OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/spdy/spdy_session.h" | 5 #include "net/spdy/spdy_session.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <limits> | 8 #include <limits> |
9 #include <map> | 9 #include <map> |
10 #include <utility> | 10 #include <utility> |
(...skipping 636 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
647 if (ssl_info.channel_id_sent && | 647 if (ssl_info.channel_id_sent && |
648 ChannelIDService::GetDomainForHost(new_hostname) != | 648 ChannelIDService::GetDomainForHost(new_hostname) != |
649 ChannelIDService::GetDomainForHost(old_hostname)) { | 649 ChannelIDService::GetDomainForHost(old_hostname)) { |
650 return false; | 650 return false; |
651 } | 651 } |
652 | 652 |
653 bool unused = false; | 653 bool unused = false; |
654 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused)) | 654 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused)) |
655 return false; | 655 return false; |
656 | 656 |
657 // Pinning is bypassed for local roots. | |
658 if (!ssl_info.is_issued_by_known_root) | |
659 return true; | |
Ryan Sleevi
2016/06/09 19:17:32
FWIW, and for better or worse, it was intentional
davidben
2016/06/09 19:19:15
I believe this aligns with the old behavior, but I
dadrian
2016/06/09 21:58:57
Done.
| |
660 | |
657 std::string pinning_failure_log; | 661 std::string pinning_failure_log; |
658 // DISABLE_PIN_REPORTS is set here because this check can fail in | 662 // DISABLE_PIN_REPORTS is set here because this check can fail in |
659 // normal operation without being indicative of a misconfiguration or | 663 // normal operation without being indicative of a misconfiguration or |
660 // attack. Port is left at 0 as it is never used. | 664 // attack. Port is left at 0 as it is never used. |
661 if (!transport_security_state->CheckPublicKeyPins( | 665 if (!transport_security_state->CheckPublicKeyPins( |
davidben
2016/06/09 15:56:32
I think it'd be better for this to return an enum.
davidben
2016/06/09 15:58:05
Another possibility is maybe this returns the old
dadrian
2016/06/09 16:39:40
It looks like the current documentation already ma
| |
662 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root, | 666 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root, |
663 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), | 667 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), |
664 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS, | 668 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS, |
665 &pinning_failure_log)) { | 669 &pinning_failure_log)) { |
666 return false; | 670 return false; |
667 } | 671 } |
668 | 672 |
669 return true; | 673 return true; |
670 } | 674 } |
671 | 675 |
(...skipping 2717 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3389 if (!queue->empty()) { | 3393 if (!queue->empty()) { |
3390 SpdyStreamId stream_id = queue->front(); | 3394 SpdyStreamId stream_id = queue->front(); |
3391 queue->pop_front(); | 3395 queue->pop_front(); |
3392 return stream_id; | 3396 return stream_id; |
3393 } | 3397 } |
3394 } | 3398 } |
3395 return 0; | 3399 return 0; |
3396 } | 3400 } |
3397 | 3401 |
3398 } // namespace net | 3402 } // namespace net |
OLD | NEW |