// Copyright 2016 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef NET_CERT_DO_NOTHING_CT_VERIFIER_H_ #define NET_CERT_DO_NOTHING_CT_VERIFIER_H_ #include "base/macros.h" #include "net/base/net_export.h" #include "net/cert/ct_verifier.h" namespace net { // An implementation of CTVerifier that does not validate SCTs. // // SECURITY NOTE: // As Certificate Transparency is an essential part in safeguarding TLS // connections, disabling Certificate Transparency enforcement is a decision // that should not be taken lightly, and it should be made an explicit // decision rather than a potentially accidental decision (such as allowing // for a nullptr instance). By checking Certificate Transparency information, // typically via a net::MultiLogCTVerifier, and enforcing policies related // to Certificate Transparency provided by a net::CTPolicyEnforcer, developers // can help protect their users by ensuring that misissued TLS certificates // are detected. // // However, not every consumer of TLS certificates is using the Web PKI. For // example, they may be using connections authenticated out of band, or may // be using private or local PKIs for which Certificate Transparency is not // relevant. Alternatively, much like how a robust and secure TLS client // requires a regularly updated root certificate store, a robust and secure // Certificate Transparency client requires regular updates. However, since // some clients may not support regular updates, it may be intentional to // disable Certificate Transparency and choose a less-secure default // behavior. // // Consumers of this class should generally try to get a security or design // to discuss the type of net::X509Certificates they will be validating, // and determine whether or not Certificate Transparency is right for the // particular use case. // // Because of the complex nuances related to security tradeoffs, it is // expected that classes which expect a CTVerifier will require one to be // supplied, forcing the caller to make an intentional and explicit decision // about the appropriate security policy, rather than leaving it ambiguous, // such as via a nullptr. This class is intended to indicate an intentional // consideration of CT, and a decision to not support it. class NET_EXPORT DoNothingCTVerifier : public CTVerifier { public: DoNothingCTVerifier(); ~DoNothingCTVerifier() override; void Verify(X509Certificate* cert, base::StringPiece stapled_ocsp_response, base::StringPiece sct_list_from_tls_extension, SignedCertificateTimestampAndStatusList* output_scts, const NetLogWithSource& net_log) override; void SetObserver(Observer* observer) override; private: DISALLOW_COPY_AND_ASSIGN(DoNothingCTVerifier); }; } // namespace net #endif // NET_CERT_DO_NOTHING_CT_VERIFIER_H_