| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 236 base::Unretained(this)), | 236 base::Unretained(this)), |
| 237 &cert_verifier_request_, net_log_); | 237 &cert_verifier_request_, net_log_); |
| 238 } | 238 } |
| 239 | 239 |
| 240 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { | 240 int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
| 241 cert_verifier_request_.reset(); | 241 cert_verifier_request_.reset(); |
| 242 | 242 |
| 243 const CertVerifyResult& cert_verify_result = | 243 const CertVerifyResult& cert_verify_result = |
| 244 verify_details_->cert_verify_result; | 244 verify_details_->cert_verify_result; |
| 245 const CertStatus cert_status = cert_verify_result.cert_status; | 245 const CertStatus cert_status = cert_verify_result.cert_status; |
| 246 // TODO(estark): replace 0 below with the port that the connection was |
| 247 // made on. |
| 246 if (transport_security_state_ && | 248 if (transport_security_state_ && |
| 247 (result == OK || | 249 (result == OK || |
| 248 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 250 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 249 !transport_security_state_->CheckPublicKeyPins( | 251 !transport_security_state_->CheckPublicKeyPins( |
| 250 hostname_, | 252 hostname_, cert_verify_result.is_issued_by_known_root, |
| 251 cert_verify_result.is_issued_by_known_root, | 253 cert_verify_result.public_key_hashes, 0, cert_.get(), |
| 252 cert_verify_result.public_key_hashes, | 254 cert_verify_result.verified_cert.get(), |
| 255 TransportSecurityState::ENABLE_PIN_REPORTS, |
| 253 &verify_details_->pinning_failure_log)) { | 256 &verify_details_->pinning_failure_log)) { |
| 254 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 257 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 255 } | 258 } |
| 256 | 259 |
| 257 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | 260 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = |
| 258 SSLConfigService::GetEVCertsWhitelist(); | 261 SSLConfigService::GetEVCertsWhitelist(); |
| 259 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() && | 262 if ((cert_status & CERT_STATUS_IS_EV) && ev_whitelist.get() && |
| 260 ev_whitelist->IsValid()) { | 263 ev_whitelist->IsValid()) { |
| 261 const SHA256HashValue fingerprint( | 264 const SHA256HashValue fingerprint( |
| 262 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle())); | 265 X509Certificate::CalculateFingerprint256(cert_->os_cert_handle())); |
| (...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 397 } | 400 } |
| 398 return status; | 401 return status; |
| 399 } | 402 } |
| 400 | 403 |
| 401 void ProofVerifierChromium::OnJobComplete(Job* job) { | 404 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 402 active_jobs_.erase(job); | 405 active_jobs_.erase(job); |
| 403 delete job; | 406 delete job; |
| 404 } | 407 } |
| 405 | 408 |
| 406 } // namespace net | 409 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1213783005:
Send HPKP violation reports when a pin check fails (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master