| Index: net/url_request/url_request_http_job.cc
|
| ===================================================================
|
| --- net/url_request/url_request_http_job.cc (revision 80507)
|
| +++ net/url_request/url_request_http_job.cc (working copy)
|
| @@ -667,6 +667,17 @@
|
| // Clear the IO_PENDING status
|
| SetStatus(URLRequestStatus());
|
|
|
| + // Take care of any mandates for certificate locking.
|
| + const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info;
|
| + if (result == OK &&
|
| + ssl_info.is_valid() &&
|
| + context_->transport_security_state()) {
|
| + scoped_refptr<X509Certificate> cert(ssl_info.cert);
|
| + if (!context_->transport_security_state()->IsAcceptableCertificate(
|
| + request_->url().host(), cert.get()))
|
| + result = ERR_CERT_INVALID;
|
| + }
|
| +
|
| if (result == OK) {
|
| SaveCookiesAndNotifyHeadersComplete();
|
| } else if (ShouldTreatAsCertificateError(result)) {
|
| @@ -709,6 +720,10 @@
|
| return true;
|
|
|
| // Check whether our context is using Strict-Transport-Security.
|
| + // TODO(cevans) -- this gives an error that makes it look more like the
|
| + // network connection is faulty than a certificate error. It would be better
|
| + // to simply use the normal browser "bad cert" UI but force
|
| + // SSLBlockingPage::ERROR_FATAL.
|
| if (!context_->transport_security_state())
|
| return true;
|
|
|
|
|
Chromium Code Reviews
Issue 6793026:
Initial support for HSTS certificate locking. This isn't a finished work, but (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/