content/browser/ssl/ssl_host_state.h - Issue 369703002: Remember user decisions on invalid certificates behind a flag

Unified Diff: content/browser/ssl/ssl_host_state.h

Issue 369703002: Remember user decisions on invalid certificates behind a flag (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fixed several bot compile errors Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « content/browser/download/download_manager_impl_unittest.cc ('k') | content/browser/ssl/ssl_host_state.cc » ('j') | content/public/browser/browser_context.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/browser/ssl/ssl_host_state.h

diff --git a/content/browser/ssl/ssl_host_state.h b/content/browser/ssl/ssl_host_state.h

index 820821786d31180066f21fdfb900f1b7dd9a7fbd..d1b6b0b21b1e48e1d6d1a0f528890e924513c180 100644

--- a/content/browser/ssl/ssl_host_state.h

+++ b/content/browser/ssl/ssl_host_state.h

@@ -17,8 +17,11 @@

#include "net/cert/cert_status_flags.h"

#include "net/cert/x509_certificate.h"

+class GURL;

namespace content {

class BrowserContext;

+class SSLHostStateDecisions;

// SSLHostState

@@ -27,11 +30,14 @@ class BrowserContext;

// particular broken cert for use with particular host. We separate this state

// from the SSLManager because this state is shared across many navigation

// controllers.

class CONTENT_EXPORT SSLHostState

: NON_EXPORTED_BASE(base::SupportsUserData::Data),

NON_EXPORTED_BASE(public base::NonThreadSafe) {

public:

+ // Contexts may specify a NULL certificate decision storage strategy. In that

+ // case, the returned SSLHostState from GetFor() will implement a default

+ // strategy of ignoring all exception requests and returning

+ // net::QueryPolicy::Judgment::UNKOWN from QueryPolicy().

static SSLHostState* GetFor(BrowserContext* browser_context);

SSLHostState();

@@ -46,21 +52,27 @@ class CONTENT_EXPORT SSLHostState

// Records that |cert| is not permitted to be used for |host| in the future,

// for a specified |error| type..

void DenyCertForHost(net::X509Certificate* cert,

- const std::string& host,

+ const GURL& url,

net::CertStatus error);

// Records that |cert| is permitted to be used for |host| in the future, for

// a specified |error| type.

void AllowCertForHost(net::X509Certificate* cert,

- const std::string& host,

+ const GURL& url,

net::CertStatus error);

+ // Revoke all allow/deny preferences for a given url. May close idle

+ // HTTP/HTTPS connections in the process.

+ void RevokeAllowAndDenyPreferences(const GURL& url);

+ bool HasAllowedOrDeniedCert(const GURL& url);

// Clear all allow/deny preferences.

void Clear();

net::CertPolicy::Judgment QueryPolicy(net::X509Certificate* cert,

- const std::string& host,

+ const GURL& url,

net::CertStatus error);

private:

@@ -73,8 +85,9 @@ class CONTENT_EXPORT SSLHostState

// same-origin frames in one processs but cannot jump between processes.

std::set<BrokenHostEntry> ran_insecure_content_hosts_;

- // Certificate policies for each host.

- std::map<std::string, net::CertPolicy> cert_policy_for_host_;

+ // The certificate decision store. It may be NULL, depending on the browsing

+ // context. This is owned by the browsing context.

+ SSLHostStateDecisions* decisions_;

DISALLOW_COPY_AND_ASSIGN(SSLHostState);

};