blob: cf4ad4a85551eb924f3e6db23bab411fbf7a5f96 [file] [log] [blame]
// Copyright 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/base/hash_value.h"
namespace net {
// |kSymantecRoots| contains the set of known active and legacy root
// certificates operated by Symantec Corporation. These roots are subject to
// Certificate Transparency requirements and deprecation messages. See
// <>
// and
// for details about why.
// Pre-existing, independently operated sub-CAs are exempt from these
// policies, and are listed in |kSymantecExceptions|.
// The Managed Partner CAs are required to disclose via Certificate
// Transparency, and are listed in |kSymantecManagedCAs|.
NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecRoots[];
NET_EXPORT_PRIVATE extern const size_t kSymantecRootsLength;
NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecExceptions[];
NET_EXPORT_PRIVATE extern const size_t kSymantecExceptionsLength;
NET_EXPORT_PRIVATE extern const SHA256HashValue kSymantecManagedCAs[];
NET_EXPORT_PRIVATE extern const size_t kSymantecManagedCAsLength;
// Returns true if |public_key_hashes| contains a certificate issued from
// Symantec's "legacy" PKI. This constraint excludes certificates that were
// issued by independently-operated subordinate CAs or from any "Managed CAs"
// that comply with
NET_EXPORT bool IsLegacySymantecCert(const HashValueVector& public_key_hashes);
} // namespace net