OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_stream_factory_impl_job.h" | 5 #include "net/http/http_stream_factory_impl_job.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 1510 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1521 // RestartIgnoringLastError(). And the user will be asked interactively | 1521 // RestartIgnoringLastError(). And the user will be asked interactively |
1522 // before RestartIgnoringLastError() is ever called. | 1522 // before RestartIgnoringLastError() is ever called. |
1523 server_ssl_config_.allowed_bad_certs.emplace_back(ssl_info_.cert, | 1523 server_ssl_config_.allowed_bad_certs.emplace_back(ssl_info_.cert, |
1524 ssl_info_.cert_status); | 1524 ssl_info_.cert_status); |
1525 | 1525 |
1526 int load_flags = request_info_.load_flags; | 1526 int load_flags = request_info_.load_flags; |
1527 if (session_->params().ignore_certificate_errors) | 1527 if (session_->params().ignore_certificate_errors) |
1528 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; | 1528 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; |
1529 if (ssl_socket->IgnoreCertError(error, load_flags)) | 1529 if (ssl_socket->IgnoreCertError(error, load_flags)) |
1530 return OK; | 1530 return OK; |
1531 | |
1532 // Ignore errors for certificates that chain up to switch-whitelisted certs. | |
1533 if (!session_->params().ignore_certificate_error_spki_list.empty()) { | |
1534 // TODO(martinkr): Should we also include check the chain constructed by NSS | |
1535 // in case validation was successful (i.e. ssl_config_.public_key_hashes)? | |
Ryan Sleevi
2017/03/16 23:19:14
I'm not sure why we would - but did I miss somethi
martinkr
2017/03/28 23:16:02
I guess it might be possible that the cert validat
| |
1536 HashValueVector hashes; | |
1537 hashes.push_back( | |
1538 HashValue(net::X509Certificate::CalculatePublicKeyHashSHA256( | |
1539 ssl_info_.unverified_cert->os_cert_handle()))); | |
1540 for (const net::X509Certificate::OSCertHandle& intermediate : | |
1541 ssl_info_.unverified_cert->GetIntermediateCertificates()) { | |
1542 hashes.push_back(HashValue( | |
1543 // Does this need a non-NSS implementation? | |
1544 net::X509Certificate::CalculatePublicKeyHashSHA256(intermediate))); | |
1545 } | |
1546 for (const HashValue& hash : hashes) { | |
1547 const std::string spki = hash.ToString().substr(7); // Strip 'sha256/'. | |
Ryan Sleevi
2017/03/16 23:19:14
This ends up forcing multiple string allocation/co
martinkr
2017/03/28 23:16:02
I just assumed these sets to be tiny in all cases,
| |
1548 if (session_->params().ignore_certificate_error_spki_list.find(spki) != | |
1549 session_->params().ignore_certificate_error_spki_list.end()) { | |
1550 return OK; | |
1551 } | |
1552 } | |
1553 } | |
1554 | |
1531 return error; | 1555 return error; |
1532 } | 1556 } |
1533 | 1557 |
1534 ClientSocketPoolManager::SocketGroupType | 1558 ClientSocketPoolManager::SocketGroupType |
1535 HttpStreamFactoryImpl::Job::GetSocketGroup() const { | 1559 HttpStreamFactoryImpl::Job::GetSocketGroup() const { |
1536 std::string scheme = origin_url_.scheme(); | 1560 std::string scheme = origin_url_.scheme(); |
1537 if (scheme == url::kHttpsScheme || scheme == url::kWssScheme) | 1561 if (scheme == url::kHttpsScheme || scheme == url::kWssScheme) |
1538 return ClientSocketPoolManager::SSL_GROUP; | 1562 return ClientSocketPoolManager::SSL_GROUP; |
1539 | 1563 |
1540 if (scheme == url::kFtpScheme) | 1564 if (scheme == url::kFtpScheme) |
(...skipping 14 matching lines...) Expand all Loading... | |
1555 | 1579 |
1556 ConnectionAttempts socket_attempts = connection_->connection_attempts(); | 1580 ConnectionAttempts socket_attempts = connection_->connection_attempts(); |
1557 if (connection_->socket()) { | 1581 if (connection_->socket()) { |
1558 connection_->socket()->GetConnectionAttempts(&socket_attempts); | 1582 connection_->socket()->GetConnectionAttempts(&socket_attempts); |
1559 } | 1583 } |
1560 | 1584 |
1561 delegate_->AddConnectionAttemptsToRequest(this, socket_attempts); | 1585 delegate_->AddConnectionAttemptsToRequest(this, socket_attempts); |
1562 } | 1586 } |
1563 | 1587 |
1564 } // namespace net | 1588 } // namespace net |
OLD | NEW |