DescriptionAdd information to SSLInfo about CT EV policy compliance
This CL adds a field to SSLInfo to record whether CT policies were
enforced on the connection and details about the connection's compliance
with the CT EV policy.
This will eventually allow UI to explain to domain owners why their
site's EV status might be getting stripped.
This also lays the groundwork for introducing an Expect-CT policy, which
will be applied on all certificates. //net will apply the expect CT
policy and export the result via the new field in SSLInfo, so that code
outside net can send a report if desired.
BUG=568806
Committed: https://crrev.com/723b5eeb4486ac293b6574cfce33a4fb1012e09d
Cr-Commit-Position: refs/heads/master@{#376256}
Patch Set 1 #Patch Set 2 : update comments #Patch Set 3 : expand a comment #
Total comments: 11
Patch Set 4 : rsleevi comments #Patch Set 5 : SSLClientSOcket nss fix #
Total comments: 5
Patch Set 6 : move EVPolicyCompliance to separate header #Patch Set 7 : add TODO for CTVerifyResult in CTPolicyEnforcer tests #
Total comments: 4
Patch Set 8 : rsleevi comments #Patch Set 9 : some cleanup #
Total comments: 18
Patch Set 10 : rsleevi nits #
Messages
Total messages: 29 (8 generated)
|