blob: b42c5df7d5054c04d59d569322ddb5eacc0295b3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
//
// This protobuffer is intended to store reports from Chrome users of
// certificate errors. A report will be sent from Chrome when it gets
// e.g. a certificate for google.com that chains up to a root CA not expected by
// Chrome for that origin, such as DigiNotar (compromised in July 2011), or
// other pinning errors such as a blacklisted cert in the chain, or
// (when opted in) other certificate validation errors like an expired
// cert. The report from the user will include the hostname being accessed,
// the full certificate chain (in PEM format), and the
// timestamp of when the client tried to access the site. A response is
// generated by the frontend and logged, including validation and error checking
// done on the client's input data.
syntax = "proto2";
package chrome_browser_net;
// Chrome requires this.
option optimize_for = LITE_RUNTIME;
// Protocol types
message CertLoggerRequest {
// The hostname being accessed (required as the cert could be valid for
// multiple hosts, e.g. a wildcard or a SubjectAltName.
required string hostname = 1;
// The certificate chain as a series of PEM-encoded certificates, including
// intermediates but not necessarily the root.
required string cert_chain = 2;
// The time (in usec since the epoch) when the client attempted to access the
// site generating the pinning error.
required int64 time_usec = 3;
// public_key_hash contains the string forms of the hashes calculated for
// the chain. (I.e. "sha1/<base64 data>".)
repeated string public_key_hash = 4;
// pin contains the string forms of the pins that were matched against for
// this host.
repeated string pin = 5;
};
// The response sent back to the user.
message CertLoggerResponse {
enum ResponseCode {
OK = 1;
MALFORMED_CERT_DATA = 2;
HOST_CERT_DONT_MATCH = 3;
ROOT_NOT_RECOGNIZED = 4;
ROOT_NOT_UNEXPECTED = 5;
OTHER_ERROR = 6;
};
required ResponseCode response = 1;
};
|
