Index: chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
index d5584938a7fe8e07f83636351ca752d4a03eda1a..cbaca61e5f7184c05591f33e71a56989e3f29394 100644 |
--- a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
+++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
@@ -27,10 +27,13 @@ namespace chrome_browser_net { |
static const char kFraudulentCertificateUploadEndpoint[] = |
"http://clients3.google.com/log_cert_error"; |
+static const char kInvalidCertificateChainUploadEndpoint[] = ""; |
+ |
ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( |
net::URLRequestContext* request_context) |
: request_context_(request_context), |
- upload_url_(kFraudulentCertificateUploadEndpoint) { |
+ pinning_violation_upload_url_(kFraudulentCertificateUploadEndpoint), |
+ invalid_chain_upload_url_(kInvalidCertificateChainUploadEndpoint) { |
} |
ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { |
@@ -61,15 +64,16 @@ static std::string BuildReport(const std::string& hostname, |
scoped_ptr<net::URLRequest> |
ChromeFraudulentCertificateReporter::CreateURLRequest( |
- net::URLRequestContext* context) { |
+ net::URLRequestContext* context, |
+ const GURL& upload_url) { |
scoped_ptr<net::URLRequest> request = |
- context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); |
+ context->CreateRequest(upload_url, net::DEFAULT_PRIORITY, this, NULL); |
request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
net::LOAD_DO_NOT_SAVE_COOKIES); |
return request.Pass(); |
} |
-void ChromeFraudulentCertificateReporter::SendReport( |
+void ChromeFraudulentCertificateReporter::SendPinningViolationReport( |
const std::string& hostname, |
const net::SSLInfo& ssl_info) { |
// We do silent/automatic reporting ONLY for Google properties. For other |
@@ -80,7 +84,8 @@ void ChromeFraudulentCertificateReporter::SendReport( |
std::string report = BuildReport(hostname, ssl_info); |
- scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); |
+ scoped_ptr<net::URLRequest> url_request = |
+ CreateURLRequest(request_context_, pinning_violation_upload_url_); |
url_request->set_method("POST"); |
scoped_ptr<net::UploadElementReader> reader( |
@@ -98,6 +103,15 @@ void ChromeFraudulentCertificateReporter::SendReport( |
raw_url_request->Start(); |
} |
+void ChromeFraudulentCertificateReporter::SendInvalidChainReport( |
+ const std::string& hostname, |
+ const net::SSLInfo& ssl_info) { |
felt
2015/02/18 04:16:29
Have you thought about having a single method for
felt
2015/02/18 04:16:29
Should this double check here that the user is opt
estark
2015/02/18 05:22:44
Good idea, I added a TODO. Not immediately sure ho
estark
2015/02/18 05:22:44
Yeah, I did think about that; my reasoning was tha
felt
2015/02/19 00:32:32
Well, you could create an enum so that the param i
felt
2015/02/19 00:32:32
Yes, I think that passing in a Profile to the cons
estark
2015/02/19 02:32:08
Oh I like the enum idea! Did that. Wasn't sure whe
felt
2015/02/20 19:20:34
Might make sense. I can see it go either way. We c
|
+ // TODO(estark): Temporarily, since there is no upload endpoint, just log |
+ // the information. |
+ LOG(ERROR) << "SSL report for " << hostname << ":\n" |
+ << BuildReport(hostname, ssl_info) << "\n\n"; |
+} |
+ |
void ChromeFraudulentCertificateReporter::RequestComplete( |
net::URLRequest* request) { |
std::set<net::URLRequest*>::iterator i = inflight_requests_.find(request); |