| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_error_handler.h" | 5 #include "chrome/browser/ssl/ssl_error_handler.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 #include <unordered_set> | 8 #include <unordered_set> |
| 9 #include <utility> | 9 #include <utility> |
| 10 | 10 |
| (...skipping 492 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 503 | 503 |
| 504 // static | 504 // static |
| 505 std::string SSLErrorHandler::GetHistogramNameForTesting() { | 505 std::string SSLErrorHandler::GetHistogramNameForTesting() { |
| 506 return kHistogram; | 506 return kHistogram; |
| 507 } | 507 } |
| 508 | 508 |
| 509 bool SSLErrorHandler::IsTimerRunningForTesting() const { | 509 bool SSLErrorHandler::IsTimerRunningForTesting() const { |
| 510 return timer_.IsRunning(); | 510 return timer_.IsRunning(); |
| 511 } | 511 } |
| 512 | 512 |
| 513 int SSLErrorHandler::cert_error_for_testing() const { |
| 514 return cert_error_; |
| 515 } |
| 516 |
| 513 void SSLErrorHandler::SetErrorAssistantProto( | 517 void SSLErrorHandler::SetErrorAssistantProto( |
| 514 std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> config_proto) { | 518 std::unique_ptr<chrome_browser_ssl::SSLErrorAssistantConfig> config_proto) { |
| 515 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) | 519 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| 516 g_config.Pointer()->SetErrorAssistantProto(std::move(config_proto)); | 520 g_config.Pointer()->SetErrorAssistantProto(std::move(config_proto)); |
| 517 #endif | 521 #endif |
| 518 } | 522 } |
| 519 | 523 |
| 520 SSLErrorHandler::SSLErrorHandler( | 524 SSLErrorHandler::SSLErrorHandler( |
| 521 std::unique_ptr<Delegate> delegate, | 525 std::unique_ptr<Delegate> delegate, |
| 522 content::WebContents* web_contents, | 526 content::WebContents* web_contents, |
| (...skipping 17 matching lines...) Expand all Loading... |
| 540 | 544 |
| 541 void SSLErrorHandler::StartHandlingError() { | 545 void SSLErrorHandler::StartHandlingError() { |
| 542 RecordUMA(HANDLE_ALL); | 546 RecordUMA(HANDLE_ALL); |
| 543 | 547 |
| 544 if (ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error_) == | 548 if (ssl_errors::ErrorInfo::NetErrorToErrorType(cert_error_) == |
| 545 ssl_errors::ErrorInfo::CERT_DATE_INVALID) { | 549 ssl_errors::ErrorInfo::CERT_DATE_INVALID) { |
| 546 HandleCertDateInvalidError(); | 550 HandleCertDateInvalidError(); |
| 547 return; | 551 return; |
| 548 } | 552 } |
| 549 | 553 |
| 554 const net::CertStatus non_name_mismatch_errors = |
| 555 ssl_info_.cert_status ^ net::CERT_STATUS_COMMON_NAME_INVALID; |
| 556 const bool only_error_is_name_mismatch = |
| 557 cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID && |
| 558 (!net::IsCertStatusError(non_name_mismatch_errors) || |
| 559 net::IsCertStatusMinorError(ssl_info_.cert_status)); |
| 560 |
| 550 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) | 561 #if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION) |
| 562 // Check known captive portal certificate list if the only error is |
| 563 // name-mismatch. |
| 551 if (base::FeatureList::IsEnabled(kCaptivePortalCertificateList) && | 564 if (base::FeatureList::IsEnabled(kCaptivePortalCertificateList) && |
| 552 cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID && | 565 only_error_is_name_mismatch && |
| 553 g_config.Pointer()->IsKnownCaptivePortalCert(ssl_info_)) { | 566 g_config.Pointer()->IsKnownCaptivePortalCert(ssl_info_)) { |
| 554 RecordUMA(CAPTIVE_PORTAL_CERT_FOUND); | 567 RecordUMA(CAPTIVE_PORTAL_CERT_FOUND); |
| 555 ShowCaptivePortalInterstitial( | 568 ShowCaptivePortalInterstitial( |
