chrome/browser/net/chrome_fraudulent_certificate_reporter.cc - Issue 935663004: Add checkbox for reporting invalid TLS/SSL cert chains

Unified Diff: chrome/browser/net/chrome_fraudulent_certificate_reporter.cc

Issue 935663004: Add checkbox for reporting invalid TLS/SSL cert chains (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: move off the record check before UMA stats collection Created 5 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « chrome/browser/net/chrome_fraudulent_certificate_reporter.h ('k') | chrome/browser/net/chrome_fraudulent_certificate_reporter_unittest.cc » ('j') | chrome/browser/resources/security_warnings/extended_reporting.js » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: chrome/browser/net/chrome_fraudulent_certificate_reporter.cc

diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc

index d5584938a7fe8e07f83636351ca752d4a03eda1a..0e3a1d658533a4678f51c441ac05704cf2651547 100644

--- a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc

+++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc

@@ -27,10 +27,13 @@ namespace chrome_browser_net {

static const char kFraudulentCertificateUploadEndpoint[] =

"http://clients3.google.com/log_cert_error";

+static const char kInvalidCertificateChainUploadEndpoint[] = "";

Bernhard Bauer 2015/03/03 09:45:58 Can you add a TODO to add the real endpoint? Also

estark 2015/03/03 15:36:24 Done.

ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter(

net::URLRequestContext* request_context)

: request_context_(request_context),

- upload_url_(kFraudulentCertificateUploadEndpoint) {

+ pinning_violation_upload_url_(kFraudulentCertificateUploadEndpoint),

+ invalid_chain_upload_url_(kInvalidCertificateChainUploadEndpoint) {

}

ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() {

@@ -61,17 +64,29 @@ static std::string BuildReport(const std::string& hostname,

scoped_ptr<net::URLRequest>

ChromeFraudulentCertificateReporter::CreateURLRequest(

- net::URLRequestContext* context) {

+ net::URLRequestContext* context,

+ const GURL& upload_url) {

scoped_ptr<net::URLRequest> request =

- context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL);

+ context->CreateRequest(upload_url, net::DEFAULT_PRIORITY, this, NULL);

request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |

net::LOAD_DO_NOT_SAVE_COOKIES);

return request.Pass();

}

void ChromeFraudulentCertificateReporter::SendReport(

+ ReportType type,

const std::string& hostname,

const net::SSLInfo& ssl_info) {

+ if (type == REPORT_TYPE_EXTENDED_REPORTING) {

+ // TODO(estark): Double-check that the user is opted in.

+ // TODO(estark): Temporarily, since there is no upload endpoint, just log

+ // the information.

+ LOG(ERROR) << "SSL report for " << hostname << ":\n"

+ << BuildReport(hostname, ssl_info) << "\n\n";

+ return;

+ }

// We do silent/automatic reporting ONLY for Google properties. For other

// domains (when we start supporting that), we will ask for user permission.

if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) {

@@ -80,7 +95,8 @@ void ChromeFraudulentCertificateReporter::SendReport(

std::string report = BuildReport(hostname, ssl_info);

- scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);

+ scoped_ptr<net::URLRequest> url_request =

+ CreateURLRequest(request_context_, pinning_violation_upload_url_);

url_request->set_method("POST");

scoped_ptr<net::UploadElementReader> reader(