| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_policy.h" | 5 #include "chrome/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/singleton.h" | 7 #include "base/singleton.h" |
| 8 #include "base/string_piece.h" | 8 #include "base/string_piece.h" |
| 9 #include "base/string_util.h" | 9 #include "base/string_util.h" |
| 10 #include "chrome/browser/cert_store.h" | 10 #include "chrome/browser/cert_store.h" |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 311 // SSLBlockingPage::Delegate methods | 311 // SSLBlockingPage::Delegate methods |
| 312 | 312 |
| 313 SSLErrorInfo SSLPolicy::GetSSLErrorInfo(SSLManager::CertError* error) { | 313 SSLErrorInfo SSLPolicy::GetSSLErrorInfo(SSLManager::CertError* error) { |
| 314 return SSLErrorInfo::CreateError( | 314 return SSLErrorInfo::CreateError( |
| 315 SSLErrorInfo::NetErrorToErrorType(error->cert_error()), | 315 SSLErrorInfo::NetErrorToErrorType(error->cert_error()), |
| 316 error->ssl_info().cert, error->request_url()); | 316 error->ssl_info().cert, error->request_url()); |
| 317 } | 317 } |
| 318 | 318 |
| 319 void SSLPolicy::OnDenyCertificate(SSLManager::CertError* error) { | 319 void SSLPolicy::OnDenyCertificate(SSLManager::CertError* error) { |
| 320 // Default behavior for rejecting a certificate. | 320 // Default behavior for rejecting a certificate. |
| 321 error->CancelRequest(); | 321 // |
| 322 // While DenyCertForHost() executes synchronously on this thread, |
| 323 // CancelRequest() gets posted to a different thread. Calling |
| 324 // DenyCertForHost() first ensures deterministic ordering. |
| 322 error->manager()->DenyCertForHost(error->ssl_info().cert, | 325 error->manager()->DenyCertForHost(error->ssl_info().cert, |
| 323 error->request_url().host()); | 326 error->request_url().host()); |
| 327 error->CancelRequest(); |
| 324 } | 328 } |
| 325 | 329 |
| 326 void SSLPolicy::OnAllowCertificate(SSLManager::CertError* error) { | 330 void SSLPolicy::OnAllowCertificate(SSLManager::CertError* error) { |
| 327 // Default behavior for accepting a certificate. | 331 // Default behavior for accepting a certificate. |
| 328 // Note that we should not call SetMaxSecurityStyle here, because the active | 332 // Note that we should not call SetMaxSecurityStyle here, because the active |
| 329 // NavigationEntry has just been deleted (in HideInterstitialPage) and the | 333 // NavigationEntry has just been deleted (in HideInterstitialPage) and the |
| 330 // new NavigationEntry will not be set until DidNavigate. This is ok, | 334 // new NavigationEntry will not be set until DidNavigate. This is ok, |
| 331 // because the new NavigationEntry will have its max security style set | 335 // because the new NavigationEntry will have its max security style set |
| 332 // within DidNavigate. | 336 // within DidNavigate. |
| 333 error->ContinueRequest(); | 337 // |
| 338 // While AllowCertForHost() executes synchronously on this thread, |
| 339 // ContinueRequest() gets posted to a different thread. Calling |
| 340 // AllowCertForHost() first ensures deterministic ordering. |
| 334 error->manager()->AllowCertForHost(error->ssl_info().cert, | 341 error->manager()->AllowCertForHost(error->ssl_info().cert, |
| 335 error->request_url().host()); | 342 error->request_url().host()); |
| 343 error->ContinueRequest(); |
| 336 } | 344 } |
| 337 | 345 |
| 338 //////////////////////////////////////////////////////////////////////////////// | 346 //////////////////////////////////////////////////////////////////////////////// |
| 339 // Certificate Error Routines | 347 // Certificate Error Routines |
| 340 | 348 |
| 341 void SSLPolicy::OnOverridableCertError(SSLManager::CertError* error) { | 349 void SSLPolicy::OnOverridableCertError(SSLManager::CertError* error) { |
| 342 if (error->resource_type() != ResourceType::MAIN_FRAME) { | 350 if (error->resource_type() != ResourceType::MAIN_FRAME) { |
| 343 // A sub-resource has a certificate error. The user doesn't really | 351 // A sub-resource has a certificate error. The user doesn't really |
| 344 // have a context for making the right decision, so block the | 352 // have a context for making the right decision, so block the |
| 345 // request hard, without an info bar to allow showing the insecure | 353 // request hard, without an info bar to allow showing the insecure |
| 346 // content. | 354 // content. |
| 347 error->DenyRequest(); | 355 error->DenyRequest(); |
| 348 return; | 356 return; |
| 349 } | 357 } |
| 350 // We need to ask the user to approve this certificate. | 358 // We need to ask the user to approve this certificate. |
| 351 ShowBlockingPage(this, error); | 359 ShowBlockingPage(this, error); |
| 352 } | 360 } |
| 353 | 361 |
| 354 void SSLPolicy::OnFatalCertError(SSLManager::CertError* error) { | 362 void SSLPolicy::OnFatalCertError(SSLManager::CertError* error) { |
| 355 if (error->resource_type() != ResourceType::MAIN_FRAME) { | 363 if (error->resource_type() != ResourceType::MAIN_FRAME) { |
| 356 error->DenyRequest(); | 364 error->DenyRequest(); |
| 357 return; | 365 return; |
| 358 } | 366 } |
| 359 error->CancelRequest(); | 367 error->CancelRequest(); |
| 360 ShowErrorPage(this, error); | 368 ShowErrorPage(this, error); |
| 361 // No need to degrade our security indicators because we didn't continue. | 369 // No need to degrade our security indicators because we didn't continue. |
| 362 } | 370 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 43115:
Change the bad-certificate handler for SSL (using NSS) to return an... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/