Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(101)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/certificate_error_report.cc

Issue 1180313006: Include unverified server-sent cert chain in reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« chrome/browser/ssl/cert_logger.proto ('K') | « chrome/browser/ssl/cert_logger.proto ('k') | chrome/browser/ssl/certificate_error_report_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/certificate_error_report.cc
diff --git a/chrome/browser/ssl/certificate_error_report.cc b/chrome/browser/ssl/certificate_error_report.cc
index b54a8671d2ab361b00452c26dae22a86511509e5..1da20b6215627bdfd65efff15bd5871420476d4f 100644
--- a/chrome/browser/ssl/certificate_error_report.cc
+++ b/chrome/browser/ssl/certificate_error_report.cc
@@ -48,6 +48,19 @@ void AddCertStatusToReportErrors(net::CertStatus cert_status,
if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM)
report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM);
}
+
+bool CertificateChainToString(scoped_refptr<net::X509Certificate> cert,
+ std::string* result) {
+ std::vector<std::string> pem_encoded_chain;
+ if (!cert->GetPEMEncodedChain(&pem_encoded_chain))
+ return false;
+
+ for (size_t i = 0; i < pem_encoded_chain.size(); ++i)
meacer 2015/06/15 19:57:20 You can use C++11 style for loop here: for (const
estark 2015/06/15 20:47:37 Done. (JoinString)
+ result->append(pem_encoded_chain[i]);
+
+ return true;
+}
+
} // namespace
CertificateErrorReport::CertificateErrorReport()
@@ -61,14 +74,16 @@ CertificateErrorReport::CertificateErrorReport(const std::string& hostname,
cert_report_->set_time_usec(now.ToInternalValue());
cert_report_->set_hostname(hostname);
- std::vector<std::string> pem_encoded_chain;
- if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) {
+ if (!CertificateChainToString(ssl_info.cert,
+ cert_report_->mutable_cert_chain()))
LOG(ERROR) << "Could not get PEM encoded chain.";
meacer 2015/06/15 19:57:20 Wrap this statement with braces since |if| spans t
estark 2015/06/15 20:47:37 Done.
- }
- std::string* cert_chain = cert_report_->mutable_cert_chain();
- for (size_t i = 0; i < pem_encoded_chain.size(); ++i)
- cert_chain->append(pem_encoded_chain[i]);
+ if (ssl_info.unverified_cert &&
+ !CertificateChainToString(
+ ssl_info.unverified_cert,
+ cert_report_->mutable_unverified_cert_chain())) {
+ LOG(ERROR) << "Could not get PEM encoded unverified certificate chain.";
+ }
cert_report_->add_pin(ssl_info.pinning_failure_log);
« chrome/browser/ssl/cert_logger.proto ('K') | « chrome/browser/ssl/cert_logger.proto ('k') | chrome/browser/ssl/certificate_error_report_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698