1// Copyright (c) 2011 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4// 5// This protobuffer is intended to store reports from Chrome users of 6// certificate pinning errors. A report will be sent from Chrome when it gets 7// e.g. a certificate for google.com that chains up to a root CA not expected by 8// Chrome for that origin, such as DigiNotar (compromised in July 2011), or 9// other pinning errors such as a blacklisted cert in the chain. The 10// report from the user will include the hostname being accessed, 11// the full certificate chain (in PEM format), and the 12// timestamp of when the client tried to access the site. A response is 13// generated by the frontend and logged, including validation and error checking 14// done on the client's input data. 15 16 17syntax = "proto2"; 18 19package chrome_browser_net; 20 21// Chrome requires this. 22option optimize_for = LITE_RUNTIME; 23 24// Protocol types 25message CertLoggerRequest { 26 // The hostname being accessed (required as the cert could be valid for 27 // multiple hosts, e.g. a wildcard or a SubjectAltName. 28 required string hostname = 1; 29 // The certificate chain as a series of PEM-encoded certificates, including 30 // intermediates but not necessarily the root. 31 required string cert_chain = 2; 32 // The time (in usec since the epoch) when the client attempted to access the 33 // site generating the pinning error. 34 required int64 time_usec = 3; 35}; 36 37// The response sent back to the user. 38message CertLoggerResponse { 39 enum ResponseCode { 40 OK = 1; 41 MALFORMED_CERT_DATA = 2; 42 HOST_CERT_DONT_MATCH = 3; 43 ROOT_NOT_RECOGNIZED = 4; 44 ROOT_NOT_UNEXPECTED = 5; 45 OTHER_ERROR = 6; 46 }; 47 required ResponseCode response = 1; 48}; 49 50