Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1074)

Unified Diff: content/browser/ssl/ssl_host_state.h

Issue 369703002: Remember user decisions on invalid certificates behind a flag (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Updated with experimental groups Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/browser/ssl/ssl_host_state.h
diff --git a/content/browser/ssl/ssl_host_state.h b/content/browser/ssl/ssl_host_state.h
index 820821786d31180066f21fdfb900f1b7dd9a7fbd..f2c453d98c5dc068bc0882c78882475dbca135ce 100644
--- a/content/browser/ssl/ssl_host_state.h
+++ b/content/browser/ssl/ssl_host_state.h
@@ -17,8 +17,11 @@
#include "net/cert/cert_status_flags.h"
#include "net/cert/x509_certificate.h"
+class GURL;
+
namespace content {
class BrowserContext;
+class SSLHostStateDecisions;
// SSLHostState
//
@@ -27,7 +30,6 @@ class BrowserContext;
// particular broken cert for use with particular host. We separate this state
// from the SSLManager because this state is shared across many navigation
// controllers.
-
class CONTENT_EXPORT SSLHostState
: NON_EXPORTED_BASE(base::SupportsUserData::Data),
NON_EXPORTED_BASE(public base::NonThreadSafe) {
@@ -46,21 +48,27 @@ class CONTENT_EXPORT SSLHostState
// Records that |cert| is not permitted to be used for |host| in the future,
// for a specified |error| type..
void DenyCertForHost(net::X509Certificate* cert,
- const std::string& host,
+ const GURL& url,
net::CertStatus error);
// Records that |cert| is permitted to be used for |host| in the future, for
// a specified |error| type.
void AllowCertForHost(net::X509Certificate* cert,
- const std::string& host,
+ const GURL& url,
net::CertStatus error);
+ // Revoke all allow/deny preferences for a given url. May close idle
+ // HTTP/HTTPS connections in the process.
+ void RevokeAllowAndDenyPreferences(const GURL& url);
+
+ bool HasAllowedOrDeniedCert(const GURL& url);
+
// Clear all allow/deny preferences.
void Clear();
// Queries whether |cert| is allowed or denied for |host| and |error|.
net::CertPolicy::Judgment QueryPolicy(net::X509Certificate* cert,
- const std::string& host,
+ const GURL& url,
net::CertStatus error);
private:
@@ -73,8 +81,12 @@ class CONTENT_EXPORT SSLHostState
// same-origin frames in one processs but cannot jump between processes.
std::set<BrokenHostEntry> ran_insecure_content_hosts_;
- // Certificate policies for each host.
- std::map<std::string, net::CertPolicy> cert_policy_for_host_;
+ // BrowserContext that the state was created on.
+ BrowserContext* browser_context_;
Ryan Sleevi 2014/07/31 00:31:28 Given that SSLHostState SupportsUserData, should t
jww 2014/07/31 05:57:00 This is leftover from when CloseIdleSockets was pr
+
+ // The certificate decision store. It may be NULL, depending on the browsing
+ // context. This is owned by the browsing context.
+ SSLHostStateDecisions* decisions_;
DISALLOW_COPY_AND_ASSIGN(SSLHostState);
};

Powered by Google App Engine
This is Rietveld 408576698