net/cert/symantec_certs.h - chromium/src - Git at Google

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_CERT_SYMANTEC_CERTS_H_
 #define NET_CERT_SYMANTEC_CERTS_H_

 #include "net/base/hash_value.h"

 namespace net {

 // |kSymantecRoots| contains the set of known active and legacy root
 // certificates operated by Symantec Corporation. These roots are subject to
 // Certificate Transparency requirements and deprecation messages. See
 // <https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html>
 // and
 // https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
 // for details about why.
 //
 // Pre-existing, independently operated sub-CAs are exempt from these
 // policies, and are listed in |kSymantecExceptions|.
 //
 // The Managed Partner CAs are required to disclose via Certificate
 // Transparency, and are listed in |kSymantecManagedCAs|.
 NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecRoots[];
 NET_EXPORT_PRIVATE extern const size_t kSymantecRootsLength;
 NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecExceptions[];
 NET_EXPORT_PRIVATE extern const size_t kSymantecExceptionsLength;
 NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecManagedCAs[];
 NET_EXPORT_PRIVATE extern const size_t kSymantecManagedCAsLength;

 // Returns true if |public_key_hashes| contains a certificate issued from
 // Symantec's "legacy" PKI. This constraint excludes certificates that were
 // issued by independently-operated subordinate CAs or from any "Managed CAs"
 // that comply with
 // https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html.
 NET_EXPORT bool IsLegacySymantecCert(const HashValueVector& public_key_hashes);

 }  // namespace net

 #endif  // NET_CERT_SYMANTEC_CERTS_H_
	// Copyright 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_CERT_SYMANTEC_CERTS_H_
	#define NET_CERT_SYMANTEC_CERTS_H_

	#include "net/base/hash_value.h"

	namespace net {

	// \|kSymantecRoots\| contains the set of known active and legacy root
	// certificates operated by Symantec Corporation. These roots are subject to
	// Certificate Transparency requirements and deprecation messages. See
	// <https://security.googleblog.com/2015/10/sustaining-digital-certificate-security.html>
	// and
	// https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
	// for details about why.
	//
	// Pre-existing, independently operated sub-CAs are exempt from these
	// policies, and are listed in \|kSymantecExceptions\|.
	//
	// The Managed Partner CAs are required to disclose via Certificate
	// Transparency, and are listed in \|kSymantecManagedCAs\|.
	NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecRoots[];
	NET_EXPORT_PRIVATE extern const size_t kSymantecRootsLength;
	NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecExceptions[];
	NET_EXPORT_PRIVATE extern const size_t kSymantecExceptionsLength;
	NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecManagedCAs[];
	NET_EXPORT_PRIVATE extern const size_t kSymantecManagedCAsLength;

	// Returns true if \|public_key_hashes\| contains a certificate issued from
	// Symantec's "legacy" PKI. This constraint excludes certificates that were
	// issued by independently-operated subordinate CAs or from any "Managed CAs"
	// that comply with
	// https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html.
	NET_EXPORT bool IsLegacySymantecCert(const HashValueVector& public_key_hashes);

	} // namespace net

	#endif // NET_CERT_SYMANTEC_CERTS_H_