Index: net/cert/cert_status_flags.h |
diff --git a/net/cert/cert_status_flags.h b/net/cert/cert_status_flags.h |
index 630df650fe3f759e1230a30de495f3c977e20804..fc87910d2af7cf459a10c5114b3409ecb7cc38a2 100644 |
--- a/net/cert/cert_status_flags.h |
+++ b/net/cert/cert_status_flags.h |
@@ -39,6 +39,20 @@ static const CertStatus CERT_STATUS_PINNED_KEY_MISSING = 1 << 13; |
static const CertStatus CERT_STATUS_IS_EV = 1 << 16; |
static const CertStatus CERT_STATUS_REV_CHECKING_ENABLED = 1 << 17; |
// bit 18 was CERT_STATUS_IS_DNSSEC. |
+// Bits 19 and 20 are for Certificate Transparency. |
+// The following states are represented: |
+// bit 20 | bit 19 | state |
+// 0 | 0 | No SCTs were present |
+// 0 | 1 | SCTs from unknown logs were present |
wtc
2013/11/26 01:47:23
In this combination, are the SCTs verified? The na
Eran M. (Google)
2013/11/26 14:45:53
Done - used the two most-significant bits to store
|
+// 1 | 0 | SCTs from known logs present but cannot be unverified |
wtc
2013/11/26 01:47:23
1. Is "unverified" a typo?
2. Does this combinati
Eran M. (Google)
2013/11/26 14:45:53
1. yes.
2. yes - but the CT state was now moved to
|
+// 1 | 1 | SCTs from known logs present, verified |
+// Bit 19 - indicates presence of SCTs. If set but bit 20 isn't, indicates |
+// SCTs from unknown logs. If set and bit 20 is net, indicates presence |
+// of validated SCTs. |
+static const CertStatus CERT_STATUS_HAS_GOOD_SCT = 1 << 19; |
+// Bit 20 - when set, indicates SCTs from known logs. When not set, indicates |
+// SCTs from unknown logs or no SCTs, depending on bit 19. |
+static const CertStatus CERT_STATUS_HAS_SCT_FROM_KNOWN_LOG = 1 << 20; |
// Returns true if the specified cert status has an error set. |
static inline bool IsCertStatusError(CertStatus status) { |
@@ -58,6 +72,12 @@ NET_EXPORT CertStatus MapNetErrorToCertStatus(int error); |
// to the equivalent network error code. |
NET_EXPORT int MapCertStatusToNetError(CertStatus cert_status); |
+// Indicates whether there were *any* SCTs. |
+NET_EXPORT bool DoesCertHaveSignedCertificateTimestamps( |
+ CertStatus cert_status); |
+// Indicates whether SCTs from known logs verified OK |
+NET_EXPORT bool DoesCertHaveVerifiedSignedCertificateTimestamps( |
+ CertStatus cert_status); |
wtc
2013/11/26 01:47:23
Add a blank line after this line, and between the
Eran M. (Google)
2013/11/26 14:45:53
Removed these two functions, added a function to e
|
} // namespace net |
#endif // NET_CERT_CERT_STATUS_FLAGS_H_ |