| Index: chrome/browser/ssl/ssl_error_handler.cc
|
| diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
|
| index adeac656ee511246ced3116bbb536808a32fe1b1..3469999e3f6350db972d285c22ba633956abf33f 100644
|
| --- a/chrome/browser/ssl/ssl_error_handler.cc
|
| +++ b/chrome/browser/ssl/ssl_error_handler.cc
|
| @@ -11,6 +11,7 @@
|
| #include "chrome/browser/profiles/profile.h"
|
| #include "chrome/browser/ssl/ssl_blocking_page.h"
|
| #include "chrome/browser/ssl/ssl_cert_reporter.h"
|
| +#include "chrome/browser/ssl/ssl_error_classification.h"
|
| #include "content/public/browser/notification_service.h"
|
| #include "content/public/browser/notification_source.h"
|
| #include "content/public/browser/web_contents.h"
|
| @@ -48,10 +49,10 @@ void RecordUMA(SSLErrorHandlerEvent event) {
|
| SSL_ERROR_HANDLER_EVENT_COUNT);
|
| }
|
|
|
| -#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| // The delay before displaying the SSL interstitial for cert errors.
|
| -// - If a "captive portal detected" result arrives in this many seconds,
|
| -// a captive portal interstitial is displayed.
|
| +// - If a "captive portal detected" or "suggested url valid" result
|
| +// arrives in this many seconds, then a captive portal interstitial
|
| +// or a common name mismatch interstitial is displayed.
|
| // - Otherwise, an SSL interstitial is displayed.
|
| const int kDefaultInterstitialDisplayDelayInSeconds = 2;
|
|
|
| @@ -74,6 +75,7 @@ base::TimeDelta GetInterstitialDisplayDelay(
|
| return base::TimeDelta();
|
| }
|
|
|
| +#if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| bool IsCaptivePortalInterstitialEnabled() {
|
| return base::FieldTrialList::FindFullName("CaptivePortalInterstitial") ==
|
| "Enabled";
|
| @@ -153,6 +155,24 @@ SSLErrorHandler::~SSLErrorHandler() {
|
| void SSLErrorHandler::StartHandlingError() {
|
| RecordUMA(HANDLE_ALL);
|
|
|
| + std::vector<std::string> dns_names;
|
| + ssl_info_.cert->GetDNSNames(&dns_names);
|
| + DCHECK(!dns_names.empty());
|
| + GURL suggested_url;
|
| + if (GetSuggestedUrl(request_url_, dns_names, &suggested_url)) {
|
| + CheckSuggestedUrl(suggested_url);
|
| + timer_.Start(FROM_HERE,
|
| + GetInterstitialDisplayDelay(g_interstitial_delay_type), this,
|
| + &SSLErrorHandler::OnTimerExpired);
|
| + if (g_timer_started_callback)
|
| + g_timer_started_callback->Run(web_contents_);
|
| +
|
| + // Do not check for a captive portal in this case, because a captive
|
| + // portal most likely cannot serve a valid certificate which passes the
|
| + // similarity check.
|
| + return;
|
| + }
|
| +
|
| #if defined(ENABLE_CAPTIVE_PORTAL_DETECTION)
|
| if (IsCaptivePortalInterstitialEnabled()) {
|
| CheckForCaptivePortal();
|
| @@ -165,11 +185,31 @@ void SSLErrorHandler::StartHandlingError() {
|
| }
|
| #endif
|
| // Display an SSL interstitial.
|
| - ShowSSLInterstitial();
|
| + ShowSSLInterstitial(GURL());
|
| }
|
|
|
| void SSLErrorHandler::OnTimerExpired() {
|
| - ShowSSLInterstitial();
|
| + ShowSSLInterstitial(GURL());
|
| +}
|
| +
|
| +bool SSLErrorHandler::GetSuggestedUrl(const GURL& request_url,
|
| + const std::vector<std::string>& dns_names,
|
| + GURL* suggested_url) {
|
| + return CommonNameMismatchHandler::GetSuggestedUrl(request_url_, dns_names,
|
| + suggested_url);
|
| +}
|
| +
|
| +void SSLErrorHandler::CheckSuggestedUrl(const GURL& suggested_url) {
|
| + Profile* profile =
|
| + Profile::FromBrowserContext(web_contents_->GetBrowserContext());
|
| + scoped_refptr<net::URLRequestContextGetter> request_context(
|
| + profile->GetRequestContext());
|
| + common_name_mismatch_handler_.reset(
|
| + new CommonNameMismatchHandler(request_url_, request_context));
|
| + common_name_mismatch_handler_->CheckSuggestedUrl(
|
| + suggested_url,
|
| + base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
|
| + base::Unretained(this)));
|
| }
|
|
|
| void SSLErrorHandler::CheckForCaptivePortal() {
|
| @@ -203,7 +243,7 @@ void SSLErrorHandler::ShowCaptivePortalInterstitial(const GURL& landing_url) {
|
| #endif
|
| }
|
|
|
| -void SSLErrorHandler::ShowSSLInterstitial() {
|
| +void SSLErrorHandler::ShowSSLInterstitial(const GURL& suggested_url) {
|
| // Show SSL blocking page. The interstitial owns the blocking page.
|
| const Profile* const profile =
|
| Profile::FromBrowserContext(web_contents_->GetBrowserContext());
|
| @@ -212,7 +252,8 @@ void SSLErrorHandler::ShowSSLInterstitial() {
|
| : SHOW_SSL_INTERSTITIAL_NONOVERRIDABLE);
|
| (new SSLBlockingPage(web_contents_, cert_error_, ssl_info_, request_url_,
|
| options_mask_, base::Time::NowFromSystemTime(),
|
| - ssl_cert_reporter_.Pass(), callback_))->Show();
|
| + ssl_cert_reporter_.Pass(), callback_, suggested_url))
|
| + ->Show();
|
| // Once an interstitial is displayed, no need to keep the handler around.
|
| // This is the equivalent of "delete this".
|
| web_contents_->RemoveUserData(UserDataKey());
|
| @@ -230,7 +271,7 @@ void SSLErrorHandler::Observe(
|
| if (results->result == captive_portal::RESULT_BEHIND_CAPTIVE_PORTAL)
|
| ShowCaptivePortalInterstitial(results->landing_url);
|
| else
|
| - ShowSSLInterstitial();
|
| + ShowSSLInterstitial(GURL());
|
| }
|
| #endif
|
| }
|
| @@ -248,3 +289,14 @@ void SSLErrorHandler::DidStartNavigationToPendingEntry(
|
| }
|
| web_contents_->RemoveUserData(UserDataKey());
|
| }
|
| +
|
| +void SSLErrorHandler::CommonNameMismatchHandlerCallback(
|
| + const CommonNameMismatchHandler::Results& results) {
|
| + timer_.Stop();
|
| + if (results.result == CommonNameMismatchHandler::SuggestedUrlCheckResult::
|
| + RESULT_SUGGESTED_URL_VALID) {
|
| + ShowSSLInterstitial(results.new_url);
|
| + } else {
|
| + ShowSSLInterstitial(GURL());
|
| + }
|
| +}
|
|
|
Chromium Code Reviews
Issue 1223233002:
Common Name Mismatch Handler For WWW Subdomain Mismatch case (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master