| Index: ios/web/net/crw_cert_verification_controller.h
|
| diff --git a/ios/web/net/crw_cert_verification_controller.h b/ios/web/net/crw_cert_verification_controller.h
|
| index 321d78a43994309a52c92709f5640f71c32ac5d6..32e7f8a11a440a524d0f7eab4ed1da0f16f67cf2 100644
|
| --- a/ios/web/net/crw_cert_verification_controller.h
|
| +++ b/ios/web/net/crw_cert_verification_controller.h
|
| @@ -26,12 +26,15 @@ typedef NS_ENUM(NSInteger, CertAcceptPolicy) {
|
| CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR = 0,
|
| // Cert is not valid. Caller may present SSL warning and ask user if they
|
| // want to proceed with the load.
|
| - CERT_ACCEPT_POLICY_RECOVERABLE_ERROR,
|
| + CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_NOT_ACCEPTED_BY_USER,
|
| + // Cert is not valid. However caller should proceed with the load, because
|
| + // user has decided to proceed with this invalid cert.
|
| + CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER,
|
| // Cert is valid. Caller should proceed with the load.
|
| CERT_ACCEPT_POLICY_ALLOW,
|
| };
|
|
|
| -// Completion handler called by decidePolicyForCert:host:completionHandler:.
|
| +// Completion handler called by decideLoadPolicyForTrust:host:completionHandler.
|
| typedef void (^PolicyDecisionHandler)(web::CertAcceptPolicy, net::CertStatus);
|
| // Completion handler called by decidePolicyForCert:host:completionHandler:.
|
| typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
|
| @@ -50,17 +53,14 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
|
| - (instancetype)initWithBrowserState:(web::BrowserState*)browserState
|
| NS_DESIGNATED_INITIALIZER;
|
|
|
| -// TODO(eugenebut): add API for:
|
| -// - accepting bad SSL cert using CertPolicyCache
|
| -
|
| -// Decides the policy for the given |cert| for the given |host| and calls
|
| -// |completionHandler| on completion. |host| should be in DNS form
|
| +// Decides the policy for the given |serverTrust| and the given |host| and calls
|
| +// |completionHandler| on completion. |host| should be in DNS form
|
| // (f.e. for "http://名がドメイン.com", it should be "xn--v8jxj3d1dzdz08w.com").
|
| // |completionHandler| cannot be null and will be called synchronously or
|
| // asynchronously on UI thread.
|
| -- (void)decidePolicyForCert:(const scoped_refptr<net::X509Certificate>&)cert
|
| - host:(NSString*)host
|
| - completionHandler:(web::PolicyDecisionHandler)completionHandler;
|
| +- (void)decideLoadPolicyForTrust:(SecTrustRef)serverTrust
|
| + host:(NSString*)host
|
| + completionHandler:(web::PolicyDecisionHandler)completionHandler;
|
|
|
| // Asynchronously returns web::SecurityStyle and net::CertStatus for the given
|
| // |certificateChain| (an NSArray of SecSertificateRef objects) and |host|.
|
| @@ -69,6 +69,13 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus);
|
| host:(NSString*)host
|
| completionHandler:(web::StatusQueryHandler)completionHandler;
|
|
|
| +// Records that |leafCert| is permitted to be used for |host| in the future.
|
| +// |host| should be in DNS form. |leafCert| must not contain any intermidiate
|
| +// certs.
|
| +- (void)allowCert:(scoped_refptr<net::X509Certificate>)leafCert
|
| + forHost:(NSString*)host
|
| + status:(net::CertStatus)status;
|
| +
|
| // Cancels all pending verification requests. Completion handlers will not be
|
| // called after |shutDown| call. Must always be called before object's
|
| // deallocation.
|
|
|
Chromium Code Reviews
Issue 1357773002:
WKWebView: Implemented recoverable SSL interstitials. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lock_coloring