Chromium Code Reviews Chromium Code Reviews
Issue 1357773002:
WKWebView: Implemented recoverable SSL interstitials. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@lock_coloring| Index: ios/web/net/crw_cert_verification_controller.h |
| diff --git a/ios/web/net/crw_cert_verification_controller.h b/ios/web/net/crw_cert_verification_controller.h |
| index 28a7a503d42557c8238e484efd8aaef8a7e925f3..6ecb7591cd361b3e27c409619b420ab3f08279c8 100644 |
| --- a/ios/web/net/crw_cert_verification_controller.h |
| +++ b/ios/web/net/crw_cert_verification_controller.h |
| @@ -27,12 +27,15 @@ typedef NS_ENUM(NSInteger, CertAcceptPolicy) { |
| CERT_ACCEPT_POLICY_NON_RECOVERABLE_ERROR = 0, |
| // Cert is not valid. Caller may present SSL warning and ask user if they |
| // want to proceed with the load. |
| - CERT_ACCEPT_POLICY_RECOVERABLE_ERROR, |
| + CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_NOT_ACCEPTED_BY_USER, |
|
jww
2015/10/17 20:47:19
Is this comment still valid? Isn't it actually som
Eugene But (OOO till 7-30)
2015/10/17 22:43:55
The original comment was correct (cert is indeed i
|
| + // Cert is not valid. However caller should proceed with the load because |
| + // user has decided to proceed with this invalid cert. |
| + CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER, |
| // Cert is valid. Caller should proceed with the load. |
| CERT_ACCEPT_POLICY_ALLOW, |
| }; |
| -// Completion handler called by decidePolicyForCert:host:completionHandler:. |
| +// Completion handler called by decideLoadPolicyForTrust:host:completionHandler. |
| typedef void (^PolicyDecisionHandler)(web::CertAcceptPolicy, net::CertStatus); |
| // Completion handler called by querySSLStatusForTrust:host:completionHandler:. |
| typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus); |
| @@ -51,17 +54,14 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus); |
| - (instancetype)initWithBrowserState:(web::BrowserState*)browserState |
| NS_DESIGNATED_INITIALIZER; |
| -// TODO(eugenebut): add API for: |
| -// - accepting bad SSL cert using CertPolicyCache |
| - |
| -// Decides the policy for the given |cert| for the given |host| and calls |
| +// Decides the policy for the given |serverTrust| for the given |host| and calls |
| // |completionHandler| on completion. |host| should be in ASCII compatible form |
| // (e.g. for "http://名がドメイン.com", it should be "xn--v8jxj3d1dzdz08w.com"). |
| // |completionHandler| cannot be null and will be called asynchronously on the |
| // UI thread. |
| -- (void)decidePolicyForCert:(const scoped_refptr<net::X509Certificate>&)cert |
| - host:(NSString*)host |
| - completionHandler:(web::PolicyDecisionHandler)completionHandler; |
| +- (void)decideLoadPolicyForTrust:(base::ScopedCFTypeRef<SecTrustRef>)serverTrust |
| + host:(NSString*)host |
| + completionHandler:(web::PolicyDecisionHandler)completionHandler; |
| // Asynchronously provides web::SecurityStyle and net::CertStatus for the given |
| // |serverTrust| and |host|. |host| should be in ASCII compatible form. |
| @@ -73,6 +73,15 @@ typedef void (^StatusQueryHandler)(web::SecurityStyle, net::CertStatus); |
| host:(NSString*)host |
| completionHandler:(web::StatusQueryHandler)completionHandler; |
| +// Records that |cert| is permitted to be used for |host| in the future. |
| +// |host| should be in ASCII compatible form. Next time when |
| +// |decideLoadPolicyForTrust:| is called for the same server cert it will return |
| +// CERT_ACCEPT_POLICY_RECOVERABLE_ERROR_ACCEPTED_BY_USER if cert error is |
| +// recoverable. |
| +- (void)allowCert:(scoped_refptr<net::X509Certificate>)cert |
| + forHost:(NSString*)host |
| + status:(net::CertStatus)status; |
| + |
| // Cancels all pending verification requests. Completion handlers will not be |
| // called after |shutDown| call. Must always be called before object's |
| // deallocation. |
