OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "chrome/browser/io_thread.h" | 5 #include "chrome/browser/io_thread.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/base64.h" | 10 #include "base/base64.h" |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
68 #include "net/base/host_mapping_rules.h" | 68 #include "net/base/host_mapping_rules.h" |
69 #include "net/base/logging_network_change_observer.h" | 69 #include "net/base/logging_network_change_observer.h" |
70 #include "net/base/sdch_manager.h" | 70 #include "net/base/sdch_manager.h" |
71 #include "net/cert/caching_cert_verifier.h" | 71 #include "net/cert/caching_cert_verifier.h" |
72 #include "net/cert/cert_verifier.h" | 72 #include "net/cert/cert_verifier.h" |
73 #include "net/cert/cert_verify_proc.h" | 73 #include "net/cert/cert_verify_proc.h" |
74 #include "net/cert/ct_known_logs.h" | 74 #include "net/cert/ct_known_logs.h" |
75 #include "net/cert/ct_log_verifier.h" | 75 #include "net/cert/ct_log_verifier.h" |
76 #include "net/cert/ct_policy_enforcer.h" | 76 #include "net/cert/ct_policy_enforcer.h" |
77 #include "net/cert/ct_verifier.h" | 77 #include "net/cert/ct_verifier.h" |
78 #include "net/cert/ignore_errors_cert_verifier.h" | |
78 #include "net/cert/multi_log_ct_verifier.h" | 79 #include "net/cert/multi_log_ct_verifier.h" |
79 #include "net/cert/multi_threaded_cert_verifier.h" | 80 #include "net/cert/multi_threaded_cert_verifier.h" |
80 #include "net/cert/sth_distributor.h" | 81 #include "net/cert/sth_distributor.h" |
81 #include "net/cert/sth_observer.h" | 82 #include "net/cert/sth_observer.h" |
82 #include "net/cookies/cookie_store.h" | 83 #include "net/cookies/cookie_store.h" |
83 #include "net/dns/host_cache.h" | 84 #include "net/dns/host_cache.h" |
84 #include "net/dns/host_resolver.h" | 85 #include "net/dns/host_resolver.h" |
85 #include "net/dns/mapped_host_resolver.h" | 86 #include "net/dns/mapped_host_resolver.h" |
86 #include "net/http/http_auth_filter.h" | 87 #include "net/http/http_auth_filter.h" |
87 #include "net/http/http_auth_handler_factory.h" | 88 #include "net/http/http_auth_handler_factory.h" |
(...skipping 486 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
574 std::move(external_estimate_provider), network_quality_estimator_params, | 575 std::move(external_estimate_provider), network_quality_estimator_params, |
575 net_log_)); | 576 net_log_)); |
576 | 577 |
577 UpdateDnsClientEnabled(); | 578 UpdateDnsClientEnabled(); |
578 #if defined(OS_CHROMEOS) | 579 #if defined(OS_CHROMEOS) |
579 // Creates a CertVerifyProc that doesn't allow any profile-provided certs. | 580 // Creates a CertVerifyProc that doesn't allow any profile-provided certs. |
580 globals_->cert_verifier = base::MakeUnique<net::CachingCertVerifier>( | 581 globals_->cert_verifier = base::MakeUnique<net::CachingCertVerifier>( |
581 base::MakeUnique<net::MultiThreadedCertVerifier>( | 582 base::MakeUnique<net::MultiThreadedCertVerifier>( |
582 new chromeos::CertVerifyProcChromeOS())); | 583 new chromeos::CertVerifyProcChromeOS())); |
583 #else | 584 #else |
584 globals_->cert_verifier = net::CertVerifier::CreateDefault(); | 585 if (command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)) { |
Ryan Sleevi
2017/04/07 16:08:05
I wasn't sure, but I thought you were thinking --u
martinkr
2017/04/07 21:40:57
Yup, forgot about this. Done (and updated the flag
| |
586 auto spki_list = | |
587 base::SplitString(command_line.GetSwitchValueASCII( | |
588 switches::kIgnoreCertificateErrorsSPKIList), | |
589 ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL); | |
590 globals_->cert_verifier = base::MakeUnique<net::IgnoreErrorsCertVerifier>( | |
591 net::CertVerifier::CreateDefault(), | |
592 net::IgnoreErrorsCertVerifier::MakeWhitelist(spki_list)); | |
Ryan Sleevi
2017/04/07 16:08:05
This removes the command-line validation aspect, r
martinkr
2017/04/07 21:40:57
MakeWhitelist has the same "validation" as before,
| |
593 } else { | |
594 globals_->cert_verifier = net::CertVerifier::CreateDefault(); | |
595 } | |
596 UMA_HISTOGRAM_BOOLEAN( | |
597 "Net.Certificate.kIgnoreCertificateErrorsSPKIList", | |
598 command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)); | |
585 #endif | 599 #endif |
586 | 600 |
587 globals_->transport_security_state.reset(new net::TransportSecurityState()); | 601 globals_->transport_security_state.reset(new net::TransportSecurityState()); |
588 | 602 |
589 std::vector<scoped_refptr<const net::CTLogVerifier>> ct_logs( | 603 std::vector<scoped_refptr<const net::CTLogVerifier>> ct_logs( |
590 net::ct::CreateLogVerifiersForKnownLogs()); | 604 net::ct::CreateLogVerifiersForKnownLogs()); |
591 | 605 |
592 globals_->ct_logs.assign(ct_logs.begin(), ct_logs.end()); | 606 globals_->ct_logs.assign(ct_logs.begin(), ct_logs.end()); |
593 | 607 |
594 net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier(); | 608 net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier(); |
(...skipping 517 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1112 | 1126 |
1113 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the | 1127 // TODO(rtenneti): We should probably use HttpServerPropertiesManager for the |
1114 // system URLRequestContext too. There's no reason this should be tied to a | 1128 // system URLRequestContext too. There's no reason this should be tied to a |
1115 // profile. | 1129 // profile. |
1116 return context; | 1130 return context; |
1117 } | 1131 } |
1118 | 1132 |
1119 metrics::UpdateUsagePrefCallbackType IOThread::GetMetricsDataUseForwarder() { | 1133 metrics::UpdateUsagePrefCallbackType IOThread::GetMetricsDataUseForwarder() { |
1120 return base::Bind(&UpdateMetricsUsagePrefsOnUIThread); | 1134 return base::Bind(&UpdateMetricsUsagePrefsOnUIThread); |
1121 } | 1135 } |
OLD | NEW |