Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(194)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/browser/ssl/ssl_policy.cc

Issue 8374020: Make it a fatal SSL error when encountering certs signed with md[2,4], and interstitial md5 (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/base/cert_status_flags.cc » ('j') | net/base/x509_certificate.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/browser/ssl/ssl_policy.h" 5 #include "content/browser/ssl/ssl_policy.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/base_switches.h" 8 #include "base/base_switches.h"
9 #include "base/command_line.h" 9 #include "base/command_line.h"
10 #include "base/memory/singleton.h" 10 #include "base/memory/singleton.h"
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
51 } 51 }
52 52
53 // The judgment is either DENIED or UNKNOWN. 53 // The judgment is either DENIED or UNKNOWN.
54 // For now we handle the DENIED as the UNKNOWN, which means a blocking 54 // For now we handle the DENIED as the UNKNOWN, which means a blocking
55 // page is shown to the user every time he comes back to the page. 55 // page is shown to the user every time he comes back to the page.
56 56
57 switch (handler->cert_error()) { 57 switch (handler->cert_error()) {
58 case net::ERR_CERT_COMMON_NAME_INVALID: 58 case net::ERR_CERT_COMMON_NAME_INVALID:
59 case net::ERR_CERT_DATE_INVALID: 59 case net::ERR_CERT_DATE_INVALID:
60 case net::ERR_CERT_AUTHORITY_INVALID: 60 case net::ERR_CERT_AUTHORITY_INVALID:
61 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
62 OnCertErrorInternal(handler, !handler->is_hsts_host()); 61 OnCertErrorInternal(handler, !handler->is_hsts_host());
63 break; 62 break;
64 case net::ERR_CERT_NO_REVOCATION_MECHANISM: 63 case net::ERR_CERT_NO_REVOCATION_MECHANISM:
65 // Ignore this error. 64 // Ignore this error.
66 handler->ContinueRequest(); 65 handler->ContinueRequest();
67 break; 66 break;
68 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: 67 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
69 // We ignore this error but will show a warning status in the location 68 // We ignore this error but will show a warning status in the location
70 // bar. 69 // bar.
71 handler->ContinueRequest(); 70 handler->ContinueRequest();
72 break; 71 break;
73 case net::ERR_CERT_CONTAINS_ERRORS: 72 case net::ERR_CERT_CONTAINS_ERRORS:
74 case net::ERR_CERT_REVOKED: 73 case net::ERR_CERT_REVOKED:
75 case net::ERR_CERT_INVALID: 74 case net::ERR_CERT_INVALID:
76 case net::ERR_CERT_NOT_IN_DNS: 75 case net::ERR_CERT_NOT_IN_DNS:
76 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM:
77 OnCertErrorInternal(handler, false); 77 OnCertErrorInternal(handler, false);
78 break; 78 break;
79 default: 79 default:
80 NOTREACHED(); 80 NOTREACHED();
81 handler->CancelRequest(); 81 handler->CancelRequest();
82 break; 82 break;
83 } 83 }
84 } 84 }
85 85
86 void SSLPolicy::DidRunInsecureContent(NavigationEntry* entry, 86 void SSLPolicy::DidRunInsecureContent(NavigationEntry* entry,
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after
211 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ? 211 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ?
212 content::SECURITY_STYLE_AUTHENTICATED : 212 content::SECURITY_STYLE_AUTHENTICATED :
213 content::SECURITY_STYLE_UNAUTHENTICATED); 213 content::SECURITY_STYLE_UNAUTHENTICATED);
214 } 214 }
215 215
216 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { 216 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) {
217 GURL parsed_origin(origin); 217 GURL parsed_origin(origin);
218 if (parsed_origin.SchemeIsSecure()) 218 if (parsed_origin.SchemeIsSecure())
219 backend_->HostRanInsecureContent(parsed_origin.host(), pid); 219 backend_->HostRanInsecureContent(parsed_origin.host(), pid);
220 } 220 }
OLDNEW
« no previous file with comments | « no previous file | net/base/cert_status_flags.cc » ('j') | net/base/x509_certificate.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698