1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // This protobuffer is intended to store reports from Chrome users of
6 // certificate pinning errors. A report will be sent from Chrome when it gets
7 // e.g. a certificate for google.com that chains up to a root CA not expected by
8 // Chrome for that origin, such as DigiNotar (compromised in July 2011), or
9 // other pinning errors such as a blacklisted cert in the chain. The
10 // report from the user will include the hostname being accessed,
11 // the full certificate chain (in PEM format), and the
12 // timestamp of when the client tried to access the site. A response is
13 // generated by the frontend and logged, including validation and error checking
14 // done on the client's input data.
19 package chrome_browser_net;
21 // Chrome requires this.
22 option optimize_for = LITE_RUNTIME;
25 message CertLoggerRequest {
26 // The hostname being accessed (required as the cert could be valid for
27 // multiple hosts, e.g. a wildcard or a SubjectAltName.
28 required string hostname = 1;
29 // The certificate chain as a series of PEM-encoded certificates, including
30 // intermediates but not necessarily the root.
31 required string cert_chain = 2;
32 // The time (in usec since the epoch) when the client attempted to access the
33 // site generating the pinning error.
34 required int64 time_usec = 3;
37 // The response sent back to the user.
38 message CertLoggerResponse {
41 MALFORMED_CERT_DATA = 2;
42 HOST_CERT_DONT_MATCH = 3;
43 ROOT_NOT_RECOGNIZED = 4;
44 ROOT_NOT_UNEXPECTED = 5;
47 required ResponseCode response = 1;