": <True if we recognise the root CA as a |
| +// standard root. If it isn't then it's |
| +// probably the case that this certificate |
| +// was generated by a MITM proxy whose root |
| +// has been installed locally. This is |
| +// meaningless if the certificate was not |
| +// trusted.> |
| +// "public_key_hashes": <If the certificate was successfully verified then |
| +// this contains the hashes, in several hash |
| +// algorithms, of the SubjectPublicKeyInfos of the |
| +// chain.> |
| +// "verified_cert": <The certificate chain that was constructed |
|
wtc
2014/06/02 22:29:47
It would be better to log the struct members in th
|
| +// during verification. Note that though the verified |
| +// certificate will match the originally supplied |
| +// certificate, the intermediate certificates stored |
| +// within may be substantially different. In the event |
| +// of a verification failure, this will contain the |
| +// chain as supplied by the server. This may be NULL |
| +// if running within the sandbox.> |
| +// |
|
wtc
2014/06/02 22:29:47
Delete this blank line.
|
| // } |
| EVENT_TYPE(CERT_VERIFIER_JOB) |
