Chromium Code Reviews Chromium Code Reviews
Issue 2928653002:
[Cronet-iOS] Public-Key-Pinning Tests (Closed)
| Index: components/cronet/ios/cronet_environment.mm |
| diff --git a/components/cronet/ios/cronet_environment.mm b/components/cronet/ios/cronet_environment.mm |
| index b9d36033029076f79029ba6e18313fe2a8dae7ba..326bb88d7091335582c8993ff135eae02fd6a9e1 100644 |
| --- a/components/cronet/ios/cronet_environment.mm |
| +++ b/components/cronet/ios/cronet_environment.mm |
| @@ -300,10 +300,18 @@ void CronetEnvironment::InitializeOnNetworkThread() { |
| std::unique_ptr<URLRequestContextConfig> config = |
| context_config_builder.Build(); |
| + config->pkp_list = std::move(pkp_list_); |
| + |
| net::URLRequestContextBuilder context_builder; |
| context_builder.set_accept_language(accept_language_); |
| + // Explicitly disable the persister for Cronet to avoid persistence of dynamic |
| + // HPKP. This is a safety measure ensuring that nobody enables the |
| + // persistence of HPKP by specifying transport_security_persister_path in the |
| + // future. |
| + context_builder.set_transport_security_persister_path(base::FilePath()); |
| + |
| config->ConfigureURLRequestContextBuilder(&context_builder, net_log_.get(), |
|
mef
2017/06/19 15:02:33
So, ConfigureURLRequestContextBuilder doesn't use
kapishnikov
2017/06/19 18:32:48
Filed a follow up bug: http://crbug.com/734634
|
| file_thread_.get()->task_runner()); |
| @@ -337,6 +345,14 @@ void CronetEnvironment::InitializeOnNetworkThread() { |
| context_builder.SetHttpServerProperties(std::move(http_server_properties)); |
| main_context_ = context_builder.Build(); |
| + |
| + // Iterate through PKP configuration for every host. |
| + for (auto* const pkp : config->pkp_list) { |
| + // Add the host pinning. |
| + main_context_->transport_security_state()->AddHPKP( |
| + pkp->host, pkp->expiration_date, pkp->include_subdomains, |
| + pkp->pin_hashes, GURL::EmptyGURL()); |
| + } |
| } |
| std::string CronetEnvironment::user_agent() { |
