| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_policy.h" | 5 #include "chrome/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/singleton.h" | 9 #include "base/singleton.h" |
| 10 #include "base/string_piece.h" | 10 #include "base/string_piece.h" |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 #include "chrome/common/notification_service.h" | 25 #include "chrome/common/notification_service.h" |
| 26 #include "chrome/common/pref_names.h" | 26 #include "chrome/common/pref_names.h" |
| 27 #include "chrome/common/time_format.h" | 27 #include "chrome/common/time_format.h" |
| 28 #include "chrome/common/url_constants.h" | 28 #include "chrome/common/url_constants.h" |
| 29 #include "grit/browser_resources.h" | 29 #include "grit/browser_resources.h" |
| 30 #include "grit/generated_resources.h" | 30 #include "grit/generated_resources.h" |
| 31 #include "net/base/cert_status_flags.h" | 31 #include "net/base/cert_status_flags.h" |
| 32 #include "net/base/ssl_info.h" | 32 #include "net/base/ssl_info.h" |
| 33 #include "webkit/glue/resource_type.h" | 33 #include "webkit/glue/resource_type.h" |
| 34 | 34 |
| 35 namespace { |
| 36 |
| 37 static const char kDot = '.'; |
| 38 |
| 39 static bool IsIntranetHost(const std::string& host) { |
| 40 const size_t dot = host.find(kDot); |
| 41 return dot == std::string::npos || dot == host.length() - 1; |
| 42 } |
| 43 |
| 44 } // namespace |
| 45 |
| 35 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) | 46 SSLPolicy::SSLPolicy(SSLPolicyBackend* backend) |
| 36 : backend_(backend) { | 47 : backend_(backend) { |
| 37 DCHECK(backend_); | 48 DCHECK(backend_); |
| 38 } | 49 } |
| 39 | 50 |
| 40 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { | 51 void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { |
| 41 // First we check if we know the policy for this error. | 52 // First we check if we know the policy for this error. |
| 42 net::CertPolicy::Judgment judgment = | 53 net::CertPolicy::Judgment judgment = |
| 43 backend_->QueryPolicy(handler->ssl_info().cert, | 54 backend_->QueryPolicy(handler->ssl_info().cert, |
| 44 handler->request_url().host()); | 55 handler->request_url().host()); |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 144 return; | 155 return; |
| 145 | 156 |
| 146 // An HTTPS response may not have a certificate for some reason. When that | 157 // An HTTPS response may not have a certificate for some reason. When that |
| 147 // happens, use the unauthenticated (HTTP) rather than the authentication | 158 // happens, use the unauthenticated (HTTP) rather than the authentication |
| 148 // broken security style so that we can detect this error condition. | 159 // broken security style so that we can detect this error condition. |
| 149 if (!entry->ssl().cert_id()) { | 160 if (!entry->ssl().cert_id()) { |
| 150 entry->ssl().set_security_style(SECURITY_STYLE_UNAUTHENTICATED); | 161 entry->ssl().set_security_style(SECURITY_STYLE_UNAUTHENTICATED); |
| 151 return; | 162 return; |
| 152 } | 163 } |
| 153 | 164 |
| 165 if (!(entry->ssl().cert_status() & net::CERT_STATUS_COMMON_NAME_INVALID)) { |
| 166 // CAs issue certificates for intranet hosts to everyone. Therefore, we |
| 167 // mark intranet hosts as being non-unique. |
| 168 if (IsIntranetHost(entry->url().host())) { |
| 169 entry->ssl().set_cert_status(entry->ssl().cert_status() | |
| 170 net::CERT_STATUS_NON_UNIQUE_NAME); |
| 171 } |
| 172 } |
| 173 |
| 154 // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error, | 174 // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error, |
| 155 // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN. | 175 // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN. |
| 156 int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS; | 176 int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS; |
| 157 if (cert_errors) { | 177 if (cert_errors) { |
| 158 if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) | 178 if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) |
| 159 entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); | 179 entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); |
| 160 return; | 180 return; |
| 161 } | 181 } |
| 162 | 182 |
| 163 SiteInstance* site_instance = entry->site_instance(); | 183 SiteInstance* site_instance = entry->site_instance(); |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 236 | 256 |
| 237 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ? | 257 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ? |
| 238 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED); | 258 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED); |
| 239 } | 259 } |
| 240 | 260 |
| 241 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 261 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
| 242 GURL parsed_origin(origin); | 262 GURL parsed_origin(origin); |
| 243 if (parsed_origin.SchemeIsSecure()) | 263 if (parsed_origin.SchemeIsSecure()) |
| 244 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 264 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
| 245 } | 265 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3536019:
Fix 58162: Mixed Content False Positive for intranet hostname certificates... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/