Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(83)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/spdy_session.cc

Issue 2016143002: Expose when PKP is bypassed in SSLInfo. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Make CertVerifyResult Great Again. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/quic/crypto/proof_verifier_chromium.h ('K') | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_session.h" 5 #include "net/spdy/spdy_session.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 #include <map> 9 #include <map>
10 #include <utility> 10 #include <utility>
(...skipping 640 matching lines...) Expand 10 before | Expand all | Expand 10 after
651 } 651 }
652 652
653 bool unused = false; 653 bool unused = false;
654 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused)) 654 if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused))
655 return false; 655 return false;
656 656
657 std::string pinning_failure_log; 657 std::string pinning_failure_log;
658 // DISABLE_PIN_REPORTS is set here because this check can fail in 658 // DISABLE_PIN_REPORTS is set here because this check can fail in
659 // normal operation without being indicative of a misconfiguration or 659 // normal operation without being indicative of a misconfiguration or
660 // attack. Port is left at 0 as it is never used. 660 // attack. Port is left at 0 as it is never used.
661 if (!transport_security_state->CheckPublicKeyPins( 661 if (ssl_info.is_issued_by_known_root &&
662 !transport_security_state->CheckPublicKeyPins(
662 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root, 663 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root,
663 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), 664 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(),
664 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS, 665 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS,
665 &pinning_failure_log)) { 666 &pinning_failure_log)) {
666 return false; 667 return false;
667 } 668 }
668 669
669 return true; 670 return true;
670 } 671 }
671 672
(...skipping 2717 matching lines...) Expand 10 before | Expand all | Expand 10 after
3389 if (!queue->empty()) { 3390 if (!queue->empty()) {
3390 SpdyStreamId stream_id = queue->front(); 3391 SpdyStreamId stream_id = queue->front();
3391 queue->pop_front(); 3392 queue->pop_front();
3392 return stream_id; 3393 return stream_id;
3393 } 3394 }
3394 } 3395 }
3395 return 0; 3396 return 0;
3396 } 3397 }
3397 3398
3398 } // namespace net 3399 } // namespace net
OLDNEW
« net/quic/crypto/proof_verifier_chromium.h ('K') | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698