| 556 GURL(captive_portal::CaptivePortalDetector::kDefaultURL)); | 569 GURL(captive_portal::CaptivePortalDetector::kDefaultURL)); |
| 557 return; | 570 return; |
| 558 } | 571 } |
| 559 #endif | 572 #endif |
| 560 | 573 |
| 561 std::vector<std::string> dns_names; | 574 std::vector<std::string> dns_names; |
| 562 ssl_info_.cert->GetDNSNames(&dns_names); | 575 ssl_info_.cert->GetDNSNames(&dns_names); |
| 563 DCHECK(!dns_names.empty()); | 576 DCHECK(!dns_names.empty()); |
| 564 GURL suggested_url; | 577 GURL suggested_url; |
| 565 if (IsSSLCommonNameMismatchHandlingEnabled() && | 578 if (IsSSLCommonNameMismatchHandlingEnabled() && |
| 566 cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID && | 579 cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID && |
| 567 delegate_->IsErrorOverridable() && | 580 delegate_->IsErrorOverridable() && |
| 568 delegate_->GetSuggestedUrl(dns_names, &suggested_url)) { | 581 delegate_->GetSuggestedUrl(dns_names, &suggested_url)) { |
| 569 RecordUMA(WWW_MISMATCH_FOUND); | 582 RecordUMA(WWW_MISMATCH_FOUND); |
| 570 net::CertStatus extra_cert_errors = | |
| 571 ssl_info_.cert_status ^ net::CERT_STATUS_COMMON_NAME_INVALID; | |
| 572 | 583 |
| 573 // Show the SSL intersitial if |CERT_STATUS_COMMON_NAME_INVALID| is not | 584 // Show the SSL intersitial if |CERT_STATUS_COMMON_NAME_INVALID| is not |
| 574 // the only error. Need not check for captive portal in this case. | 585 // the only error. Need not check for captive portal in this case. |
| 575 // (See the comment below). | 586 // (See the comment below). |
| 576 if (net::IsCertStatusError(extra_cert_errors) && | 587 if (!only_error_is_name_mismatch) { |
| 577 !net::IsCertStatusMinorError(ssl_info_.cert_status)) { | |
| 578 ShowSSLInterstitial(); | 588 ShowSSLInterstitial(); |
| 579 return; | 589 return; |
| 580 } | 590 } |
| 581 delegate_->CheckSuggestedUrl( | 591 delegate_->CheckSuggestedUrl( |
| 582 suggested_url, | 592 suggested_url, |
| 583 base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback, | 593 base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback, |
| 584 weak_ptr_factory_.GetWeakPtr())); | 594 weak_ptr_factory_.GetWeakPtr())); |
| 585 timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this, | 595 timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this, |
| 586 &SSLErrorHandler::ShowSSLInterstitial); | 596 &SSLErrorHandler::ShowSSLInterstitial); |
| 587 | 597 |
| (...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 760 network_time::NetworkTimeTracker* tracker = | 770 network_time::NetworkTimeTracker* tracker = |
| 761 g_config.Pointer()->network_time_tracker(); | 771 g_config.Pointer()->network_time_tracker(); |
| 762 ssl_errors::ClockState clock_state = ssl_errors::GetClockState(now, tracker); | 772 ssl_errors::ClockState clock_state = ssl_errors::GetClockState(now, tracker); |
| 763 if (clock_state == ssl_errors::CLOCK_STATE_FUTURE || | 773 if (clock_state == ssl_errors::CLOCK_STATE_FUTURE || |
| 764 clock_state == ssl_errors::CLOCK_STATE_PAST) { | 774 clock_state == ssl_errors::CLOCK_STATE_PAST) { |
| 765 ShowBadClockInterstitial(now, clock_state); | 775 ShowBadClockInterstitial(now, clock_state); |
| 766 return; // |this| is deleted after showing the interstitial. | 776 return; // |this| is deleted after showing the interstitial. |
| 767 } | 777 } |
| 768 ShowSSLInterstitial(); | 778 ShowSSLInterstitial(); |
| 769 } | 779 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2690333006:
Captive portal certificate list should be checked when name mismatch is the only error (Closed)
