Chromium Code Reviews Chromium Code Reviews
Issue 508823009:
Mark SHA-1 as deprecated (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@cert_verify_result_sha1| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 726 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 737 // NOTE: |ProcessStrictTransportSecurityHeader| and | 737 // NOTE: |ProcessStrictTransportSecurityHeader| and |
| 738 // |ProcessPublicKeyPinsHeader| have very similar structures, by design. | 738 // |ProcessPublicKeyPinsHeader| have very similar structures, by design. |
| 739 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { | 739 void URLRequestHttpJob::ProcessStrictTransportSecurityHeader() { |
| 740 DCHECK(response_info_); | 740 DCHECK(response_info_); |
| 741 TransportSecurityState* security_state = | 741 TransportSecurityState* security_state = |
| 742 request_->context()->transport_security_state(); | 742 request_->context()->transport_security_state(); |
| 743 const SSLInfo& ssl_info = response_info_->ssl_info; | 743 const SSLInfo& ssl_info = response_info_->ssl_info; |
| 744 | 744 |
| 745 // Only accept HSTS headers on HTTPS connections that have no | 745 // Only accept HSTS headers on HTTPS connections that have no |
| 746 // certificate errors. | 746 // certificate errors. |
| 747 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 747 if (!ssl_info.is_valid() || (IsCertStatusError(ssl_info.cert_status) && |
| 748 !IsCertStatusMinorError(ssl_info.cert_status)) || | |
|
davidben
2014/09/29 20:21:32
Is this bit still necessary now that it's not Cert
| |
| 748 !security_state) | 749 !security_state) |
| 749 return; | 750 return; |
| 750 | 751 |
| 751 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: | 752 // http://tools.ietf.org/html/draft-ietf-websec-strict-transport-sec: |
| 752 // | 753 // |
| 753 // If a UA receives more than one STS header field in a HTTP response | 754 // If a UA receives more than one STS header field in a HTTP response |
| 754 // message over secure transport, then the UA MUST process only the | 755 // message over secure transport, then the UA MUST process only the |
| 755 // first such header field. | 756 // first such header field. |
| 756 HttpResponseHeaders* headers = GetResponseHeaders(); | 757 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 757 std::string value; | 758 std::string value; |
| 758 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) | 759 if (headers->EnumerateHeader(NULL, "Strict-Transport-Security", &value)) |
| 759 security_state->AddHSTSHeader(request_info_.url.host(), value); | 760 security_state->AddHSTSHeader(request_info_.url.host(), value); |
| 760 } | 761 } |
| 761 | 762 |
| 762 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { | 763 void URLRequestHttpJob::ProcessPublicKeyPinsHeader() { |
| 763 DCHECK(response_info_); | 764 DCHECK(response_info_); |
| 764 TransportSecurityState* security_state = | 765 TransportSecurityState* security_state = |
| 765 request_->context()->transport_security_state(); | 766 request_->context()->transport_security_state(); |
| 766 const SSLInfo& ssl_info = response_info_->ssl_info; | 767 const SSLInfo& ssl_info = response_info_->ssl_info; |
| 767 | 768 |
| 768 // Only accept HPKP headers on HTTPS connections that have no | 769 // Only accept HPKP headers on HTTPS connections that have no |
| 769 // certificate errors. | 770 // certificate errors. |
| 770 if (!ssl_info.is_valid() || IsCertStatusError(ssl_info.cert_status) || | 771 if (!ssl_info.is_valid() || (IsCertStatusError(ssl_info.cert_status) && |
| 772 !IsCertStatusMinorError(ssl_info.cert_status)) || | |
|
davidben
2014/09/29 20:21:32
Ditto.
| |
| 771 !security_state) | 773 !security_state) |
| 772 return; | 774 return; |
| 773 | 775 |
| 774 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: | 776 // http://tools.ietf.org/html/draft-ietf-websec-key-pinning: |
| 775 // | 777 // |
| 776 // If a UA receives more than one PKP header field in an HTTP | 778 // If a UA receives more than one PKP header field in an HTTP |
| 777 // response message over secure transport, then the UA MUST process | 779 // response message over secure transport, then the UA MUST process |
| 778 // only the first such header field. | 780 // only the first such header field. |
| 779 HttpResponseHeaders* headers = GetResponseHeaders(); | 781 HttpResponseHeaders* headers = GetResponseHeaders(); |
| 780 std::string value; | 782 std::string value; |
| (...skipping 736 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1517 return override_response_headers_.get() ? | 1519 return override_response_headers_.get() ? |
| 1518 override_response_headers_.get() : | 1520 override_response_headers_.get() : |
| 1519 transaction_->GetResponseInfo()->headers.get(); | 1521 transaction_->GetResponseInfo()->headers.get(); |
| 1520 } | 1522 } |
| 1521 | 1523 |
| 1522 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1524 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
| 1523 awaiting_callback_ = false; | 1525 awaiting_callback_ = false; |
| 1524 } | 1526 } |
| 1525 | 1527 |
| 1526 } // namespace net | 1528 } // namespace net |
| OLD | NEW |
