Chromium Code Reviews Chromium Code Reviews
Issue 508823009:
Mark SHA-1 as deprecated (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_verify_result_sha1| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading | 5 // See http://dev.chromium.org/developers/design-documents/multi-process-resourc e-loading |
| 6 | 6 |
| 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" | 7 #include "content/browser/loader/resource_dispatcher_host_impl.h" |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 #include <set> | 10 #include <set> |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 131 // use. Arbitrarily chosen. | 131 // use. Arbitrarily chosen. |
| 132 const double kMaxRequestsPerProcessRatio = 0.45; | 132 const double kMaxRequestsPerProcessRatio = 0.45; |
| 133 | 133 |
| 134 // TODO(jkarlin): The value is high to reduce the chance of the detachable | 134 // TODO(jkarlin): The value is high to reduce the chance of the detachable |
| 135 // request timing out, forcing a blocked second request to open a new connection | 135 // request timing out, forcing a blocked second request to open a new connection |
| 136 // and start over. Reduce this value once we have a better idea of what it | 136 // and start over. Reduce this value once we have a better idea of what it |
| 137 // should be and once we stop blocking multiple simultaneous requests for the | 137 // should be and once we stop blocking multiple simultaneous requests for the |
| 138 // same resource (see bugs 46104 and 31014). | 138 // same resource (see bugs 46104 and 31014). |
| 139 const int kDefaultDetachableCancelDelayMs = 30000; | 139 const int kDefaultDetachableCancelDelayMs = 30000; |
| 140 | 140 |
| 141 enum SHA1HistogramTypes { | |
| 142 // SHA-1 is not present in the certificate chain. | |
| 143 SHA1_NOT_PRESENT = 0, | |
| 144 // SHA-1 is present in the certificate chain, and the leaf expires on or | |
| 145 // after January 1, 2017. | |
| 146 SHA1_EXPIRES_AFTER_JANUARY_2017 = 1, | |
| 147 // SHA-1 is present in the certificate chain, and the leaf expires on or | |
| 148 // after June 1, 2016. | |
| 149 SHA1_EXPIRES_AFTER_JUNE_2016 = 2, | |
| 150 // SHA-1 is present in the certificate chain, and the leaf expires on or | |
| 151 // after January 1, 2016. | |
| 152 SHA1_EXPIRES_AFTER_JANUARY_2016 = 3, | |
| 153 // SHA-1 is present in the certificate chain, but the leaf expires before | |
| 154 // January 1, 2016 | |
| 155 SHA1_PRESENT = 4, | |
| 156 // Always keep this at the end. | |
| 157 SHA1_HISTOGRAM_TYPES_MAX, | |
| 158 }; | |
| 159 | |
| 160 void RecordCertificateHistograms(const net::SSLInfo& ssl_info, | |
| 161 ResourceType resource_type) { | |
| 162 // The internal representation of the dates for UI treatment of SHA-1. | |
| 163 // See http://crbug.com/401365 for details | |
| 164 static const int64_t kJanuary2017 = INT64_C(13127702400000000); | |
| 165 static const int64_t kJune2016 = INT64_C(13109213000000000); | |
| 166 static const int64_t kJanuary2016 = INT64_C(13096080000000000); | |
| 167 | |
| 168 SHA1HistogramTypes sha1_histogram = SHA1_NOT_PRESENT; | |
| 169 if (ssl_info.cert_status & net::CERT_STATUS_SHA1_SIGNATURE_PRESENT) { | |
| 170 DCHECK(ssl_info.cert.get()); | |
| 171 if (ssl_info.cert->valid_expiry() >= | |
| 172 base::Time::FromInternalValue(kJanuary2017)) { | |
| 173 sha1_histogram = SHA1_EXPIRES_AFTER_JANUARY_2016; | |
|
davidben
2014/09/29 20:21:31
SHA1_EXPIRES_AFTER_JANUARY_201*7*
| |
| 174 } else if (ssl_info.cert->valid_expiry() >= | |
| 175 base::Time::FromInternalValue(kJune2016)) { | |
