Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1744)

Unified Diff: net/cert/cert_status_flags.h

Issue 76443006: Certificate Transparency: Threading the CT verifier into the SSL client socket. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fixing compilation on non-NSS platforms Created 7 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/cert/cert_status_flags.h
diff --git a/net/cert/cert_status_flags.h b/net/cert/cert_status_flags.h
index 630df650fe3f759e1230a30de495f3c977e20804..fc87910d2af7cf459a10c5114b3409ecb7cc38a2 100644
--- a/net/cert/cert_status_flags.h
+++ b/net/cert/cert_status_flags.h
@@ -39,6 +39,20 @@ static const CertStatus CERT_STATUS_PINNED_KEY_MISSING = 1 << 13;
static const CertStatus CERT_STATUS_IS_EV = 1 << 16;
static const CertStatus CERT_STATUS_REV_CHECKING_ENABLED = 1 << 17;
// bit 18 was CERT_STATUS_IS_DNSSEC.
+// Bits 19 and 20 are for Certificate Transparency.
+// The following states are represented:
+// bit 20 | bit 19 | state
+// 0 | 0 | No SCTs were present
+// 0 | 1 | SCTs from unknown logs were present
wtc 2013/11/26 01:47:23 In this combination, are the SCTs verified? The na
Eran M. (Google) 2013/11/26 14:45:53 Done - used the two most-significant bits to store
+// 1 | 0 | SCTs from known logs present but cannot be unverified
wtc 2013/11/26 01:47:23 1. Is "unverified" a typo? 2. Does this combinati
Eran M. (Google) 2013/11/26 14:45:53 1. yes. 2. yes - but the CT state was now moved to
+// 1 | 1 | SCTs from known logs present, verified
+// Bit 19 - indicates presence of SCTs. If set but bit 20 isn't, indicates
+// SCTs from unknown logs. If set and bit 20 is net, indicates presence
+// of validated SCTs.
+static const CertStatus CERT_STATUS_HAS_GOOD_SCT = 1 << 19;
+// Bit 20 - when set, indicates SCTs from known logs. When not set, indicates
+// SCTs from unknown logs or no SCTs, depending on bit 19.
+static const CertStatus CERT_STATUS_HAS_SCT_FROM_KNOWN_LOG = 1 << 20;
// Returns true if the specified cert status has an error set.
static inline bool IsCertStatusError(CertStatus status) {
@@ -58,6 +72,12 @@ NET_EXPORT CertStatus MapNetErrorToCertStatus(int error);
// to the equivalent network error code.
NET_EXPORT int MapCertStatusToNetError(CertStatus cert_status);
+// Indicates whether there were *any* SCTs.
+NET_EXPORT bool DoesCertHaveSignedCertificateTimestamps(
+ CertStatus cert_status);
+// Indicates whether SCTs from known logs verified OK
+NET_EXPORT bool DoesCertHaveVerifiedSignedCertificateTimestamps(
+ CertStatus cert_status);
wtc 2013/11/26 01:47:23 Add a blank line after this line, and between the
Eran M. (Google) 2013/11/26 14:45:53 Removed these two functions, added a function to e
} // namespace net
#endif // NET_CERT_CERT_STATUS_FLAGS_H_

Powered by Google App Engine
This is Rietveld 408576698