| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
| (...skipping 27 matching lines...) Expand all Loading... |
| 38 backend_->QueryPolicy(handler->ssl_info().cert.get(), | 38 backend_->QueryPolicy(handler->ssl_info().cert.get(), |
| 39 handler->request_url().host(), | 39 handler->request_url().host(), |
| 40 handler->cert_error(), | 40 handler->cert_error(), |
| 41 &expired_previous_decision); | 41 &expired_previous_decision); |
| 42 | 42 |
| 43 if (judgment == net::CertPolicy::ALLOWED) { | 43 if (judgment == net::CertPolicy::ALLOWED) { |
| 44 handler->ContinueRequest(); | 44 handler->ContinueRequest(); |
| 45 return; | 45 return; |
| 46 } | 46 } |
| 47 | 47 |
| 48 // The judgment is either DENIED or UNKNOWN. | 48 // The judgment must be UNKNOWN because QueryPolicy guarantees that it will |
| 49 // For now we handle the DENIED as the UNKNOWN, which means a blocking | 49 // never return DENIED. For these hosts, a blocking page is shown to the user |
| 50 // page is shown to the user every time he comes back to the page. | 50 // every time he comes back to the page. |
| 51 | |
| 52 int options_mask = 0; | 51 int options_mask = 0; |
| 53 switch (handler->cert_error()) { | 52 switch (handler->cert_error()) { |
| 54 case net::ERR_CERT_COMMON_NAME_INVALID: | 53 case net::ERR_CERT_COMMON_NAME_INVALID: |
| 55 case net::ERR_CERT_DATE_INVALID: | 54 case net::ERR_CERT_DATE_INVALID: |
| 56 case net::ERR_CERT_AUTHORITY_INVALID: | 55 case net::ERR_CERT_AUTHORITY_INVALID: |
| 57 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: | 56 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: |
| 58 case net::ERR_CERT_WEAK_KEY: | 57 case net::ERR_CERT_WEAK_KEY: |
| 59 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: | 58 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: |
| 60 if (!handler->fatal()) | 59 if (!handler->fatal()) |
| 61 options_mask |= OVERRIDABLE; | 60 options_mask |= OVERRIDABLE; |
| (...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 173 // | 172 // |
| 174 // While AllowCertForHost() executes synchronously on this thread, | 173 // While AllowCertForHost() executes synchronously on this thread, |
| 175 // ContinueRequest() gets posted to a different thread. Calling | 174 // ContinueRequest() gets posted to a different thread. Calling |
| 176 // AllowCertForHost() first ensures deterministic ordering. | 175 // AllowCertForHost() first ensures deterministic ordering. |
| 177 backend_->AllowCertForHost(handler->ssl_info().cert.get(), | 176 backend_->AllowCertForHost(handler->ssl_info().cert.get(), |
| 178 handler->request_url().host(), | 177 handler->request_url().host(), |
| 179 handler->cert_error()); | 178 handler->cert_error()); |
| 180 handler->ContinueRequest(); | 179 handler->ContinueRequest(); |
| 181 } else { | 180 } else { |
| 182 // Default behavior for rejecting a certificate. | 181 // Default behavior for rejecting a certificate. |
| 183 // | |
| 184 // While DenyCertForHost() executes synchronously on this thread, | |
| 185 // CancelRequest() gets posted to a different thread. Calling | |
| 186 // DenyCertForHost() first ensures deterministic ordering. | |
| 187 backend_->DenyCertForHost(handler->ssl_info().cert.get(), | |
| 188 handler->request_url().host(), | |
| 189 handler->cert_error()); | |
| 190 handler->CancelRequest(); | 182 handler->CancelRequest(); |
| 191 } | 183 } |
| 192 } | 184 } |
| 193 | 185 |
| 194 //////////////////////////////////////////////////////////////////////////////// | 186 //////////////////////////////////////////////////////////////////////////////// |
| 195 // Certificate Error Routines | 187 // Certificate Error Routines |
| 196 | 188 |
| 197 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, | 189 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, |
| 198 int options_mask) { | 190 int options_mask) { |
| 199 bool overridable = (options_mask & OVERRIDABLE) != 0; | 191 bool overridable = (options_mask & OVERRIDABLE) != 0; |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 238 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; | 230 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; |
| 239 } | 231 } |
| 240 | 232 |
| 241 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 233 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
| 242 GURL parsed_origin(origin); | 234 GURL parsed_origin(origin); |
| 243 if (parsed_origin.SchemeIsSecure()) | 235 if (parsed_origin.SchemeIsSecure()) |
| 244 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 236 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
| 245 } | 237 } |
| 246 | 238 |
| 247 } // namespace content | 239 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 465133004:
Remove DenyCertForHost from SSLHostStateDelegate API. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src