OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/spdy_session.h" | 5 #include "net/spdy/spdy_session.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <map> | 8 #include <map> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
591 ChannelIDService::GetDomainForHost(new_hostname) != | 591 ChannelIDService::GetDomainForHost(new_hostname) != |
592 ChannelIDService::GetDomainForHost(old_hostname)) { | 592 ChannelIDService::GetDomainForHost(old_hostname)) { |
593 return false; | 593 return false; |
594 } | 594 } |
595 | 595 |
596 bool unused = false; | 596 bool unused = false; |
597 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused)) | 597 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused)) |
598 return false; | 598 return false; |
599 | 599 |
600 std::string pinning_failure_log; | 600 std::string pinning_failure_log; |
601 // TODO(estark): replace 0 below with the port of the connection | |
602 // (though it won't actually be used since reports aren't getting | |
603 // sent). | |
601 if (!transport_security_state->CheckPublicKeyPins( | 604 if (!transport_security_state->CheckPublicKeyPins( |
602 new_hostname, | 605 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root, |
603 ssl_info.is_issued_by_known_root, | 606 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), |
604 ssl_info.public_key_hashes, | 607 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS, |
davidben
2015/07/24 20:42:55
Should this send reports? I believe if we get this
estark
2015/07/25 00:10:31
Yeah... just because the certificate is valid in e
davidben
2015/07/25 01:48:58
Hrm. Okay, so it's specifically that the two certi
| |
605 &pinning_failure_log)) { | 608 &pinning_failure_log)) { |
606 return false; | 609 return false; |
607 } | 610 } |
608 | 611 |
609 return true; | 612 return true; |
610 } | 613 } |
611 | 614 |
612 SpdySession::SpdySession( | 615 SpdySession::SpdySession( |
613 const SpdySessionKey& spdy_session_key, | 616 const SpdySessionKey& spdy_session_key, |
614 const base::WeakPtr<HttpServerProperties>& http_server_properties, | 617 const base::WeakPtr<HttpServerProperties>& http_server_properties, |
(...skipping 2643 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3258 if (!queue->empty()) { | 3261 if (!queue->empty()) { |
3259 SpdyStreamId stream_id = queue->front(); | 3262 SpdyStreamId stream_id = queue->front(); |
3260 queue->pop_front(); | 3263 queue->pop_front(); |
3261 return stream_id; | 3264 return stream_id; |
3262 } | 3265 } |
3263 } | 3266 } |
3264 return 0; | 3267 return 0; |
3265 } | 3268 } |
3266 | 3269 |
3267 } // namespace net | 3270 } // namespace net |
OLD | NEW |