| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/ssl/ssl_policy.h" | 5 #include "chrome/browser/ssl/ssl_policy.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/command_line.h" | 8 #include "base/command_line.h" |
| 9 #include "base/singleton.h" | 9 #include "base/singleton.h" |
| 10 #include "base/string_piece.h" | 10 #include "base/string_piece.h" |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 109 // resource), the resource load just fails. | 109 // resource), the resource load just fails. |
| 110 // 2) If the user has previously approved the same certificate error for | 110 // 2) If the user has previously approved the same certificate error for |
| 111 // this host in a full-page interstitial, then we'll proceed with the | 111 // this host in a full-page interstitial, then we'll proceed with the |
| 112 // load. | 112 // load. |
| 113 // 3) If we proceed with the load, we should treat the resources as if they | 113 // 3) If we proceed with the load, we should treat the resources as if they |
| 114 // were loaded over HTTP, w.r.t. the display vs. run distinction above. | 114 // were loaded over HTTP, w.r.t. the display vs. run distinction above. |
| 115 // | 115 // |
| 116 // However, right now we don't have the proper context to understand where | 116 // However, right now we don't have the proper context to understand where |
| 117 // these resources will be used. Consequently, we're conservative and treat | 117 // these resources will be used. Consequently, we're conservative and treat |
| 118 // them all like DidRunInsecureContent(). | 118 // them all like DidRunInsecureContent(). |
| 119 | 119 if (net::IsCertStatusError(info->ssl_cert_status()) || |
| 120 if (net::IsCertStatusError(info->ssl_cert_status())) { | 120 (!info->ssl_cert_id() && info->tls_username().empty())) { |
| 121 backend_->HostRanInsecureContent(info->url().host(), info->child_id()); | 121 backend_->HostRanInsecureContent(info->url().host(), info->child_id()); |
| 122 | 122 |
| 123 // TODO(abarth): We should eventually remove the main_frame_origin and | 123 // TODO(abarth): We should eventually remove the main_frame_origin and |
| 124 // frame_origin properties. First, not every resource load is associated | 124 // frame_origin properties. First, not every resource load is associated |
| 125 // with a frame, so they don't always make sense. Second, the | 125 // with a frame, so they don't always make sense. Second, the |
| 126 // main_frame_origin is computed from the first_party_for_cookies, which has | 126 // main_frame_origin is computed from the first_party_for_cookies, which has |
| 127 // been hacked to death to support third-party cookie blocking. | 127 // been hacked to death to support third-party cookie blocking. |
| 128 | 128 |
| 129 if (info->resource_type() != ResourceType::MAIN_FRAME && | 129 if (info->resource_type() != ResourceType::MAIN_FRAME && |
| 130 info->resource_type() != ResourceType::SUB_FRAME) { | 130 info->resource_type() != ResourceType::SUB_FRAME) { |
| (...skipping 10 matching lines...) Expand all Loading... |
| 141 } | 141 } |
| 142 | 142 |
| 143 void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) { | 143 void SSLPolicy::UpdateEntry(NavigationEntry* entry, TabContents* tab_contents) { |
| 144 DCHECK(entry); | 144 DCHECK(entry); |
| 145 | 145 |
| 146 InitializeEntryIfNeeded(entry); | 146 InitializeEntryIfNeeded(entry); |
| 147 | 147 |
| 148 if (!entry->url().SchemeIsSecure()) | 148 if (!entry->url().SchemeIsSecure()) |
| 149 return; | 149 return; |
| 150 | 150 |
| 151 // An HTTPS response may not have a certificate for some reason. When that | 151 // An HTTPS response may not have a certificate or TLS auth username for some |
| 152 // happens, use the unauthenticated (HTTP) rather than the authentication | 152 // reason. When that happens, use the unauthenticated (HTTP) rather than the |
| 153 // broken security style so that we can detect this error condition. | 153 // authentication broken security style so that we can detect this error |
| 154 if (!entry->ssl().cert_id()) { | 154 // condition. |
| 155 if (!entry->ssl().cert_id() && entry->ssl().tls_username().empty()) { |
| 155 entry->ssl().set_security_style(SECURITY_STYLE_UNAUTHENTICATED); | 156 entry->ssl().set_security_style(SECURITY_STYLE_UNAUTHENTICATED); |
| 156 return; | 157 return; |
| 157 } | 158 } |
| 158 | 159 |
| 159 if (!(entry->ssl().cert_status() & net::CERT_STATUS_COMMON_NAME_INVALID)) { | 160 if (!(entry->ssl().cert_status() & net::CERT_STATUS_COMMON_NAME_INVALID)) { |
| 160 // CAs issue certificates for intranet hosts to everyone. Therefore, we | 161 // CAs issue certificates for intranet hosts to everyone. Therefore, we |
| 161 // mark intranet hosts as being non-unique. | 162 // mark intranet hosts as being non-unique. |
| 162 if (IsIntranetHost(entry->url().host())) { | 163 if (IsIntranetHost(entry->url().host())) { |
| 163 entry->ssl().set_cert_status(entry->ssl().cert_status() | | 164 entry->ssl().set_cert_status(entry->ssl().cert_status() | |
| 164 net::CERT_STATUS_NON_UNIQUE_NAME); | 165 net::CERT_STATUS_NON_UNIQUE_NAME); |
| 165 } | 166 } |
| 166 } | 167 } |
| 167 | 168 |
| 168 // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error, | 169 // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error, |
| 169 // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN. | 170 // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN. |
| 170 int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS; | 171 int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS; |
| 171 if (cert_errors) { | 172 if (cert_errors && entry->ssl().tls_username().empty()) { |
| 172 if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) | 173 if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION) |
| 173 entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); | 174 entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN); |
| 174 return; | 175 return; |
| 175 } | 176 } |
| 176 | 177 |
| 177 SiteInstance* site_instance = entry->site_instance(); | 178 SiteInstance* site_instance = entry->site_instance(); |
| 178 // Note that |site_instance| can be NULL here because NavigationEntries don't | 179 // Note that |site_instance| can be NULL here because NavigationEntries don't |
| 179 // necessarily have site instances. Without a process, the entry can't | 180 // necessarily have site instances. Without a process, the entry can't |
| 180 // possibly have insecure content. See bug http://crbug.com/12423. | 181 // possibly have insecure content. See bug http://crbug.com/12423. |
| 181 if (site_instance && | 182 if (site_instance && |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 250 | 251 |
| 251 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ? | 252 entry->ssl().set_security_style(entry->url().SchemeIsSecure() ? |
| 252 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED); | 253 SECURITY_STYLE_AUTHENTICATED : SECURITY_STYLE_UNAUTHENTICATED); |
| 253 } | 254 } |
| 254 | 255 |
| 255 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { | 256 void SSLPolicy::OriginRanInsecureContent(const std::string& origin, int pid) { |
| 256 GURL parsed_origin(origin); | 257 GURL parsed_origin(origin); |
| 257 if (parsed_origin.SchemeIsSecure()) | 258 if (parsed_origin.SchemeIsSecure()) |
| 258 backend_->HostRanInsecureContent(parsed_origin.host(), pid); | 259 backend_->HostRanInsecureContent(parsed_origin.host(), pid); |
| 259 } | 260 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6804032:
Add TLS-SRP (RFC 5054) support
Base URL: http://git.chromium.org/git/chromium.git@trunk