Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(116)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_http_job.cc

Issue 2084783002: Cleanup HPKP error handling and weak DH key handling (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@require_ct_enforcer
Patch Set: Davidben feedback Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 73fe8fa0d6ae110f6e8884f19642dd173f75101f..336d798a5adf41a06d709ac578c74164926d15f9 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -1083,21 +1083,11 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
SaveCookiesAndNotifyHeadersComplete(OK);
} else if (IsCertificateError(result)) {
// We encountered an SSL certificate error.
- if (result == ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY ||
- result == ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN) {
- // These are hard failures. They're handled separately and don't have
- // the correct cert status, so set it here.
- SSLInfo info(transaction_->GetResponseInfo()->ssl_info);
- info.cert_status = MapNetErrorToCertStatus(result);
- NotifySSLCertificateError(info, true);
- } else {
- // Maybe overridable, maybe not. Ask the delegate to decide.
- TransportSecurityState* state = context->transport_security_state();
- const bool fatal =
- state && state->ShouldSSLErrorsBeFatal(request_info_.url.host());
- NotifySSLCertificateError(
- transaction_->GetResponseInfo()->ssl_info, fatal);
- }
+ // Maybe overridable, maybe not. Ask the delegate to decide.
+ TransportSecurityState* state = context->transport_security_state();
estark 2016/06/21 00:29:24 Is this guaranteed to be non-null? The old code ha
Ryan Sleevi 2016/06/21 00:39:04 Yes. See the CL this depends on In particular, ht
estark 2016/06/21 00:49:06 Ahh, I see, I missed that that had landed. Thanks.
+ NotifySSLCertificateError(
+ transaction_->GetResponseInfo()->ssl_info,
+ state->ShouldSSLErrorsBeFatal(request_info_.url.host()));
} else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
NotifyCertificateRequested(
transaction_->GetResponseInfo()->cert_request_info.get());
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698