Chromium Code Reviews Chromium Code Reviews
Issue 2016143002:
Expose when PKP is bypassed in SSLInfo. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/proof_verifier_chromium.h" | 5 #include "net/quic/crypto/proof_verifier_chromium.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/bind.h" | 9 #include "base/bind.h" |
| 10 #include "base/bind_helpers.h" | 10 #include "base/bind_helpers.h" |
| (...skipping 317 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 328 if (transport_security_state_ && | 328 if (transport_security_state_ && |
| 329 (result == OK || | 329 (result == OK || |
| 330 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 330 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 331 !transport_security_state_->CheckPublicKeyPins( | 331 !transport_security_state_->CheckPublicKeyPins( |
| 332 HostPortPair(hostname_, port_), | 332 HostPortPair(hostname_, port_), |
| 333 cert_verify_result.is_issued_by_known_root, | 333 cert_verify_result.is_issued_by_known_root, |
| 334 cert_verify_result.public_key_hashes, cert_.get(), | 334 cert_verify_result.public_key_hashes, cert_.get(), |
| 335 cert_verify_result.verified_cert.get(), | 335 cert_verify_result.verified_cert.get(), |
| 336 TransportSecurityState::ENABLE_PIN_REPORTS, | 336 TransportSecurityState::ENABLE_PIN_REPORTS, |
| 337 &verify_details_->pinning_failure_log)) { | 337 &verify_details_->pinning_failure_log)) { |
| 338 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 338 if (cert_verify_result.is_issued_by_known_root) |
| 339 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | |
| 340 else | |
| 341 verify_details_->cert_verify_result.pkp_bypassed = true; | |
|
Ryan Sleevi
2016/06/09 22:09:05
Move this to be on ProofVerifyDetailsChromium (e.g
| |
| 339 } | 342 } |
| 340 | 343 |
| 341 if (result != OK) { | 344 if (result != OK) { |
| 342 std::string error_string = ErrorToString(result); | 345 std::string error_string = ErrorToString(result); |
| 343 error_details_ = StringPrintf("Failed to verify certificate chain: %s", | 346 error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
| 344 error_string.c_str()); | 347 error_string.c_str()); |
| 345 DLOG(WARNING) << error_details_; | 348 DLOG(WARNING) << error_details_; |
| 346 } | 349 } |
| 347 | 350 |
| 348 // Exit DoLoop and return the result to the caller to VerifyProof. | 351 // Exit DoLoop and return the result to the caller to VerifyProof. |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 465 } | 468 } |
| 466 return status; | 469 return status; |
| 467 } | 470 } |
| 468 | 471 |
| 469 void ProofVerifierChromium::OnJobComplete(Job* job) { | 472 void ProofVerifierChromium::OnJobComplete(Job* job) { |
| 470 active_jobs_.erase(job); | 473 active_jobs_.erase(job); |
| 471 delete job; | 474 delete job; |
| 472 } | 475 } |
| 473 | 476 |
| 474 } // namespace net | 477 } // namespace net |
| OLD | NEW |
