Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(473)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/spdy/spdy_session.cc

Issue 2076363002: Introduce the ability to require CT for specific hosts (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@require_ct_enforcer
Patch Set: Android is weird Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/spdy/spdy_session_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/spdy/spdy_session.h" 5 #include "net/spdy/spdy_session.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <limits> 8 #include <limits>
9 #include <map> 9 #include <map>
10 #include <utility> 10 #include <utility>
(...skipping 13 matching lines...) Expand all
24 #include "base/strings/utf_string_conversions.h" 24 #include "base/strings/utf_string_conversions.h"
25 #include "base/threading/thread_task_runner_handle.h" 25 #include "base/threading/thread_task_runner_handle.h"
26 #include "base/time/time.h" 26 #include "base/time/time.h"
27 #include "base/trace_event/trace_event.h" 27 #include "base/trace_event/trace_event.h"
28 #include "base/values.h" 28 #include "base/values.h"
29 #include "crypto/ec_private_key.h" 29 #include "crypto/ec_private_key.h"
30 #include "crypto/ec_signature_creator.h" 30 #include "crypto/ec_signature_creator.h"
31 #include "net/base/proxy_delegate.h" 31 #include "net/base/proxy_delegate.h"
32 #include "net/cert/asn1_util.h" 32 #include "net/cert/asn1_util.h"
33 #include "net/cert/cert_verify_result.h" 33 #include "net/cert/cert_verify_result.h"
34 #include "net/cert/ct_policy_status.h"
34 #include "net/http/http_log_util.h" 35 #include "net/http/http_log_util.h"
35 #include "net/http/http_network_session.h" 36 #include "net/http/http_network_session.h"
36 #include "net/http/http_server_properties.h" 37 #include "net/http/http_server_properties.h"
37 #include "net/http/http_util.h" 38 #include "net/http/http_util.h"
38 #include "net/http/transport_security_state.h" 39 #include "net/http/transport_security_state.h"
39 #include "net/log/net_log.h" 40 #include "net/log/net_log.h"
40 #include "net/proxy/proxy_server.h" 41 #include "net/proxy/proxy_server.h"
41 #include "net/socket/ssl_client_socket.h" 42 #include "net/socket/ssl_client_socket.h"
42 #include "net/spdy/spdy_buffer_producer.h" 43 #include "net/spdy/spdy_buffer_producer.h"
43 #include "net/spdy/spdy_frame_builder.h" 44 #include "net/spdy/spdy_frame_builder.h"
(...skipping 616 matching lines...) Expand 10 before | Expand all | Expand 10 after
660 // attack. Port is left at 0 as it is never used. 661 // attack. Port is left at 0 as it is never used.
661 if (transport_security_state->CheckPublicKeyPins( 662 if (transport_security_state->CheckPublicKeyPins(
662 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root, 663 HostPortPair(new_hostname, 0), ssl_info.is_issued_by_known_root,
663 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(), 664 ssl_info.public_key_hashes, ssl_info.unverified_cert.get(),
664 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS, 665 ssl_info.cert.get(), TransportSecurityState::DISABLE_PIN_REPORTS,
665 &pinning_failure_log) == 666 &pinning_failure_log) ==
666 TransportSecurityState::PKPStatus::VIOLATED) { 667 TransportSecurityState::PKPStatus::VIOLATED) {
667 return false; 668 return false;
668 } 669 }
669 670
671 if (ssl_info.ct_cert_policy_compliance !=
672 ct::CertPolicyCompliance::CERT_POLICY_COMPLIES_VIA_SCTS &&
673 transport_security_state->ShouldRequireCT(
674 new_hostname, ssl_info.cert.get(), ssl_info.public_key_hashes)) {
675 return false;
676 }
677
670 return true; 678 return true;
671 } 679 }
672 680
673 SpdySession::SpdySession(const SpdySessionKey& spdy_session_key, 681 SpdySession::SpdySession(const SpdySessionKey& spdy_session_key,
674 HttpServerProperties* http_server_properties, 682 HttpServerProperties* http_server_properties,
675 TransportSecurityState* transport_security_state, 683 TransportSecurityState* transport_security_state,
676 bool verify_domain_authentication, 684 bool verify_domain_authentication,
677 bool enable_sending_initial_data, 685 bool enable_sending_initial_data,
678 bool enable_ping_based_connection_checking, 686 bool enable_ping_based_connection_checking,
679 bool enable_priority_dependencies, 687 bool enable_priority_dependencies,
(...skipping 2709 matching lines...) Expand 10 before | Expand all | Expand 10 after
3389 if (!queue->empty()) { 3397 if (!queue->empty()) {
3390 SpdyStreamId stream_id = queue->front(); 3398 SpdyStreamId stream_id = queue->front();
3391 queue->pop_front(); 3399 queue->pop_front();
3392 return stream_id; 3400 return stream_id;
3393 } 3401 }
3394 } 3402 }
3395 return 0; 3403 return 0;
3396 } 3404 }
3397 3405
3398 } // namespace net 3406 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/spdy/spdy_session_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698