Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(151)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 578553004: Remove the "snionly" concept from the HSTS preload. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: ... Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/proof_verifier_chromium.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 3393 matching lines...) Expand 10 before | Expand all | Expand 10 after
3404 // is fixed, we need to avoid using the NSS database for non-essential 3404 // is fixed, we need to avoid using the NSS database for non-essential
3405 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and 3405 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and
3406 // http://crbug.com/15630 for more info. 3406 // http://crbug.com/15630 for more info.
3407 3407
3408 // TODO(hclam): Skip logging if server cert was expected to be bad because 3408 // TODO(hclam): Skip logging if server cert was expected to be bad because
3409 // |server_cert_verify_result_| doesn't contain all the information about 3409 // |server_cert_verify_result_| doesn't contain all the information about
3410 // the cert. 3410 // the cert.
3411 if (result == OK) 3411 if (result == OK)
3412 LogConnectionTypeMetrics(); 3412 LogConnectionTypeMetrics();
3413 3413
3414 bool sni_available = ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 ||
3415 ssl_config_.version_fallback;
3416 const CertStatus cert_status = server_cert_verify_result_.cert_status; 3414 const CertStatus cert_status = server_cert_verify_result_.cert_status;
3417 if (transport_security_state_ && 3415 if (transport_security_state_ &&
3418 (result == OK || 3416 (result == OK ||
3419 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && 3417 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
3420 !transport_security_state_->CheckPublicKeyPins( 3418 !transport_security_state_->CheckPublicKeyPins(
3421 host_and_port_.host(), 3419 host_and_port_.host(),
3422 sni_available,
3423 server_cert_verify_result_.is_issued_by_known_root, 3420 server_cert_verify_result_.is_issued_by_known_root,
3424 server_cert_verify_result_.public_key_hashes, 3421 server_cert_verify_result_.public_key_hashes,
3425 &pinning_failure_log_)) { 3422 &pinning_failure_log_)) {
3426 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 3423 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
3427 } 3424 }
3428 3425
3429 if (result == OK) { 3426 if (result == OK) {
3430 // Only check Certificate Transparency if there were no other errors with 3427 // Only check Certificate Transparency if there were no other errors with
3431 // the connection. 3428 // the connection.
3432 VerifyCT(); 3429 VerifyCT();
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after
3526 scoped_refptr<X509Certificate> 3523 scoped_refptr<X509Certificate>
3527 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { 3524 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
3528 return core_->state().server_cert.get(); 3525 return core_->state().server_cert.get();
3529 } 3526 }
3530 3527
3531 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { 3528 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
3532 return channel_id_service_; 3529 return channel_id_service_;
3533 } 3530 }
3534 3531
3535 } // namespace net 3532 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/proof_verifier_chromium.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698