Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(108)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/ssl/ssl_error_handler.cc

Issue 2777383002: Update SSL error handling code to account for Subject CN deprecation (Closed)
Patch Set: Address Mark Feedback Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/ssl/ssl_error_handler.h ('k') | chrome/browser/ssl/ssl_error_handler_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/ssl/ssl_error_handler.cc
diff --git a/chrome/browser/ssl/ssl_error_handler.cc b/chrome/browser/ssl/ssl_error_handler.cc
index 316dfc7a87b874ad2ed2f45a32199a393157b789..12f5d3dccd8f92c753610be7efa4b06fc94e39d8 100644
--- a/chrome/browser/ssl/ssl_error_handler.cc
+++ b/chrome/browser/ssl/ssl_error_handler.cc
@@ -569,37 +569,38 @@ void SSLErrorHandler::StartHandlingError() {
}
#endif
- std::vector<std::string> dns_names;
- ssl_info_.cert->GetDNSNames(&dns_names);
- DCHECK(!dns_names.empty());
- GURL suggested_url;
if (IsSSLCommonNameMismatchHandlingEnabled() &&
cert_error_ == net::ERR_CERT_COMMON_NAME_INVALID &&
- delegate_->IsErrorOverridable() &&
- delegate_->GetSuggestedUrl(dns_names, &suggested_url)) {
- RecordUMA(WWW_MISMATCH_FOUND);
-
- // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
- // the only error. Need not check for captive portal in this case.
- // (See the comment below).
- if (!only_error_is_name_mismatch) {
- ShowSSLInterstitial();
+ delegate_->IsErrorOverridable()) {
+ std::vector<std::string> dns_names;
+ ssl_info_.cert->GetSubjectAltName(&dns_names, nullptr);
+ GURL suggested_url;
+ if (!dns_names.empty() &&
+ delegate_->GetSuggestedUrl(dns_names, &suggested_url)) {
+ RecordUMA(WWW_MISMATCH_FOUND_IN_SAN);
+
+ // Show the SSL interstitial if |CERT_STATUS_COMMON_NAME_INVALID| is not
+ // the only error. Need not check for captive portal in this case.
+ // (See the comment below).
+ if (!only_error_is_name_mismatch) {
+ ShowSSLInterstitial();
+ return;
+ }
+ delegate_->CheckSuggestedUrl(
+ suggested_url,
+ base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
+ weak_ptr_factory_.GetWeakPtr()));
+ timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this,
+ &SSLErrorHandler::ShowSSLInterstitial);
+
+ if (g_config.Pointer()->timer_started_callback())
+ g_config.Pointer()->timer_started_callback()->Run(web_contents_);
+
+ // Do not check for a captive portal in this case, because a captive
+ // portal most likely cannot serve a valid certificate which passes the
+ // similarity check.
return;
}
- delegate_->CheckSuggestedUrl(
- suggested_url,
- base::Bind(&SSLErrorHandler::CommonNameMismatchHandlerCallback,
- weak_ptr_factory_.GetWeakPtr()));
- timer_.Start(FROM_HERE, g_config.Pointer()->interstitial_delay(), this,
- &SSLErrorHandler::ShowSSLInterstitial);
-
- if (g_config.Pointer()->timer_started_callback())
- g_config.Pointer()->timer_started_callback()->Run(web_contents_);
-
- // Do not check for a captive portal in this case, because a captive
- // portal most likely cannot serve a valid certificate which passes the
- // similarity check.
- return;
}
// Always listen to captive portal notifications, otherwise build fails
« no previous file with comments | « chrome/browser/ssl/ssl_error_handler.h ('k') | chrome/browser/ssl/ssl_error_handler_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698