net/url_request/url_request_http_job.cc - Issue 2084783002: Cleanup HPKP error handling and weak DH key handling

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/url_request/url_request_http_job.cc

Issue 2084783002: Cleanup HPKP error handling and weak DH key handling (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@require_ct_enforcer

Patch Set: Created 4 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/url_request/url_request_http_job.cc

diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc

index 73fe8fa0d6ae110f6e8884f19642dd173f75101f..336d798a5adf41a06d709ac578c74164926d15f9 100644

--- a/net/url_request/url_request_http_job.cc

+++ b/net/url_request/url_request_http_job.cc

@@ -1083,21 +1083,11 @@ void URLRequestHttpJob::OnStartCompleted(int result) {

SaveCookiesAndNotifyHeadersComplete(OK);

} else if (IsCertificateError(result)) {

// We encountered an SSL certificate error.

- if (result == ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY ||

- result == ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN) {

davidben 2016/06/21 00:14:12 To confirm, if result is ERR_SSL_PINNED_KEY_NOT_IN

Ryan Sleevi 2016/06/21 00:23:05 Correct. Tried to explain this in the description,

- // These are hard failures. They're handled separately and don't have

- // the correct cert status, so set it here.

- SSLInfo info(transaction_->GetResponseInfo()->ssl_info);

- info.cert_status = MapNetErrorToCertStatus(result);

- NotifySSLCertificateError(info, true);

- } else {

- // Maybe overridable, maybe not. Ask the delegate to decide.

- TransportSecurityState* state = context->transport_security_state();

- const bool fatal =

- state && state->ShouldSSLErrorsBeFatal(request_info_.url.host());

- NotifySSLCertificateError(

- transaction_->GetResponseInfo()->ssl_info, fatal);

- }

+ // Maybe overridable, maybe not. Ask the delegate to decide.

+ TransportSecurityState* state = context->transport_security_state();

+ NotifySSLCertificateError(

+ transaction_->GetResponseInfo()->ssl_info,

+ state->ShouldSSLErrorsBeFatal(request_info_.url.host()));

} else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {

NotifyCertificateRequested(

transaction_->GetResponseInfo()->cert_request_info.get());

« net/socket/ssl_client_socket_impl.cc ('K') | « net/socket/ssl_client_socket_impl.cc ('k') | no next file » | no next file with comments »