Index: chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
index d5584938a7fe8e07f83636351ca752d4a03eda1a..0e3a1d658533a4678f51c441ac05704cf2651547 100644 |
--- a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
+++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
@@ -27,10 +27,13 @@ namespace chrome_browser_net { |
static const char kFraudulentCertificateUploadEndpoint[] = |
"http://clients3.google.com/log_cert_error"; |
+static const char kInvalidCertificateChainUploadEndpoint[] = ""; |
Bernhard Bauer
2015/03/03 09:45:58
Can you add a TODO to add the real endpoint?
Also
estark
2015/03/03 15:36:24
Done.
|
+ |
ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( |
net::URLRequestContext* request_context) |
: request_context_(request_context), |
- upload_url_(kFraudulentCertificateUploadEndpoint) { |
+ pinning_violation_upload_url_(kFraudulentCertificateUploadEndpoint), |
+ invalid_chain_upload_url_(kInvalidCertificateChainUploadEndpoint) { |
} |
ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { |
@@ -61,17 +64,29 @@ static std::string BuildReport(const std::string& hostname, |
scoped_ptr<net::URLRequest> |
ChromeFraudulentCertificateReporter::CreateURLRequest( |
- net::URLRequestContext* context) { |
+ net::URLRequestContext* context, |
+ const GURL& upload_url) { |
scoped_ptr<net::URLRequest> request = |
- context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); |
+ context->CreateRequest(upload_url, net::DEFAULT_PRIORITY, this, NULL); |
request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
net::LOAD_DO_NOT_SAVE_COOKIES); |
return request.Pass(); |
} |
void ChromeFraudulentCertificateReporter::SendReport( |
+ ReportType type, |
const std::string& hostname, |
const net::SSLInfo& ssl_info) { |
+ if (type == REPORT_TYPE_EXTENDED_REPORTING) { |
+ // TODO(estark): Double-check that the user is opted in. |
+ |
+ // TODO(estark): Temporarily, since there is no upload endpoint, just log |
+ // the information. |
+ LOG(ERROR) << "SSL report for " << hostname << ":\n" |
+ << BuildReport(hostname, ssl_info) << "\n\n"; |
+ return; |
+ } |
+ |
// We do silent/automatic reporting ONLY for Google properties. For other |
// domains (when we start supporting that), we will ask for user permission. |
if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) { |
@@ -80,7 +95,8 @@ void ChromeFraudulentCertificateReporter::SendReport( |
std::string report = BuildReport(hostname, ssl_info); |
- scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); |
+ scoped_ptr<net::URLRequest> url_request = |
+ CreateURLRequest(request_context_, pinning_violation_upload_url_); |
url_request->set_method("POST"); |
scoped_ptr<net::UploadElementReader> reader( |