Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_impl.cc

Issue 2066603004: Return enum from TransportSecurityState::CheckPublicKeyPins (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Add DCHECK() Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/http/transport_security_state.cc ('K') | « net/quic/crypto/proof_verifier_chromium.cc ('k') | net/spdy/spdy_session.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_impl.h" 5 #include "net/socket/ssl_client_socket_impl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <openssl/bio.h> 8 #include <openssl/bio.h>
9 #include <openssl/bytestring.h> 9 #include <openssl/bytestring.h>
10 #include <openssl/err.h> 10 #include <openssl/err.h>
(...skipping 1314 matching lines...) Expand 10 before | Expand all | Expand 10 after
1325 if (result == OK) { 1325 if (result == OK) {
1326 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); 1326 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time);
1327 } else { 1327 } else {
1328 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); 1328 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
1329 } 1329 }
1330 } 1330 }
1331 1331
1332 const CertStatus cert_status = server_cert_verify_result_.cert_status; 1332 const CertStatus cert_status = server_cert_verify_result_.cert_status;
1333 if (transport_security_state_ && 1333 if (transport_security_state_ &&
1334 (result == OK || 1334 (result == OK ||
1335 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && 1335 (IsCertificateError(result) && IsCertStatusMinorError(cert_status)))) {
1336 !transport_security_state_->CheckPublicKeyPins( 1336 TransportSecurityState::PKPStatus pin_validity =
1337 host_and_port_, server_cert_verify_result_.is_issued_by_known_root, 1337 transport_security_state_->CheckPublicKeyPins(
1338 server_cert_verify_result_.public_key_hashes, server_cert_.get(), 1338 host_and_port_, server_cert_verify_result_.is_issued_by_known_root,
1339 server_cert_verify_result_.verified_cert.get(), 1339 server_cert_verify_result_.public_key_hashes, server_cert_.get(),
1340 TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) { 1340 server_cert_verify_result_.verified_cert.get(),
1341 if (server_cert_verify_result_.is_issued_by_known_root) 1341 TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_);
1342 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 1342 switch (pin_validity) {
1343 else 1343 case TransportSecurityState::PKPStatus::VIOLATED:
1344 pkp_bypassed_ = true; 1344 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
1345 break;
1346 case TransportSecurityState::PKPStatus::BYPASSED:
1347 pkp_bypassed_ = true;
1348 // Fall through.
1349 case TransportSecurityState::PKPStatus::OK:
1350 // Do nothing.
1351 break;
1352 }
1345 } 1353 }
1346 1354
1347 if (result == OK) { 1355 if (result == OK) {
1348 // Only check Certificate Transparency if there were no other errors with 1356 // Only check Certificate Transparency if there were no other errors with
1349 // the connection. 1357 // the connection.
1350 VerifyCT(); 1358 VerifyCT();
1351 1359
1352 DCHECK(!certificate_verified_); 1360 DCHECK(!certificate_verified_);
1353 certificate_verified_ = true; 1361 certificate_verified_ = true;
1354 MaybeCacheSession(); 1362 MaybeCacheSession();
(...skipping 955 matching lines...) Expand 10 before | Expand all | Expand 10 after
2310 if (rv != OK) { 2318 if (rv != OK) {
2311 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); 2319 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
2312 return; 2320 return;
2313 } 2321 }
2314 2322
2315 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, 2323 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT,
2316 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); 2324 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this)));
2317 } 2325 }
2318 2326
2319 } // namespace net 2327 } // namespace net
OLDNEW
« net/http/transport_security_state.cc ('K') | « net/quic/crypto/proof_verifier_chromium.cc ('k') | net/spdy/spdy_session.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698