| // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| // |
| // This protobuffer is intended to store reports from Chrome users of |
| // certificate pinning errors. A report will be sent from Chrome when it gets |
| // e.g. a certificate for google.com that chains up to a root CA not expected by |
| // Chrome for that origin, such as DigiNotar (compromised in July 2011), or |
| // other pinning errors such as a blacklisted cert in the chain. The |
| // report from the user will include the hostname being accessed, |
| // the full certificate chain (in PEM format), and the |
| // timestamp of when the client tried to access the site. A response is |
| // generated by the frontend and logged, including validation and error checking |
| // done on the client's input data. |
| |
| |
| syntax = "proto2"; |
| |
| package chrome_browser_net; |
| |
| // Chrome requires this. |
| option optimize_for = LITE_RUNTIME; |
| |
| // Protocol types |
| message CertLoggerRequest { |
| // The hostname being accessed (required as the cert could be valid for |
| // multiple hosts, e.g. a wildcard or a SubjectAltName. |
| required string hostname = 1; |
| // The certificate chain as a series of PEM-encoded certificates, including |
| // intermediates but not necessarily the root. |
| required string cert_chain = 2; |
| // The time (in usec since the epoch) when the client attempted to access the |
| // site generating the pinning error. |
| required int64 time_usec = 3; |
| }; |
| |
| // The response sent back to the user. |
| message CertLoggerResponse { |
| enum ResponseCode { |
| OK = 1; |
| MALFORMED_CERT_DATA = 2; |
| HOST_CERT_DONT_MATCH = 3; |
| ROOT_NOT_RECOGNIZED = 4; |
| ROOT_NOT_UNEXPECTED = 5; |
| OTHER_ERROR = 6; |
| }; |
| required ResponseCode response = 1; |
| }; |
| |