// Copyright 2016 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
syntax = "proto2";
option optimize_for = LITE_RUNTIME;
package chrome_browser_ssl;
message CaptivePortalCert {
// Sha256 hash of the certificate's public key. The fingerprint is prefixed
// with "sha256/" and encoded in base64 (same format as
// src/net/http/transport_security_state_static.pins)
// Example: sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=
//
// NOTE: Only leaf certs must be added here.
optional string sha256_hash = 1;
}
// The MITMSoftware list is used to match potential MITM software certificates.
// The certificate issuer common name and organization names are matched against
// the |issuer_common_name_pattern| and |issuer_organization_pattern| fields.
message MITMSoftware {
// Human readable name of the MITM software to display on the interstitial.
optional string name = 1;
// Regex pattern that matches the issuer common name on this MITM software's
// certificates. Chrome doesn't use common name field for certificate
// validation anymore, but it's still useful for identifying MITM software.
optional string issuer_common_name_regex = 2;
// Regex pattern that matches the issuer organization on this MITM software's
// certificates.
optional string issuer_organization_regex = 3;
}
// Unlike MITMSoftware and CaptivePortalCert, DynamicInterstitial is used to
// trigger a number of different interstitials based on a number of different
// characteristics.
// TODO(spqchan): Deprecate MITMSoftware and CaptivePortalCert and use
// DynamicInterstitial in their place.
// TODO(spqchan): Add additional fields for process list, registry key
// keywords, etc.
message DynamicInterstitial {
// Enum class used to represent the interstitial page that would be displayed
// for a dynamic interstitial.
enum InterstitialPageType {
INTERSTITIAL_PAGE_NONE = 0;
// A standard SSL interstitial page.
INTERSTITIAL_PAGE_SSL = 1;
// An interstitial page alerting the user that they are in a captive portal.
INTERSTITIAL_PAGE_CAPTIVE_PORTAL = 2;
// An interstitial page telling the user to fix misconfigured MITM software.
INTERSTITIAL_PAGE_MITM_SOFTWARE = 3;
}
// Maps to CertStatus flags (See cert_status_flags_list.h).
enum CertError {
// Special value. If |cert_error| is set to this value, then anything that
// matches with the other fields will be treated as a match, regardless of
// |cert_error|.
UNKNOWN_CERT_ERROR = 0;
ERR_CERT_REVOKED = 1;
ERR_CERT_INVALID = 2;
ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN = 3;
ERR_CERT_AUTHORITY_INVALID = 4;
ERR_CERT_COMMON_NAME_INVALID = 5;
ERR_CERT_NAME_CONSTRAINT_VIOLATION = 6;
ERR_CERT_WEAK_SIGNATURE_ALGORITHM = 7;
ERR_CERT_WEAK_KEY = 8;
ERR_CERT_DATE_INVALID = 9;
ERR_CERT_VALIDITY_TOO_LONG = 10;
ERR_CERT_UNABLE_TO_CHECK_REVOCATION = 11;
ERR_CERT_NO_REVOCATION_MECHANISM = 12;
ERR_CERT_NON_UNIQUE_NAME = 13;
ERR_CERTIFICATE_TRANSPARENCY_REQUIRED = 14;
ERR_CERT_SYMANTEC_LEGACY = 15;
ERR_CERT_KNOWN_INTERCEPTION_BLOCKED = 16;
};
// Sha256 hashes of the certificate's public key. If this field is not
// empty, then at least one of certificate in the certificate chain must
// match with a hash in order for the dynamic interstitial to be treated as a
// match. Otherwise, this field will be ignored.
repeated string sha256_hash = 1;
// If nonempty, the issuer common name of the leaf certificate must match
// this regex for the dynamic interstitial to match.
optional string issuer_common_name_regex = 2;
// If nonempty, the issuer organization name of the leaf certificate must
// match this regex for the dynamic interstitial to match.
optional string issuer_organization_regex = 3;
// If |interstitial_type| is INTERSTITIAL_PAGE_MITM_SOFTWARE, this
// human-readable name will be displayed on the interstitial.
optional string mitm_software_name = 4;
// If the SSL error's cert status contains |cert_error|, then it can be
// matched with this dynamic interstitial.
optional CertError cert_error = 5;
// The type of interstitial that should be shown. This value is associated
// with the DynamicInterstitialPageType enum.
optional InterstitialPageType interstitial_type = 6;
// The support URL that will be displayed on the interstitial.
optional string support_url = 7;
// If true, dynamic interstitials will be displayed only for non-overridable
// errors.
optional bool show_only_for_nonoverridable_errors = 8;
}
message SSLErrorAssistantConfig {
optional uint32 version_id = 1;
repeated CaptivePortalCert captive_portal_cert = 2;
repeated MITMSoftware mitm_software = 3;
repeated DynamicInterstitial dynamic_interstitial = 4;
}
Codebase Browser
chromium