1 // Copyright 2016 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_CERT_DO_NOTHING_CT_VERIFIER_H_ 6 #define NET_CERT_DO_NOTHING_CT_VERIFIER_H_ 7 8 #include "net/base/net_export.h" 9 #include "net/cert/ct_verifier.h" 10 11 namespace net { 12 13 // An implementation of CTVerifier that does not validate SCTs. 14 // 15 // SECURITY NOTE: 16 // As Certificate Transparency is an essential part in safeguarding TLS 17 // connections, disabling Certificate Transparency enforcement is a decision 18 // that should not be taken lightly, and it should be made an explicit 19 // decision rather than a potentially accidental decision (such as allowing 20 // for a nullptr instance). By checking Certificate Transparency information, 21 // typically via a net::MultiLogCTVerifier, and enforcing policies related 22 // to Certificate Transparency provided by a net::CTPolicyEnforcer, developers 23 // can help protect their users by ensuring that misissued TLS certificates 24 // are detected. 25 // 26 // However, not every consumer of TLS certificates is using the Web PKI. For 27 // example, they may be using connections authenticated out of band, or may 28 // be using private or local PKIs for which Certificate Transparency is not 29 // relevant. Alternatively, much like how a robust and secure TLS client 30 // requires a regularly updated root certificate store, a robust and secure 31 // Certificate Transparency client requires regular updates. However, since 32 // some clients may not support regular updates, it may be intentional to 33 // disable Certificate Transparency and choose a less-secure default 34 // behavior. 35 // 36 // Consumers of this class should generally try to get a security or design 37 // to discuss the type of net::X509Certificates they will be validating, 38 // and determine whether or not Certificate Transparency is right for the 39 // particular use case. 40 // 41 // Because of the complex nuances related to security tradeoffs, it is 42 // expected that classes which expect a CTVerifier will require one to be 43 // supplied, forcing the caller to make an intentional and explicit decision 44 // about the appropriate security policy, rather than leaving it ambiguous, 45 // such as via a nullptr. This class is intended to indicate an intentional 46 // consideration of CT, and a decision to not support it. 47 class NET_EXPORT DoNothingCTVerifier : public CTVerifier { 48 public: 49 DoNothingCTVerifier(); 50 51 DoNothingCTVerifier(const DoNothingCTVerifier&) = delete; 52 DoNothingCTVerifier& operator=(const DoNothingCTVerifier&) = delete; 53 54 ~DoNothingCTVerifier() override; 55 56 void Verify(base::StringPiece hostname, 57 X509Certificate* cert, 58 base::StringPiece stapled_ocsp_response, 59 base::StringPiece sct_list_from_tls_extension, 60 SignedCertificateTimestampAndStatusList* output_scts, 61 const NetLogWithSource& net_log) override; 62 }; 63 64 } // namespace net 65 66 #endif // NET_CERT_DO_NOTHING_CT_VERIFIER_H_ 67