components/ssl_errors/error_classification.h - Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation

Unified Diff: components/ssl_errors/error_classification.h

Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation (Closed)

Patch Set: Address Emily's feedback, add new histogram values. Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« chrome/browser/ssl/ssl_error_handler_unittest.cc ('K') | « chrome/browser/ssl/ssl_error_handler_unittest.cc ('k') | components/ssl_errors/error_classification.cc » ('j') | components/ssl_errors/error_classification_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/ssl_errors/error_classification.h

diff --git a/components/ssl_errors/error_classification.h b/components/ssl_errors/error_classification.h

index b8c472df6697f0607b8cd6b37185ed63fd3c3d9a..01f0460988ecd9934b32b131930bc039f406f432 100644

--- a/components/ssl_errors/error_classification.h

+++ b/components/ssl_errors/error_classification.h

@@ -28,6 +28,34 @@ typedef std::vector<std::string> HostnameTokens;

// Methods for identifying specific error causes. ------------------------------

+// Events for UMA. Do not reorder or change!

+enum SSLInterstitialCause {

+ CLOCK_PAST,

+ CLOCK_FUTURE,

+ WWW_SUBDOMAIN_MATCH, // Deprecated

+ SUBDOMAIN_MATCH, // Deprecated

+ SUBDOMAIN_INVERSE_MATCH, // Deprecated

+ SUBDOMAIN_OUTSIDE_WILDCARD, // Deprecated

+ HOST_NAME_NOT_KNOWN_TLD,

+ LIKELY_MULTI_TENANT_HOSTING, // Deprecated

+ LOCALHOST,

+ PRIVATE_URL,

+ AUTHORITY_ERROR_CAPTIVE_PORTAL, // Deprecated in M47.

+ SELF_SIGNED,

+ EXPIRED_RECENTLY,

+ LIKELY_SAME_DOMAIN, // Deprecated

+ // In Chrome 58, SubjectCN matching was deprecated, deprecating original

+ // metrics to be replaced with the 2-suffixed variants below.

+ NO_SUBJECT_ALT_NAMES,

+ WWW_SUBDOMAIN_MATCH2,

+ SUBDOMAIN_MATCH2,

+ SUBDOMAIN_INVERSE_MATCH2,

+ SUBDOMAIN_OUTSIDE_WILDCARD2,

+ LIKELY_MULTI_TENANT_HOSTING2,

+ LIKELY_SAME_DOMAIN2,

+ UNUSED_INTERSTITIAL_CAUSE_ENTRY,

+};

// What is known about the accuracy of system clock. Do not change or

// reorder; these values are used in an UMA histogram.

enum ClockState {

@@ -110,14 +138,9 @@ bool IsCertLikelyFromMultiTenantHosting(const GURL& request_url,

bool IsCertLikelyFromSameDomain(const GURL& request_url,

const net::X509Certificate& cert);

-// Returns true if the site's hostname differs from one of the DNS

-// names in the certificate (CN or SANs) only by the presence or

-// absence of the single-label prefix "www". E.g.: (The first domain

-// is hostname and the second domain is a DNS name in the certificate)

-// www.example.com ~ example.com -> true

-// example.com ~ www.example.com -> true

-// www.food.example.com ~ example.com -> false

-// mail.example.com ~ example.com -> false

+// Returns true if the site's hostname differs from one of the DNS names in

+// |dns_names| only by the presence or absence of the single-label prefix "www".

+// The matching name from the certificate is returned in |www_match_host_name|.

bool GetWWWSubDomainMatch(const GURL& request_url,

const std::vector<std::string>& dns_names,

std::string* www_match_host_name);