Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(7473)

Unified Diff: chrome/browser/ssl/ssl_host_state.h

Issue 42274: SSLPolicy Fix: Step 6.... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 11 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/ssl/ssl_host_state.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/ssl_host_state.h
===================================================================
--- chrome/browser/ssl/ssl_host_state.h (revision 11853)
+++ chrome/browser/ssl/ssl_host_state.h (working copy)
@@ -17,7 +17,7 @@
// SSLHostState
//
// The SSLHostState encapulates the host-specific state for SSL errors. For
-// example, SSLHostState rememebers whether the user has whitelisted a
+// example, SSLHostState remembers whether the user has whitelisted a
// particular broken cert for use with particular host. We separate this state
// from the SSLManager because this state is shared across many navigation
// controllers.
@@ -27,31 +27,43 @@
SSLHostState();
~SSLHostState();
+ // Records that a host is "broken," that is, the origin for that host has been
+ // contaminated with insecure content, either via HTTP or via HTTPS with a
+ // bad certificate.
+ void MarkHostAsBroken(const std::string& host);
+
+ // Returns whether the specified host was marked as broken.
+ bool DidMarkHostAsBroken(const std::string& host);
+
// Records that |cert| is permitted to be used for |host| in the future.
void DenyCertForHost(net::X509Certificate* cert, const std::string& host);
// Records that |cert| is not permitted to be used for |host| in the future.
void AllowCertForHost(net::X509Certificate* cert, const std::string& host);
+ // Queries whether there is at least one certificate that has been manually
+ // allowed for this host.
+ bool DidAllowCertForHost(const std::string& host);
+
// Queries whether |cert| is allowed or denied for |host|.
net::X509Certificate::Policy::Judgment QueryPolicy(
net::X509Certificate* cert, const std::string& host);
- // Allow mixed/unsafe content to be visible (non filtered) for the specified
- // URL.
- // Note that the current implementation allows on a host name basis.
- void AllowShowInsecureContentForURL(const GURL& url);
+ // Allows mixed content to be visible (non filtered).
+ void AllowMixedContentForHost(const std::string& host);
- // Returns whether the specified URL is allowed to show insecure (mixed or
- // unsafe) content.
- bool CanShowInsecureContent(const GURL& url);
+ // Returns whether the specified host is allowed to show mixed content.
+ bool DidAllowMixedContentForHost(const std::string& host);
private:
+ // Hosts which have been contaminated with unsafe content.
+ std::set<std::string> broken_hosts_;
+
// Certificate policies for each host.
std::map<std::string, net::X509Certificate::Policy> cert_policy_for_host_;
- // Domains for which it is OK to show insecure content.
- std::set<std::string> can_show_insecure_content_for_host_;
+ // Hosts for which we are allowed to show mixed content.
+ std::set<std::string> allow_mixed_content_for_host_;
DISALLOW_COPY_AND_ASSIGN(SSLHostState);
};
« no previous file with comments | « no previous file | chrome/browser/ssl/ssl_host_state.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698