Chromium Code Reviews Chromium Code Reviews
Issue 433123003:
Centralize the logic for checking public key pins (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: net/quic/crypto/proof_verifier_chromium.cc |
| diff --git a/net/quic/crypto/proof_verifier_chromium.cc b/net/quic/crypto/proof_verifier_chromium.cc |
| index 5f70199a5058af1ebecaa2a03411d3006171e858..3a4e315b5dc9c17e3bff3b18f59bde023b5f7a2d 100644 |
| --- a/net/quic/crypto/proof_verifier_chromium.cc |
| +++ b/net/quic/crypto/proof_verifier_chromium.cc |
| @@ -236,58 +236,20 @@ int ProofVerifierChromium::Job::DoVerifyCert(int result) { |
| int ProofVerifierChromium::Job::DoVerifyCertComplete(int result) { |
| verifier_.reset(); |
| -#if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID) && !defined(OS_IOS) |
| - // TODO(wtc): The following code was copied from ssl_client_socket_nss.cc. |
| - // Convert it to a new function that can be called by both files. These |
| - // variables simulate the arguments to the new function. |
| const CertVerifyResult& cert_verify_result = |
| verify_details_->cert_verify_result; |
| - bool sni_available = true; |
| - const std::string& host = hostname_; |
| - TransportSecurityState* transport_security_state = transport_security_state_; |
| - std::string* pinning_failure_log = &verify_details_->pinning_failure_log; |
| - |
| - // Take care of any mandates for public key pinning. |
| - // |
| - // Pinning is only enabled for official builds to make sure that others don't |
| - // end up with pins that cannot be easily updated. |
| - // |
| - // TODO(agl): We might have an issue here where a request for foo.example.com |
| - // merges into a SPDY connection to www.example.com, and gets a different |
| - // certificate. |
| - |
| - // Perform pin validation if, and only if, all these conditions obtain: |
| - // |
| - // * a TransportSecurityState object is available; |
| - // * the server's certificate chain is valid (or suffers from only a minor |
| - // error); |
| - // * the server's certificate chain chains up to a known root (i.e. not a |
| - // user-installed trust anchor); and |
| - // * the build is recent (very old builds should fail open so that users |
| - // have some chance to recover). |
| - // |
| const CertStatus cert_status = cert_verify_result.cert_status; |
| - if (transport_security_state && |
| + if (transport_security_state_ && |
| (result == OK || |
| (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| - cert_verify_result.is_issued_by_known_root && |
| - TransportSecurityState::IsBuildTimely()) { |
| - if (transport_security_state->HasPublicKeyPins(host, sni_available)) { |
| - if (!transport_security_state->CheckPublicKeyPins( |
| - host, |
| - sni_available, |
| - cert_verify_result.public_key_hashes, |
| - pinning_failure_log)) { |
| - LOG(ERROR) << *pinning_failure_log; |
| - result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| - UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false); |
| - TransportSecurityState::ReportUMAOnPinFailure(host); |
| - } else { |
| - UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true); |
| - } |
| - } |
| + !transport_security_state_->CheckPublicKeyPins( |
| + hostname_, |
| + /* sni_available= */ true, |
|
Ryan Sleevi
2014/08/07 22:19:07
nit: true, /* QUIC always supports SNI */
or at l
Ryan Hamilton
2014/08/07 22:49:39
Done.
|
| + cert_verify_result.is_issued_by_known_root, |
| + cert_verify_result.public_key_hashes, |
| + &verify_details_->pinning_failure_log)) { |
| + result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| } |
| -#endif |
| if (result != OK) { |
| error_details_ = StringPrintf("Failed to verify certificate chain: %s", |
