Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4022)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/io_thread.cc

Issue 2753123002: Add --ignore-certificate-errors-spki-list switch and UMA histogram. (Closed)
Patch Set: Move IgnoreErrorsCertVerifier to chrome/browser/ssl. Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/BUILD.gn ('k') | chrome/browser/ssl/ignore_errors_cert_verifier.h » ('j') | chrome/browser/ssl/ignore_errors_cert_verifier.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/io_thread.cc
diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index 11a0084276f89521e4aac2d0632c93fdf5ad31ba..8ef4bcf341866b58a2bc91d96e08df8fd5612faf 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc
@@ -39,6 +39,7 @@
#include "chrome/browser/net/dns_probe_service.h"
#include "chrome/browser/net/proxy_service_factory.h"
#include "chrome/browser/net/sth_distributor_provider.h"
+#include "chrome/browser/ssl/ignore_errors_cert_verifier.h"
#include "chrome/common/channel_info.h"
#include "chrome/common/chrome_content_client.h"
#include "chrome/common/chrome_switches.h"
@@ -581,7 +582,21 @@ void IOThread::Init() {
base::MakeUnique<net::MultiThreadedCertVerifier>(
new chromeos::CertVerifyProcChromeOS()));
#else
- globals_->cert_verifier = net::CertVerifier::CreateDefault();
+ if (command_line.HasSwitch(switches::kUserDataDir) &&
+ command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList)) {
+ auto spki_list =
+ base::SplitString(command_line.GetSwitchValueASCII(
+ switches::kIgnoreCertificateErrorsSPKIList),
+ ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_ALL);
+ globals_->cert_verifier = base::MakeUnique<IgnoreErrorsCertVerifier>(
+ net::CertVerifier::CreateDefault(),
+ IgnoreErrorsCertVerifier::MakeWhitelist(spki_list));
+ } else {
+ globals_->cert_verifier = net::CertVerifier::CreateDefault();
+ }
+ UMA_HISTOGRAM_BOOLEAN(
+ "Net.Certificate.kIgnoreCertificateErrorsSPKIList",
+ command_line.HasSwitch(switches::kIgnoreCertificateErrorsSPKIList));
#endif
globals_->transport_security_state.reset(new net::TransportSecurityState());
« no previous file with comments | « chrome/browser/BUILD.gn ('k') | chrome/browser/ssl/ignore_errors_cert_verifier.h » ('j') | chrome/browser/ssl/ignore_errors_cert_verifier.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698