Chromium Code Reviews Chromium Code Reviews
Issue 12974003:
Improve TransportSecurityState data storage. (Closed)
Base URL: https://src.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 3458 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3469 TransportSecurityState::DomainState domain_state; | 3469 TransportSecurityState::DomainState domain_state; |
| 3470 if (transport_security_state_->GetDomainState(host, sni_available, | 3470 if (transport_security_state_->GetDomainState(host, sni_available, |
| 3471 &domain_state) && | 3471 &domain_state) && |
| 3472 domain_state.HasPublicKeyPins()) { | 3472 domain_state.HasPublicKeyPins()) { |
| 3473 if (!domain_state.CheckPublicKeyPins( | 3473 if (!domain_state.CheckPublicKeyPins( |
| 3474 server_cert_verify_result_.public_key_hashes)) { | 3474 server_cert_verify_result_.public_key_hashes)) { |
| 3475 // Pins are not enforced if the build is too old. | 3475 // Pins are not enforced if the build is too old. |
| 3476 if (TransportSecurityState::IsBuildTimely()) { | 3476 if (TransportSecurityState::IsBuildTimely()) { |
| 3477 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 3477 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 3478 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); | 3478 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); |
| 3479 TransportSecurityState::ReportUMAOnPinFailure(host); | 3479 domain_state.ReportUMAOnPinFailure(); |
|
palmer
2013/04/02 22:56:05
Re-reading the code around this line, which is my
unsafe
2013/04/03 05:21:42
Yeah, I think the build-age and reporting should m
| |
| 3480 } | 3480 } |
| 3481 } else { | 3481 } else { |
| 3482 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); | 3482 UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); |
| 3483 } | 3483 } |
| 3484 } | 3484 } |
| 3485 } | 3485 } |
| 3486 #endif | 3486 #endif |
| 3487 | 3487 |
| 3488 // Exit DoHandshakeLoop and return the result to the caller to Connect. | 3488 // Exit DoHandshakeLoop and return the result to the caller to Connect. |
| 3489 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 3489 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3534 EnsureThreadIdAssigned(); | 3534 EnsureThreadIdAssigned(); |
| 3535 base::AutoLock auto_lock(lock_); | 3535 base::AutoLock auto_lock(lock_); |
| 3536 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3536 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3537 } | 3537 } |
| 3538 | 3538 |
| 3539 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3539 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3540 return server_bound_cert_service_; | 3540 return server_bound_cert_service_; |
| 3541 } | 3541 } |
| 3542 | 3542 |
| 3543 } // namespace net | 3543 } // namespace net |
| OLD | NEW |
