| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 3479 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3490 if (transport_security_state_ && | 3490 if (transport_security_state_ && |
| 3491 (result == OK || | 3491 (result == OK || |
| 3492 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 3492 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 3493 server_cert_verify_result_.is_issued_by_known_root && | 3493 server_cert_verify_result_.is_issued_by_known_root && |
| 3494 TransportSecurityState::IsBuildTimely()) { | 3494 TransportSecurityState::IsBuildTimely()) { |
| 3495 bool sni_available = | 3495 bool sni_available = |
| 3496 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || | 3496 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || |
| 3497 ssl_config_.version_fallback; | 3497 ssl_config_.version_fallback; |
| 3498 const std::string& host = host_and_port_.host(); | 3498 const std::string& host = host_and_port_.host(); |
| 3499 | 3499 |
| 3500 TransportSecurityState::DomainState domain_state; | 3500 if (transport_security_state_->HasPublicKeyPins(host, sni_available)) { |
| 3501 if (transport_security_state_->GetDomainState(host, sni_available, | 3501 if (!transport_security_state_->CheckPublicKeyPins( |
| 3502 &domain_state) && | 3502 host, |
| 3503 domain_state.HasPublicKeyPins()) { | 3503 sni_available, |
| 3504 if (!domain_state.CheckPublicKeyPins( | |
| 3505 server_cert_verify_result_.public_key_hashes, | 3504 server_cert_verify_result_.public_key_hashes, |
| 3506 &pinning_failure_log_)) { | 3505 &pinning_failure_log_)) { |
| 3507 LOG(ERROR) << pinning_failure_log_; | 3506 LOG(ERROR) << pinning_failure_log_; |
| 3508 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 3507 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 3509 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); | 3508 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); |
| 3510 TransportSecurityState::ReportUMAOnPinFailure(host); | 3509 TransportSecurityState::ReportUMAOnPinFailure(host); |
| 3511 } else { | 3510 } else { |
| 3512 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); | 3511 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); |
| 3513 } | 3512 } |
| 3514 } | 3513 } |
| (...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3615 scoped_refptr<X509Certificate> | 3614 scoped_refptr<X509Certificate> |
| 3616 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3615 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
| 3617 return core_->state().server_cert.get(); | 3616 return core_->state().server_cert.get(); |
| 3618 } | 3617 } |
| 3619 | 3618 |
| 3620 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3619 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3621 return server_bound_cert_service_; | 3620 return server_bound_cert_service_; |
| 3622 } | 3621 } |
| 3623 | 3622 |
| 3624 } // namespace net | 3623 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 103803012:
Make HSTS headers not clobber preloaded pins. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src