| Index: ios/web/net/crw_cert_verification_controller.h
|
| diff --git a/ios/web/net/crw_cert_verification_controller.h b/ios/web/net/crw_cert_verification_controller.h
|
| index f1da9649197e13c71bc2280df013c9da2143e2f8..238b68140e6f610ec340cb44b2edb978f1c9cb0a 100644
|
| --- a/ios/web/net/crw_cert_verification_controller.h
|
| +++ b/ios/web/net/crw_cert_verification_controller.h
|
| @@ -27,12 +27,15 @@ typedef NS_ENUM(NSInteger, CertAcceptPolicy) {
|
| CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR = 0,
|
| // Cert is not valid. Caller may present SSL warning and ask user if they
|
| // want to proceed with the load.
|
| - CERT_ACCEPT_POLICY_RECOVERABLE_ERROR,
|
| + CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_NOT_ACCEPTED_BY_USER,
|
| + // Cert is not valid. However caller should proceed with the load because
|
| + // user has decided to proceed with this invalid cert.
|
| + CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER,
|
| // Cert is valid. Caller should proceed with the load.
|
| CERT_ACCEPT_POLICY_ALLOW,
|
| };
|
|
|
| -// Completion handler called by decidePolicyForCert:host:completionHandler:.
|
| +// Completion handler called by decideLoadPolicyForTrust:host:completionHandler.
|
| typedef void (^PolicyDecisionHandler)(web::CertAcceptPolicy, net::CertStatus);
|
| // Completion handler called by querySSLStatusForTrust:host:completionHandler:.
|
| typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
|
| @@ -51,17 +54,14 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
|
| - (instancetype)initWithBrowserState:(web::BrowserState*)browserState
|
| NS_DESIGNATED_INITIALIZER;
|
|
|
| -// TODO(eugenebut): add API for:
|
| -// - accepting bad SSL cert using CertPolicyCache
|
| -
|
| -// Decides the policy for the given |cert| for the given |host| and calls
|
| +// Decides the policy for the given |serverTrust| for the given |host| and calls
|
| // |completionHandler| on completion. |host| should be in ASCII compatible form
|
| // (e.g. for "http://名がドメイン.com", it should be "xn--v8jxj3d1dzdz08w.com").
|
| // |completionHandler| cannot be null and will be called synchronously or
|
| // asynchronously on the UI thread.
|
| -- (void)decidePolicyForCert:(const scoped_refptr<net::X509Certificate>&)cert
|
| - host:(NSString*)host
|
| - completionHandler:(web::PolicyDecisionHandler)completionHandler;
|
| +- (void)decideLoadPolicyForTrust:(base::ScopedCFTypeRef<SecTrustRef>)serverTrust
|
| + host:(NSString*)host
|
| + completionHandler:(web::PolicyDecisionHandler)completionHandler;
|
|
|
| // Asynchronously returns web::SecurityStyle and net::CertStatus for the given
|
| // |serverTrust| and |host|. |host| should be in ASCII compatible form.
|
| @@ -69,6 +69,15 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
|
| host:(NSString*)host
|
| completionHandler:(web::StatusQueryHandler)completionHandler;
|
|
|
| +// Records that |cert| is permitted to be used for |host| in the future.
|
| +// |host| should be in ASCII compatible form. Next time when
|
| +// |decideLoadPolicyForTrust:| is called for the same server cert it will return
|
| +// CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER if cert error is
|
| +// recoverable.
|
| +- (void)allowCert:(scoped_refptr<net::X509Certificate>)cert
|
| + forHost:(NSString*)host
|
| + status:(net::CertStatus)status;
|
| +
|
| // Cancels all pending verification requests. Completion handlers will not be
|
| // called after |shutDown| call. Must always be called before object's
|
| // deallocation.
|
|
|
Chromium Code Reviews
Issue 1357773002:
WKWebView: Implemented recoverable SSL interstitials. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lock_coloring