| 176 sha1_histogram = SHA1_EXPIRES_AFTER_JUNE_2016; | |
| 177 } else if (ssl_info.cert->valid_expiry() >= | |
| 178 base::Time::FromInternalValue(kJanuary2016)) { | |
| 179 sha1_histogram = SHA1_EXPIRES_AFTER_JANUARY_2016; | |
| 180 } else { | |
| 181 sha1_histogram = SHA1_PRESENT; | |
| 182 } | |
| 183 } | |
| 184 if (resource_type == RESOURCE_TYPE_MAIN_FRAME) { | |
| 185 UMA_HISTOGRAM_ENUMERATION("Net.Certificate.SHA1.MainFrame", | |
| 186 sha1_histogram, | |
| 187 SHA1_HISTOGRAM_TYPES_MAX); | |
| 188 } else { | |
| 189 UMA_HISTOGRAM_ENUMERATION("Net.Certificate.SHA1.Subresource", | |
| 190 sha1_histogram, | |
| 191 SHA1_HISTOGRAM_TYPES_MAX); | |
| 192 } | |
| 193 } | |
| 194 | |
| 141 bool IsDetachableResourceType(ResourceType type) { | 195 bool IsDetachableResourceType(ResourceType type) { |
| 142 switch (type) { | 196 switch (type) { |
| 143 case RESOURCE_TYPE_PREFETCH: | 197 case RESOURCE_TYPE_PREFETCH: |
| 144 case RESOURCE_TYPE_PING: | 198 case RESOURCE_TYPE_PING: |
| 145 return true; | 199 return true; |
| 146 default: | 200 default: |
| 147 return false; | 201 return false; |
| 148 } | 202 } |
| 149 } | 203 } |
| 150 | 204 |
| (...skipping 643 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 794 UMA_HISTOGRAM_SPARSE_SLOWLY( | 848 UMA_HISTOGRAM_SPARSE_SLOWLY( |
| 795 "Net.ErrorCodesForImages", | 849 "Net.ErrorCodesForImages", |
| 796 -loader->request()->status().error()); | 850 -loader->request()->status().error()); |
| 797 } | 851 } |
| 798 // This enumeration has "2" appended to distinguish it from older versions. | 852 // This enumeration has "2" appended to distinguish it from older versions. |
| 799 UMA_HISTOGRAM_SPARSE_SLOWLY( | 853 UMA_HISTOGRAM_SPARSE_SLOWLY( |
| 800 "Net.ErrorCodesForSubresources2", | 854 "Net.ErrorCodesForSubresources2", |
| 801 -loader->request()->status().error()); | 855 -loader->request()->status().error()); |
| 802 } | 856 } |
| 803 | 857 |
| 858 if (loader->request()->url().SchemeIsSecure()) { | |
| 859 RecordCertificateHistograms(loader->request()->ssl_info(), | |
| 860 info->GetResourceType()); | |
| 861 } | |
| 862 | |
| 804 if (delegate_) | 863 if (delegate_) |
| 805 delegate_->RequestComplete(loader->request()); | 864 delegate_->RequestComplete(loader->request()); |
| 806 | 865 |
| 807 // Destroy the ResourceLoader. | 866 // Destroy the ResourceLoader. |
| 808 RemovePendingRequest(info->GetChildID(), info->GetRequestID()); | 867 RemovePendingRequest(info->GetChildID(), info->GetRequestID()); |
| 809 } | 868 } |
| 810 | 869 |
| 811 void ResourceDispatcherHostImpl::OnInit() { | 870 void ResourceDispatcherHostImpl::OnInit() { |
| 812 scheduler_.reset(new ResourceScheduler); | 871 scheduler_.reset(new ResourceScheduler); |
| 813 AppCacheInterceptor::EnsureRegistered(); | 872 AppCacheInterceptor::EnsureRegistered(); |
| (...skipping 1235 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 2049 | 2108 |
| 2050 // Add a flag to selectively bypass the data reduction proxy if the resource | 2109 // Add a flag to selectively bypass the data reduction proxy if the resource |
| 2051 // type is not an image. | 2110 // type is not an image. |
| 2052 if (request_data.resource_type != RESOURCE_TYPE_IMAGE) | 2111 if (request_data.resource_type != RESOURCE_TYPE_IMAGE) |
| 2053 load_flags |= net::LOAD_BYPASS_DATA_REDUCTION_PROXY; | 2112 load_flags |= net::LOAD_BYPASS_DATA_REDUCTION_PROXY; |
| 2054 | 2113 |
| 2055 return load_flags; | 2114 return load_flags; |
| 2056 } | 2115 } |
| 2057 | 2116 |
| 2058 } // namespace content | 2117 } // namespace content |
| OLD | NEW |
