| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/ssl/ssl_policy.h" | 5 #include "content/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/command_line.h" | 9 #include "base/command_line.h" |
| 10 #include "base/memory/singleton.h" | 10 #include "base/memory/singleton.h" |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 50 // user every time they come back to the page. | 50 // user every time they come back to the page. |
| 51 int options_mask = 0; | 51 int options_mask = 0; |
| 52 switch (handler->cert_error()) { | 52 switch (handler->cert_error()) { |
| 53 case net::ERR_CERT_COMMON_NAME_INVALID: | 53 case net::ERR_CERT_COMMON_NAME_INVALID: |
| 54 case net::ERR_CERT_DATE_INVALID: | 54 case net::ERR_CERT_DATE_INVALID: |
| 55 case net::ERR_CERT_AUTHORITY_INVALID: | 55 case net::ERR_CERT_AUTHORITY_INVALID: |
| 56 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: | 56 case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: |
| 57 case net::ERR_CERT_WEAK_KEY: | 57 case net::ERR_CERT_WEAK_KEY: |
| 58 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: | 58 case net::ERR_CERT_NAME_CONSTRAINT_VIOLATION: |
| 59 if (!handler->fatal()) | 59 if (!handler->fatal()) |
| 60 options_mask |= OVERRIDABLE; | 60 options_mask |= ContentBrowserClient::OVERRIDABLE; |
| 61 else | 61 else |
| 62 options_mask |= STRICT_ENFORCEMENT; | 62 options_mask |= ContentBrowserClient::STRICT_ENFORCEMENT; |
| 63 if (expired_previous_decision) | 63 if (expired_previous_decision) |
| 64 options_mask |= EXPIRED_PREVIOUS_DECISION; | 64 options_mask |= ContentBrowserClient::EXPIRED_PREVIOUS_DECISION; |
| 65 OnCertErrorInternal(handler, options_mask); | 65 OnCertErrorInternal(handler, options_mask); |
| 66 break; | 66 break; |
| 67 case net::ERR_CERT_NO_REVOCATION_MECHANISM: | 67 case net::ERR_CERT_NO_REVOCATION_MECHANISM: |
| 68 // Ignore this error. | 68 // Ignore this error. |
| 69 handler->ContinueRequest(); | 69 handler->ContinueRequest(); |
| 70 break; | 70 break; |
| 71 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: | 71 case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION: |
| 72 // We ignore this error but will show a warning status in the location | 72 // We ignore this error but will show a warning status in the location |
| 73 // bar. | 73 // bar. |
| 74 handler->ContinueRequest(); | 74 handler->ContinueRequest(); |
| 75 break; | 75 break; |
| 76 case net::ERR_CERT_CONTAINS_ERRORS: | 76 case net::ERR_CERT_CONTAINS_ERRORS: |
| 77 case net::ERR_CERT_REVOKED: | 77 case net::ERR_CERT_REVOKED: |
| 78 case net::ERR_CERT_INVALID: | 78 case net::ERR_CERT_INVALID: |
| 79 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: | 79 case net::ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY: |
| 80 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: | 80 case net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: |
| 81 if (handler->fatal()) | 81 if (handler->fatal()) |
| 82 options_mask |= STRICT_ENFORCEMENT; | 82 options_mask |= ContentBrowserClient::STRICT_ENFORCEMENT; |
| 83 if (expired_previous_decision) | 83 if (expired_previous_decision) |
| 84 options_mask |= EXPIRED_PREVIOUS_DECISION; | 84 options_mask |= ContentBrowserClient::EXPIRED_PREVIOUS_DECISION; |
| 85 OnCertErrorInternal(handler, options_mask); | 85 OnCertErrorInternal(handler, options_mask); |
| 86 break; | 86 break; |
| 87 default: | 87 default: |
| 88 NOTREACHED(); | 88 NOTREACHED(); |
| 89 handler->CancelRequest(); | 89 handler->CancelRequest(); |
| 90 break; | 90 break; |
| 91 } | 91 } |
| 92 } | 92 } |
| 93 | 93 |
| 94 void SSLPolicy::DidRunInsecureContent(NavigationEntryImpl* entry, | 94 void SSLPolicy::DidRunInsecureContent(NavigationEntryImpl* entry, |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 182 // Default behavior for rejecting a certificate. | 182 // Default behavior for rejecting a certificate. |
| 183 handler->CancelRequest(); | 183 handler->CancelRequest(); |
| 184 } | 184 } |
| 185 } | 185 } |
| 186 | 186 |
| 187 //////////////////////////////////////////////////////////////////////////////// | 187 //////////////////////////////////////////////////////////////////////////////// |
| 188 // Certificate Error Routines | 188 // Certificate Error Routines |
| 189 | 189 |
| 190 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, | 190 void SSLPolicy::OnCertErrorInternal(SSLCertErrorHandler* handler, |
| 191 int options_mask) { | 191 int options_mask) { |
| 192 bool overridable = (options_mask & OVERRIDABLE) != 0; | |
| 193 bool strict_enforcement = (options_mask & STRICT_ENFORCEMENT) != 0; | |
| 194 bool expired_previous_decision = | |
| 195 (options_mask & EXPIRED_PREVIOUS_DECISION) != 0; | |
| 196 CertificateRequestResultType result = | 192 CertificateRequestResultType result = |
| 197 CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE; | 193 CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE; |
| 198 GetContentClient()->browser()->AllowCertificateError( | 194 GetContentClient()->browser()->AllowCertificateError( |
| 199 handler->render_process_id(), | 195 handler->render_process_id(), |
| 200 handler->render_frame_id(), | 196 handler->render_frame_id(), |
| 201 handler->cert_error(), | 197 handler->cert_error(), |
| 202 handler->ssl_info(), | 198 handler->ssl_info(), |
| 203 handler->request_url(), | 199 handler->request_url(), |
| 204 handler->resource_type(), | 200 handler->resource_type(), |
| 205 overridable, | 201 options_mask, |
| 206 strict_enforcement, | |
| 207 expired_previous_decision, | |
| 208 base::Bind(&SSLPolicy::OnAllowCertificate, | 202 base::Bind(&SSLPolicy::OnAllowCertificate, |
| 209 base::Unretained(this), | 203 base::Unretained(this), |
| 210 make_scoped_refptr(handler)), | 204 make_scoped_refptr(handler)), |
| 211 &result); | 205 &result); |
| 212 switch (result) { | 206 switch (result) { |
| 213 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE: | 207 case CERTIFICATE_REQUEST_RESULT_TYPE_CONTINUE: |
| 214 break; | 208 break; |
| 215 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL: | 209 case CERTIFICATE_REQUEST_RESULT_TYPE_CANCEL: |
| 216 handler->CancelRequest(); | 210 handler->CancelRequest(); |
| 217 break; | 211 break; |
| (...skipping 13 matching lines...) Expand all Loading... |
| 231 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; | 225 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED; |
| 232 } | 226 } |
| 233 | 227 |
| 234 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 228 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
| 235 GURL parsed_origin(origin); | 229 GURL parsed_origin(origin); |
| 236 if (parsed_origin.SchemeIsSecure()) | 230 if (parsed_origin.SchemeIsSecure()) |
| 237 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 231 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
| 238 } | 232 } |
| 239 | 233 |
| 240 } // namespace content | 234 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 578373002:
Interstitial options are not OR'd properly. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src@master