Chromium Code Reviews Chromium Code Reviews
Issue 19269012:
Don't persist HPKP if PrivacyMode is enabled. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 3424 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3435 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 3435 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 3436 server_cert_verify_result_.is_issued_by_known_root && | 3436 server_cert_verify_result_.is_issued_by_known_root && |
| 3437 TransportSecurityState::IsBuildTimely()) { | 3437 TransportSecurityState::IsBuildTimely()) { |
| 3438 bool sni_available = | 3438 bool sni_available = |
| 3439 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || | 3439 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || |
| 3440 ssl_config_.version_fallback; | 3440 ssl_config_.version_fallback; |
| 3441 const std::string& host = host_and_port_.host(); | 3441 const std::string& host = host_and_port_.host(); |
| 3442 | 3442 |
| 3443 TransportSecurityState::DomainState domain_state; | 3443 TransportSecurityState::DomainState domain_state; |
| 3444 if (transport_security_state_->GetDomainState(host, sni_available, | 3444 if (transport_security_state_->GetDomainState(host, sni_available, |
| 3445 &domain_state) && | 3445 true, &domain_state) && |
| 3446 domain_state.HasPublicKeyPins()) { | 3446 domain_state.HasPublicKeyPins()) { |
|
mef
2013/09/20 15:53:30
I'm not 100% sure that this is right thing to do h
| |
| 3447 if (!domain_state.CheckPublicKeyPins( | 3447 if (!domain_state.CheckPublicKeyPins( |
| 3448 server_cert_verify_result_.public_key_hashes)) { | 3448 server_cert_verify_result_.public_key_hashes)) { |
| 3449 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 3449 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 3450 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); | 3450 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); |
| 3451 TransportSecurityState::ReportUMAOnPinFailure(host); | 3451 TransportSecurityState::ReportUMAOnPinFailure(host); |
| 3452 } else { | 3452 } else { |
| 3453 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); | 3453 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); |
| 3454 } | 3454 } |
| 3455 } | 3455 } |
| 3456 } | 3456 } |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3495 EnsureThreadIdAssigned(); | 3495 EnsureThreadIdAssigned(); |
| 3496 base::AutoLock auto_lock(lock_); | 3496 base::AutoLock auto_lock(lock_); |
| 3497 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3497 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3498 } | 3498 } |
| 3499 | 3499 |
| 3500 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3500 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3501 return server_bound_cert_service_; | 3501 return server_bound_cert_service_; |
| 3502 } | 3502 } |
| 3503 | 3503 |
| 3504 } // namespace net | 3504 } // namespace net |
| OLD | NEW |
