| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 3074 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3085 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and | 3085 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and |
| 3086 // http://crbug.com/15630 for more info. | 3086 // http://crbug.com/15630 for more info. |
| 3087 | 3087 |
| 3088 const CertStatus cert_status = server_cert_verify_result_.cert_status; | 3088 const CertStatus cert_status = server_cert_verify_result_.cert_status; |
| 3089 if (transport_security_state_ && | 3089 if (transport_security_state_ && |
| 3090 (result == OK || | 3090 (result == OK || |
| 3091 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 3091 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 3092 !transport_security_state_->CheckPublicKeyPins( | 3092 !transport_security_state_->CheckPublicKeyPins( |
| 3093 host_and_port_.host(), | 3093 host_and_port_.host(), |
| 3094 server_cert_verify_result_.is_issued_by_known_root, | 3094 server_cert_verify_result_.is_issued_by_known_root, |
| 3095 server_cert_verify_result_.public_key_hashes, | 3095 server_cert_verify_result_.public_key_hashes, host_and_port_.port(), |
| 3096 core_->state().server_cert, server_cert_verify_result_.verified_cert, |
| 3097 TransportSecurityState::SEND_PUBLIC_KEY_PIN_REPORT, |
| 3096 &pinning_failure_log_)) { | 3098 &pinning_failure_log_)) { |
| 3097 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 3099 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 3098 } | 3100 } |
| 3099 | 3101 |
| 3100 if (result == OK) { | 3102 if (result == OK) { |
| 3101 // Only check Certificate Transparency if there were no other errors with | 3103 // Only check Certificate Transparency if there were no other errors with |
| 3102 // the connection. | 3104 // the connection. |
| 3103 VerifyCT(); | 3105 VerifyCT(); |
| 3104 | 3106 |
| 3105 // Only cache the session if the certificate verified successfully. | 3107 // Only cache the session if the certificate verified successfully. |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3186 return channel_id_service_; | 3188 return channel_id_service_; |
| 3187 } | 3189 } |
| 3188 | 3190 |
| 3189 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3191 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
| 3190 if (completed_handshake_) | 3192 if (completed_handshake_) |
| 3191 return SSL_FAILURE_NONE; | 3193 return SSL_FAILURE_NONE; |
| 3192 return SSL_FAILURE_UNKNOWN; | 3194 return SSL_FAILURE_UNKNOWN; |
| 3193 } | 3195 } |
| 3194 | 3196 |
| 3195 } // namespace net | 3197 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1213783005:
Send HPKP violation reports when a pin check fails (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master