Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2776)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/ssl_error_handler.cc

Issue 2690333006: Captive portal certificate list should be checked when name mismatch is the only error (Closed)
Patch Set: Fix Android tests Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/ssl/ssl_browser_tests.cc ('k') | chrome/browser/ssl/ssl_error_handler_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/ssl_error_handler.cc
diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
index 0b852f403488cb5eec80bd6b263fc55242c701b2..22c1ba6caebb88025e0fb209829cfa2d7adf5114 100644
--- a/chrome/browser/ssl/ssl_error_handler.cc
+++ b/chrome/browser/ssl/ssl_error_handler.cc
@@ -547,9 +547,20 @@ void SSLErrorHandler::StartHandlingError() {
return;
}
+ const net::CertStatus non_name_mismatch_errors =
+ ssl_info_.cert_status ^ net::CERT_STATUS_COMMON_NAME_INVALID;
+ const bool only_error_is_name_mismatch =
+ cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID &&
+ (!net::IsCertStatusError(non_name_mismatch_errors) ||
+ net::IsCertStatusMinorError(ssl_info_.cert_status));
+
#if BUILDFLAG(ENABLE_CAPTIVE_PORTAL_DETECTION)
+ // Check known captive portal certificate list if the only error is
+ // name-mismatch. If there are multiple errors, it indicates that the captive
+ // portal landing page itself will have SSL errors, and so it's not a very
+ // helpful place to direct the user to go.
if (base::FeatureList::IsEnabled(kCaptivePortalCertificateList) &&
- cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID &&
+ only_error_is_name_mismatch &&
g_config.Pointer()->IsKnownCaptivePortalCert(ssl_info_)) {
RecordUMA(CAPTIVE_PORTAL_CERT_FOUND);
ShowCaptivePortalInterstitial(
@@ -567,14 +578,11 @@ void SSLErrorHandler::StartHandlingError() {
delegate_->IsErrorOverridable() &&
delegate_->GetSuggestedUrl(dns_names, &suggested_url)) {
RecordUMA(WWW_MISMATCH_FOUND);
- net::CertStatus extra_cert_errors =
- ssl_info_.cert_status ^ net::CERT_STATUS_COMMON_NAME_INVALID;
- // Show the SSL intersitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
+ // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
// the only error. Need not check for captive portal in this case.
// (See the comment below).
- if (net::IsCertStatusError(extra_cert_errors) &&
- !net::IsCertStatusMinorError(ssl_info_.cert_status)) {
+ if (!only_error_is_name_mismatch) {
ShowSSLInterstitial();
return;
}
« no previous file with comments | « chrome/browser/ssl/ssl_browser_tests.cc ('k') | chrome/browser/ssl/ssl_error_handler_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698