Chromium Code Reviews Chromium Code Reviews
Issue 433123003:
Centralize the logic for checking public key pins (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/http/transport_security_state.h |
| diff --git a/net/http/transport_security_state.h b/net/http/transport_security_state.h |
| index 364593791455030cc4d5cd37a30b2dc03f3ec6c4..594c34fac6a341b0e576305a895ce1804c01dfb3 100644 |
| --- a/net/http/transport_security_state.h |
| +++ b/net/http/transport_security_state.h |
| @@ -252,6 +252,16 @@ class NET_EXPORT TransportSecurityState |
| bool AddHPKP(const std::string& host, const base::Time& expiry, |
| bool include_subdomains, const HashValueVector& hashes); |
| + // Returns true if |public_key_hashes| meets the pinning constrains of |
|
palmer
2014/08/07 18:50:50
typo: "constraints"
Can we call it |ValidatePins|
Ryan Hamilton
2014/08/07 22:07:11
Acknowledged.
|
| + // |host|, or if the build is out of date, or if the root is not a |
| + // built-in trusted root. |pinning_failure_log| is written to in the |
| + // case of a pinning failure. |
| + bool VerifyPinning(const HashValueVector& public_key_hashes, |
| + bool is_issued_by_known_root, |
|
palmer
2014/08/07 18:50:50
If the caller knows |is_issued_by_known_root|, the
Ryan Hamilton
2014/08/07 22:07:11
Personally, I think it does because it focuses the
|
| + bool sni_available, |
| + const std::string& host, |
| + std::string* pinning_failure_log); |
| + |
| // Returns true iff we have any static public key pins for the |host| and |
| // iff its set of required pins is the set we expect for Google |
| // properties. |
