chrome/browser/ssl/certificate_error_report.cc - Issue 1180313006: Include unverified server-sent cert chain in reports

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: chrome/browser/ssl/certificate_error_report.cc

Issue 1180313006: Include unverified server-sent cert chain in reports (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: revert testing changes Created 5 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: chrome/browser/ssl/certificate_error_report.cc

diff --git a/chrome/browser/ssl/certificate_error_report.cc b/chrome/browser/ssl/certificate_error_report.cc

index b54a8671d2ab361b00452c26dae22a86511509e5..67e8edd64294440a7631389a2b31aab1015fbe97 100644

--- a/chrome/browser/ssl/certificate_error_report.cc

+++ b/chrome/browser/ssl/certificate_error_report.cc

@@ -7,6 +7,7 @@

#include <vector>

#include "base/stl_util.h"

+#include "base/strings/string_util.h"

#include "base/time/time.h"

#include "chrome/browser/ssl/cert_logger.pb.h"

#include "net/cert/cert_status_flags.h"

@@ -48,6 +49,17 @@ void AddCertStatusToReportErrors(net::CertStatus cert_status,

if (cert_status & net::CERT_STATUS_NO_REVOCATION_MECHANISM)

report->add_cert_error(CertLoggerRequest::ERR_CERT_NO_REVOCATION_MECHANISM);

}

+bool CertificateChainToString(scoped_refptr<net::X509Certificate> cert,

+ std::string* result) {

+ std::vector<std::string> pem_encoded_chain;

+ if (!cert->GetPEMEncodedChain(&pem_encoded_chain))

+ return false;

+ *result = JoinString(pem_encoded_chain, std::string());

+ return true;

} // namespace

CertificateErrorReport::CertificateErrorReport()

@@ -61,14 +73,17 @@ CertificateErrorReport::CertificateErrorReport(const std::string& hostname,

cert_report_->set_time_usec(now.ToInternalValue());

cert_report_->set_hostname(hostname);

- std::vector<std::string> pem_encoded_chain;

- if (!ssl_info.cert->GetPEMEncodedChain(&pem_encoded_chain)) {

+ if (!CertificateChainToString(ssl_info.cert,

+ cert_report_->mutable_cert_chain())) {

LOG(ERROR) << "Could not get PEM encoded chain.";

}

- std::string* cert_chain = cert_report_->mutable_cert_chain();

- for (size_t i = 0; i < pem_encoded_chain.size(); ++i)

- cert_chain->append(pem_encoded_chain[i]);

+ if (ssl_info.unverified_cert &&

+ !CertificateChainToString(

+ ssl_info.unverified_cert,

+ cert_report_->mutable_unverified_cert_chain())) {

+ LOG(ERROR) << "Could not get PEM encoded unverified certificate chain.";

+ }

cert_report_->add_pin(ssl_info.pinning_failure_log);

« no previous file with comments | « chrome/browser/ssl/cert_logger.proto ('k') | chrome/browser/ssl/certificate_error_report_unittest.cc » ('j') | no next file with comments »