Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(993)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/transport_security_state.cc

Issue 2587243002: Do not do Expect-Staple when OCSPVerifyResult has not been populated (Closed)
Patch Set: sleevi comments; revert to not sending reports on cert errors Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ocsp_verify_result.h ('k') | net/url_request/url_request_unittest.cc » ('j') | net/url_request/url_request_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/transport_security_state.h" 5 #include "net/http/transport_security_state.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <memory> 8 #include <memory>
9 #include <utility> 9 #include <utility>
10 #include <vector> 10 #include <vector>
(...skipping 627 matching lines...) Expand 10 before | Expand all | Expand 10 after
638 } 638 }
639 639
640 return found; 640 return found;
641 } 641 }
642 642
643 // Serializes an OCSPVerifyResult::ResponseStatus to a string enum, suitable for 643 // Serializes an OCSPVerifyResult::ResponseStatus to a string enum, suitable for
644 // the |response-status| field in an Expect-Staple report. 644 // the |response-status| field in an Expect-Staple report.
645 std::string SerializeExpectStapleResponseStatus( 645 std::string SerializeExpectStapleResponseStatus(
646 OCSPVerifyResult::ResponseStatus status) { 646 OCSPVerifyResult::ResponseStatus status) {
647 switch (status) { 647 switch (status) {
648 case OCSPVerifyResult::NOT_CHECKED:
649 // Reports shouldn't be sent for this response status.
650 NOTREACHED();
651 return "NOT_CHECKED";
648 case OCSPVerifyResult::MISSING: 652 case OCSPVerifyResult::MISSING:
649 return "MISSING"; 653 return "MISSING";
650 case OCSPVerifyResult::PROVIDED: 654 case OCSPVerifyResult::PROVIDED:
651 return "PROVIDED"; 655 return "PROVIDED";
652 case OCSPVerifyResult::ERROR_RESPONSE: 656 case OCSPVerifyResult::ERROR_RESPONSE:
653 return "ERROR_RESPONSE"; 657 return "ERROR_RESPONSE";
654 case OCSPVerifyResult::BAD_PRODUCED_AT: 658 case OCSPVerifyResult::BAD_PRODUCED_AT:
655 return "BAD_PRODUCED_AT"; 659 return "BAD_PRODUCED_AT";
656 case OCSPVerifyResult::NO_MATCHING_RESPONSE: 660 case OCSPVerifyResult::NO_MATCHING_RESPONSE:
657 return "NO_MATCHING_RESPONSE"; 661 return "NO_MATCHING_RESPONSE";
658 case OCSPVerifyResult::INVALID_DATE: 662 case OCSPVerifyResult::INVALID_DATE:
659 return "INVALID_DATE"; 663 return "INVALID_DATE";
660 case OCSPVerifyResult::PARSE_RESPONSE_ERROR: 664 case OCSPVerifyResult::PARSE_RESPONSE_ERROR:
661 return "PARSE_RESPONSE_ERROR"; 665 return "PARSE_RESPONSE_ERROR";
662 case OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR: 666 case OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR:
663 return "PARSE_RESPONSE_DATA_ERROR"; 667 return "PARSE_RESPONSE_DATA_ERROR";
664 } 668 }
669 NOTREACHED();
665 return std::string(); 670 return std::string();
666 } 671 }
667 672
668 // Serializes an OCSPRevocationStatus to a string enum, suitable for the 673 // Serializes an OCSPRevocationStatus to a string enum, suitable for the
669 // |cert-status| field in an Expect-Staple report. 674 // |cert-status| field in an Expect-Staple report.
670 std::string SerializeExpectStapleRevocationStatus( 675 std::string SerializeExpectStapleRevocationStatus(
671 const OCSPRevocationStatus& status) { 676 const OCSPRevocationStatus& status) {
672 switch (status) { 677 switch (status) {
673 case OCSPRevocationStatus::GOOD: 678 case OCSPRevocationStatus::GOOD:
674 return "GOOD"; 679 return "GOOD";
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after
796 return; 801 return;
797 } 802 }
798 803
799 // Determine if the host is on the Expect-Staple preload list. If the build is 804 // Determine if the host is on the Expect-Staple preload list. If the build is
800 // not timely (i.e. the preload list is not fresh), this will fail and return 805 // not timely (i.e. the preload list is not fresh), this will fail and return
801 // false. 806 // false.
802 ExpectStapleState expect_staple_state; 807 ExpectStapleState expect_staple_state;
803 if (!GetStaticExpectStapleState(host_port_pair.host(), &expect_staple_state)) 808 if (!GetStaticExpectStapleState(host_port_pair.host(), &expect_staple_state))
804 return; 809 return;
805 810
806 // No report needed if a stapled OCSP response was provided. 811 // No report needed if OCSP details were not checked on this connection.
812 if (ssl_info.ocsp_result.response_status == OCSPVerifyResult::NOT_CHECKED)
813 return;
814
815 // No report needed if a stapled OCSP response was provided and it was valid.
807 if (ssl_info.ocsp_result.response_status == OCSPVerifyResult::PROVIDED && 816 if (ssl_info.ocsp_result.response_status == OCSPVerifyResult::PROVIDED &&
808 ssl_info.ocsp_result.revocation_status == OCSPRevocationStatus::GOOD) { 817 ssl_info.ocsp_result.revocation_status == OCSPRevocationStatus::GOOD) {
809 return; 818 return;
810 } 819 }
811 820
812 std::string serialized_report; 821 std::string serialized_report;
813 if (!SerializeExpectStapleReport(host_port_pair, ssl_info, ocsp_response, 822 if (!SerializeExpectStapleReport(host_port_pair, ssl_info, ocsp_response,
814 &serialized_report)) { 823 &serialized_report)) {
815 return; 824 return;
816 } 825 }
(...skipping 828 matching lines...) Expand 10 before | Expand all | Expand 10 after
1645 TransportSecurityState::PKPStateIterator::PKPStateIterator( 1654 TransportSecurityState::PKPStateIterator::PKPStateIterator(
1646 const TransportSecurityState& state) 1655 const TransportSecurityState& state)
1647 : iterator_(state.enabled_pkp_hosts_.begin()), 1656 : iterator_(state.enabled_pkp_hosts_.begin()),
1648 end_(state.enabled_pkp_hosts_.end()) { 1657 end_(state.enabled_pkp_hosts_.end()) {
1649 } 1658 }
1650 1659
1651 TransportSecurityState::PKPStateIterator::~PKPStateIterator() { 1660 TransportSecurityState::PKPStateIterator::~PKPStateIterator() {
1652 } 1661 }
1653 1662
1654 } // namespace 1663 } // namespace
OLDNEW
« no previous file with comments | « net/cert/ocsp_verify_result.h ('k') | net/url_request/url_request_unittest.cc » ('j') | net/url_request/url_request_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698