Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(65)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/safe_browsing/ping_manager.cc

Issue 1083493003: Encrypt certificate reports before uploading to HTTP URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix unused variable compile error on non-openssl Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/net/certificate_error_reporter_unittest.cc ('k') | crypto/aead_openssl.h » ('j') | crypto/aead_openssl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/safe_browsing/ping_manager.cc
diff --git a/chrome/browser/safe_browsing/ping_manager.cc b/chrome/browser/safe_browsing/ping_manager.cc
index f8335d748a4872d359d424c926c2ac5cc383921a..3fe6129707f022664f4db538a680a7581fb7e83f 100644
--- a/chrome/browser/safe_browsing/ping_manager.cc
+++ b/chrome/browser/safe_browsing/ping_manager.cc
@@ -24,8 +24,12 @@ using chrome_browser_net::CertificateErrorReporter;
using content::BrowserThread;
namespace {
-// URL to upload invalid certificate chain reports
-const char kExtendedReportingUploadUrl[] =
+// URLs to upload invalid certificate chain reports. The HTTP URL is
+// preferred since a client seeing an invalid cert might not be able to
+// make an HTTPS connection to report it.
+// TODO(estark): insert the production HTTP URL when it's ready
+const char kExtendedReportingUploadUrlInsecure[] = "";
+const char kExtendedReportingUploadUrlSecure[] =
"https://sb-ssl.google.com/safebrowsing/clientreport/chrome-certs";
} // namespace
@@ -44,16 +48,21 @@ SafeBrowsingPingManager::SafeBrowsingPingManager(
const SafeBrowsingProtocolConfig& config)
: client_name_(config.client_name),
request_context_getter_(request_context_getter),
- url_prefix_(config.url_prefix),
- certificate_error_reporter_(
- request_context_getter
- ? new CertificateErrorReporter(
- request_context_getter->GetURLRequestContext(),
- GURL(kExtendedReportingUploadUrl),
- CertificateErrorReporter::SEND_COOKIES)
- : nullptr) {
+ url_prefix_(config.url_prefix) {
DCHECK(!url_prefix_.empty());
+ if (request_context_getter) {
+ certificate_error_reporter_.reset(new CertificateErrorReporter(
+ request_context_getter->GetURLRequestContext(),
+ (CertificateErrorReporter::IsHttpUploadUrlSupported() &&
+ strlen(kExtendedReportingUploadUrlInsecure) > 0)
+ ? GURL(kExtendedReportingUploadUrlInsecure)
+ : GURL(kExtendedReportingUploadUrlSecure),
mattm 2015/04/23 22:59:14 This condition feels a little large/unwieldy to do
estark 2015/04/23 23:53:47 Done.
+ CertificateErrorReporter::SEND_COOKIES));
+ } else {
+ certificate_error_reporter_ = nullptr;
mattm 2015/04/23 22:59:14 unnecessary
estark 2015/04/23 23:53:47 Done.
+ }
+
version_ = SafeBrowsingProtocolManagerHelper::Version();
}
« no previous file with comments | « chrome/browser/net/certificate_error_reporter_unittest.cc ('k') | crypto/aead_openssl.h » ('j') | crypto/aead_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698