Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(83)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/spdy_session.cc

Issue 2016143002: Expose when PKP is bypassed in SSLInfo. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Maintain old SPDY semantics Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_session.h" 5 #include "net/spdy/spdy_session.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 #include <map> 9 #include <map>
10 #include <utility> 10 #include <utility>
(...skipping 645 matching lines...) Expand 10 before | Expand all | Expand 10 after
656 656
657 std::string pinning_failure_log; 657 std::string pinning_failure_log;
658 // DISABLE_PIN_REPORTS is set here because this check can fail in 658 // DISABLE_PIN_REPORTS is set here because this check can fail in
659 // normal operation without being indicative of a misconfiguration or 659 // normal operation without being indicative of a misconfiguration or
660 // attack. Port is left at 0 as it is never used. 660 // attack. Port is left at 0 as it is never used.
661 if (!transport_security_state->CheckPublicKeyPins( 661 if (!transport_security_state->CheckPublicKeyPins(
662 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root, 662 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root,
663 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), 663 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(),
664 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS, 664 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS,
665 &pinning_failure_log)) { 665 &pinning_failure_log)) {
666 return false; 666 if (ssl_info.is_issued_by_known_root)
estark 2016/06/08 17:09:28 optional nit: we might as well bypass CheckPublicK
dadrian 2016/06/08 17:38:51 Done.
667 return false;
667 } 668 }
668 669
669 return true; 670 return true;
670 } 671 }
671 672
672 SpdySession::SpdySession( 673 SpdySession::SpdySession(
673 const SpdySessionKey& spdy_session_key, 674 const SpdySessionKey& spdy_session_key,
674 const base::WeakPtr<HttpServerProperties>& http_server_properties, 675 const base::WeakPtr<HttpServerProperties>& http_server_properties,
675 TransportSecurityState* transport_security_state, 676 TransportSecurityState* transport_security_state,
676 bool verify_domain_authentication, 677 bool verify_domain_authentication,
(...skipping 2712 matching lines...) Expand 10 before | Expand all | Expand 10 after
3389 if (!queue->empty()) { 3390 if (!queue->empty()) {
3390 SpdyStreamId stream_id = queue->front(); 3391 SpdyStreamId stream_id = queue->front();
3391 queue->pop_front(); 3392 queue->pop_front();
3392 return stream_id; 3393 return stream_id;
3393 } 3394 }
3394 } 3395 }
3395 return 0; 3396 return 0;
3396 } 3397 }
3397 3398
3398 } // namespace net 3399 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698