1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 // 5 // This protobuffer is intended to store reports from Chrome users of 6 // certificate pinning errors. A report will be sent from Chrome when it gets 7 // e.g. a certificate for google.com that chains up to a root CA not expected by 8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or 9 // other pinning errors such as a blacklisted cert in the chain. The 10 // report from the user will include the hostname being accessed, 11 // the full certificate chain (in PEM format), and the 12 // timestamp of when the client tried to access the site. A response is 13 // generated by the frontend and logged, including validation and error checking 14 // done on the client's input data. 15 16 17 syntax = "proto2"; 18 19 package chrome_browser_net; 20 21 // Chrome requires this. 22 option optimize_for = LITE_RUNTIME; 23 24 // Protocol types 25 message CertLoggerRequest { 26 // The hostname being accessed (required as the cert could be valid for 27 // multiple hosts, e.g. a wildcard or a SubjectAltName. 28 required string hostname = 1; 29 // The certificate chain as a series of PEM-encoded certificates, including 30 // intermediates but not necessarily the root. 31 required string cert_chain = 2; 32 // The time (in usec since the epoch) when the client attempted to access the 33 // site generating the pinning error. 34 required int64 time_usec = 3; 35 }; 36 37 // The response sent back to the user. 38 message CertLoggerResponse { 39 enum ResponseCode { 40 OK = 1; 41 MALFORMED_CERT_DATA = 2; 42 HOST_CERT_DONT_MATCH = 3; 43 ROOT_NOT_RECOGNIZED = 4; 44 ROOT_NOT_UNEXPECTED = 5; 45 OTHER_ERROR = 6; 46 }; 47 required ResponseCode response = 1; 48 }; 49 50
