Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(225)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/safe_browsing/ping_manager.cc

Issue 1083493003: Encrypt certificate reports before uploading to HTTP URLs (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: add aead files to BUILD.gn Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/net/certificate_error_reporter_unittest.cc ('k') | crypto/BUILD.gn » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/safe_browsing/ping_manager.cc
diff --git a/chrome/browser/safe_browsing/ping_manager.cc b/chrome/browser/safe_browsing/ping_manager.cc
index f8335d748a4872d359d424c926c2ac5cc383921a..dba45aebf34d253c36fee2388f04f96752dea79f 100644
--- a/chrome/browser/safe_browsing/ping_manager.cc
+++ b/chrome/browser/safe_browsing/ping_manager.cc
@@ -24,8 +24,12 @@ using chrome_browser_net::CertificateErrorReporter;
using content::BrowserThread;
namespace {
-// URL to upload invalid certificate chain reports
-const char kExtendedReportingUploadUrl[] =
+// URLs to upload invalid certificate chain reports. The HTTP URL is
+// preferred since a client seeing an invalid cert might not be able to
+// make an HTTPS connection to report it.
+// TODO(estark): insert the production HTTP URL when it's ready
+const char kExtendedReportingUploadUrlInsecure[] = "";
+const char kExtendedReportingUploadUrlSecure[] =
"https://sb-ssl.google.com/safebrowsing/clientreport/chrome-certs";
} // namespace
@@ -44,16 +48,22 @@ SafeBrowsingPingManager::SafeBrowsingPingManager(
const SafeBrowsingProtocolConfig& config)
: client_name_(config.client_name),
request_context_getter_(request_context_getter),
- url_prefix_(config.url_prefix),
- certificate_error_reporter_(
- request_context_getter
- ? new CertificateErrorReporter(
- request_context_getter->GetURLRequestContext(),
- GURL(kExtendedReportingUploadUrl),
- CertificateErrorReporter::SEND_COOKIES)
- : nullptr) {
+ url_prefix_(config.url_prefix) {
DCHECK(!url_prefix_.empty());
+ if (request_context_getter) {
+ bool use_insecure_certificate_upload_url =
+ CertificateErrorReporter::IsHttpUploadUrlSupported() &&
+ strlen(kExtendedReportingUploadUrlInsecure) > 0;
+ GURL certificate_upload_url(use_insecure_certificate_upload_url
+ ? kExtendedReportingUploadUrlInsecure
+ : kExtendedReportingUploadUrlSecure);
+
+ certificate_error_reporter_.reset(new CertificateErrorReporter(
+ request_context_getter->GetURLRequestContext(), certificate_upload_url,
+ CertificateErrorReporter::SEND_COOKIES));
+ }
+
version_ = SafeBrowsingProtocolManagerHelper::Version();
}
« no previous file with comments | « chrome/browser/net/certificate_error_reporter_unittest.cc ('k') | crypto/BUILD.gn » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698