Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(889)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/ssl/ssl_policy.cc

Issue 10381051: Show the "cannot proceed" text only when appropriate. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/browser/ssl/ssl_policy.h ('k') | content/public/browser/content_browser_client.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/ssl/ssl_policy.h" 5 #include "content/browser/ssl/ssl_policy.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/base_switches.h" 8 #include "base/base_switches.h"
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/memory/singleton.h" 10 #include "base/memory/singleton.h"
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
57 // The judgment is either DENIED or UNKNOWN. 57 // The judgment is either DENIED or UNKNOWN.
58 // For now we handle the DENIED as the UNKNOWN, which means a blocking 58 // For now we handle the DENIED as the UNKNOWN, which means a blocking
59 // page is shown to the user every time he comes back to the page. 59 // page is shown to the user every time he comes back to the page.
60 60
61 switch (handler->cert_error()) { 61 switch (handler->cert_error()) {
62 case net::ERR_CERT_COMMON_NAME_INVALID: 62 case net::ERR_CERT_COMMON_NAME_INVALID:
63 case net::ERR_CERT_DATE_INVALID: 63 case net::ERR_CERT_DATE_INVALID:
64 case net::ERR_CERT_AUTHORITY_INVALID: 64 case net::ERR_CERT_AUTHORITY_INVALID:
65 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: 65 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
66 case net::ERR_CERT_WEAK_KEY: 66 case net::ERR_CERT_WEAK_KEY:
67 OnCertErrorInternal(handler, !handler->fatal()); 67 OnCertErrorInternal(handler, !handler->fatal(), handler->fatal());
68 break; 68 break;
69 case net::ERR_CERT_NO_REVOCATION_MECHANISM: 69 case net::ERR_CERT_NO_REVOCATION_MECHANISM:
70 // Ignore this error. 70 // Ignore this error.
71 handler->ContinueRequest(); 71 handler->ContinueRequest();
72 break; 72 break;
73 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: 73 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
74 // We ignore this error but will show a warning status in the location 74 // We ignore this error but will show a warning status in the location
75 // bar. 75 // bar.
76 handler->ContinueRequest(); 76 handler->ContinueRequest();
77 break; 77 break;
78 case net::ERR_CERT_CONTAINS_ERRORS: 78 case net::ERR_CERT_CONTAINS_ERRORS:
79 case net::ERR_CERT_REVOKED: 79 case net::ERR_CERT_REVOKED:
80 case net::ERR_CERT_INVALID: 80 case net::ERR_CERT_INVALID:
81 case net::ERR_CERT_NOT_IN_DNS: 81 case net::ERR_CERT_NOT_IN_DNS:
82 OnCertErrorInternal(handler, false); 82 OnCertErrorInternal(handler, false, handler->fatal());
83 break; 83 break;
84 default: 84 default:
85 NOTREACHED(); 85 NOTREACHED();
86 handler->CancelRequest(); 86 handler->CancelRequest();
87 break; 87 break;
88 } 88 }
89 } 89 }
90 90
91 void SSLPolicy::DidRunInsecureContent(NavigationEntryImpl* entry, 91 void SSLPolicy::DidRunInsecureContent(NavigationEntryImpl* entry,
92 const std::string& security_origin) { 92 const std::string& security_origin) {
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
187 backend_->DenyCertForHost(handler->ssl_info().cert, 187 backend_->DenyCertForHost(handler->ssl_info().cert,
188 handler->request_url().host()); 188 handler->request_url().host());
189 handler->CancelRequest(); 189 handler->CancelRequest();
190 } 190 }
191 } 191 }
192 192
193 //////////////////////////////////////////////////////////////////////////////// 193 ////////////////////////////////////////////////////////////////////////////////
194 // Certificate Error Routines 194 // Certificate Error Routines
195 195
196 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, 196 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler,
197 bool overridable) { 197 bool overridable,
198 bool strict_enforcement) {
198 if (handler->resource_type() != ResourceType::MAIN_FRAME) { 199 if (handler->resource_type() != ResourceType::MAIN_FRAME) {
199 // A sub-resource has a certificate error. The user doesn't really 200 // A sub-resource has a certificate error. The user doesn't really
200 // have a context for making the right decision, so block the 201 // have a context for making the right decision, so block the
201 // request hard, without an info bar to allow showing the insecure 202 // request hard, without an info bar to allow showing the insecure
202 // content. 203 // content.
203 handler->DenyRequest(); 204 handler->DenyRequest();
204 return; 205 return;
205 } 206 }
206 207
207 bool cancel_request = false; 208 bool cancel_request = false;
208 content::GetContentClient()->browser()->AllowCertificateError( 209 content::GetContentClient()->browser()->AllowCertificateError(
209 handler->render_process_id(), 210 handler->render_process_id(),
210 handler->render_view_id(), 211 handler->render_view_id(),
211 handler->cert_error(), 212 handler->cert_error(),
212 handler->ssl_info(), 213 handler->ssl_info(),
213 handler->request_url(), 214 handler->request_url(),
214 overridable, 215 overridable,
216 strict_enforcement,
215 base::Bind(&SSLPolicy::OnAllowCertificate, base::Unretained(this), 217 base::Bind(&SSLPolicy::OnAllowCertificate, base::Unretained(this),
216 make_scoped_refptr(handler)), 218 make_scoped_refptr(handler)),
217 &cancel_request); 219 &cancel_request);
218 if (cancel_request) 220 if (cancel_request)
219 handler->CancelRequest(); 221 handler->CancelRequest();
220 } 222 }
221 223
222 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) { 224 void SSLPolicy::InitializeEntryIfNeeded(NavigationEntryImpl* entry) {
223 if (entry->GetSSL().security_style != content::SECURITY_STYLE_UNKNOWN) 225 if (entry->GetSSL().security_style != content::SECURITY_STYLE_UNKNOWN)
224 return; 226 return;
225 227
226 entry->GetSSL().security_style = entry->GetURL().SchemeIsSecure() ? 228 entry->GetSSL().security_style = entry->GetURL().SchemeIsSecure() ?
227 content::SECURITY_STYLE_AUTHENTICATED : 229 content::SECURITY_STYLE_AUTHENTICATED :
228 content::SECURITY_STYLE_UNAUTHENTICATED; 230 content::SECURITY_STYLE_UNAUTHENTICATED;
229 } 231 }
230 232
231 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { 233 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
232 GURL parsed_origin(origin); 234 GURL parsed_origin(origin);
233 if (parsed_origin.SchemeIsSecure()) 235 if (parsed_origin.SchemeIsSecure())
234 backend_->HostRanInsecureContent(parsed_origin.host(), pid); 236 backend_->HostRanInsecureContent(parsed_origin.host(), pid);
235 } 237 }
OLDNEW
« no previous file with comments | « content/browser/ssl/ssl_policy.h ('k') | content/public/browser/content_browser_client.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698