| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 5 #ifndef NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 6 #define NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 101 // | 101 // |
| 102 // Static entries do not have a created time. | 102 // Static entries do not have a created time. |
| 103 base::Time created; | 103 base::Time created; |
| 104 | 104 |
| 105 // The absolute time (UTC) when the |upgrade_mode|, if set to | 105 // The absolute time (UTC) when the |upgrade_mode|, if set to |
| 106 // UPGRADE_ALWAYS, downgrades to UPGRADE_NEVER. | 106 // UPGRADE_ALWAYS, downgrades to UPGRADE_NEVER. |
| 107 base::Time upgrade_expiry; | 107 base::Time upgrade_expiry; |
| 108 | 108 |
| 109 // Are subdomains subject to this DomainState? | 109 // Are subdomains subject to this DomainState? |
| 110 // | 110 // |
| 111 // TODO(palmer): Decide if we should have separate |pin_subdomains| and | 111 // TODO(palmer): We need to have separate |pin_subdomains| and |
| 112 // |upgrade_subdomains|. Alternately, and perhaps better, is to separate | 112 // |upgrade_subdomains|. Trevor Perrin is working on a new storage model |
| 113 // DomainState into UpgradeState and PinState (requiring also changing the | 113 // that will enable this. |
| 114 // serialization format?). | |
| 115 bool include_subdomains; | 114 bool include_subdomains; |
| 116 | 115 |
| 117 // Optional; hashes of static pinned SubjectPublicKeyInfos. Unless both | 116 // Optional; hashes of static pinned SubjectPublicKeyInfos. Unless both |
| 118 // are empty, at least one of |static_spki_hashes| and | 117 // are empty, at least one of |static_spki_hashes| and |
| 119 // |dynamic_spki_hashes| MUST intersect with the set of SPKIs in the TLS | 118 // |dynamic_spki_hashes| MUST intersect with the set of SPKIs in the TLS |
| 120 // server's certificate chain. | 119 // server's certificate chain. |
| 121 // | 120 // |
| 122 // |dynamic_spki_hashes| take precedence over |static_spki_hashes|. | 121 // |dynamic_spki_hashes| take precedence over |static_spki_hashes|. |
| 123 // That is, |IsChainOfPublicKeysPermitted| first checks dynamic pins and | 122 // That is, |IsChainOfPublicKeysPermitted| first checks dynamic pins and |
| 124 // then checks static pins. | 123 // then checks static pins. |
| (...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 316 DomainStateMap forced_hosts_; | 315 DomainStateMap forced_hosts_; |
| 317 | 316 |
| 318 Delegate* delegate_; | 317 Delegate* delegate_; |
| 319 | 318 |
| 320 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); | 319 DISALLOW_COPY_AND_ASSIGN(TransportSecurityState); |
| 321 }; | 320 }; |
| 322 | 321 |
| 323 } // namespace net | 322 } // namespace net |
| 324 | 323 |
| 325 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ | 324 #endif // NET_HTTP_TRANSPORT_SECURITY_STATE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 13483007:
Don't set MODE_DEFAULT when adding HPKP header. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src