net/cert/ct_verifier.h - Issue 422063004: Certificate Transparency: Require SCTs for EV certificates.

Side by Side Diff: net/cert/ct_verifier.h

Issue 422063004: Certificate Transparency: Require SCTs for EV certificates. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: datatype issues addressed. Created 6 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef NET_CERT_CT_VERIFIER_H_	5 #ifndef NET_CERT_CT_VERIFIER_H_

6 #define NET_CERT_CT_VERIFIER_H_	6 #define NET_CERT_CT_VERIFIER_H_

7	7

	8 #include <stdint.h>

	9 #include <string>

	10

8 #include "net/base/net_export.h"	11 #include "net/base/net_export.h"

9	12

10 namespace net {	13 namespace net {

11	14

12 namespace ct {	15 namespace ct {

13 struct CTVerifyResult;	16 struct CTVerifyResult;

14 } // namespace ct	17 } // namespace ct

15	18

16 class BoundNetLog;	19 class BoundNetLog;

17 class X509Certificate;	20 class X509Certificate;

(...skipping 11 matching lines...) Expand all Loading...
29 // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response	32 // (embedding, TLS extension or OCSP stapling). If no stapled OCSP response

30 // is available, \|stapled_ocsp_response\| should be an empty string. If no SCT	33 // is available, \|stapled_ocsp_response\| should be an empty string. If no SCT

31 // TLS extension was negotiated, \|sct_list_from_tls_extension\| should be an	34 // TLS extension was negotiated, \|sct_list_from_tls_extension\| should be an

32 // empty string. \|result\| will be filled with the SCTs present, divided into	35 // empty string. \|result\| will be filled with the SCTs present, divided into

33 // categories based on the verification result.	36 // categories based on the verification result.

34 virtual int Verify(X509Certificate* cert,	37 virtual int Verify(X509Certificate* cert,

35 const std::string& stapled_ocsp_response,	38 const std::string& stapled_ocsp_response,

36 const std::string& sct_list_from_tls_extension,	39 const std::string& sct_list_from_tls_extension,

37 ct::CTVerifyResult* result,	40 ct::CTVerifyResult* result,

38 const BoundNetLog& net_log) = 0;	41 const BoundNetLog& net_log) = 0;

	42

	43 // Returns the number of known CT logs. Needed for CT/EV policy

	44 // enforcement. May go away when more than 3 logs are available.

	45 virtual uint32_t GetNumKnownLogs() = 0;
	Ryan Sleevi 2014/10/22 19:48:36 size_t That said, this is a layering violation th size_t That said, this is a layering violation that the CTVerifier is exposing details about the number of known logs, which this interface hides the details of. I'd rather not expose this, and get the information passed through another way. Eran Messeri 2014/10/24 12:12:36 Removed this method entirely. Show quoted text On 2014/10/22 19:48:36, Ryan Sleevi wrote: > size_t > > That said, this is a layering violation that the CTVerifier is exposing details > about the number of known logs, which this interface hides the details of. I'd > rather not expose this, and get the information passed through another way. Removed this method entirely.
39 };	46 };

40	47

41 } // namespace net	48 } // namespace net

42	49

43 #endif // NET_CERT_CT_VERIFIER_H_	50 #endif // NET_CERT_CT_VERIFIER_H_

OLD	NEW

« net/cert/cert_policy_enforcer_unittest.cc ('K') | « net/cert/cert_policy_enforcer_unittest.cc ('k') | net/cert/multi_log_ct_verifier.h » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')