| Index: chrome/browser/net/chrome_fraudulent_certificate_reporter.cc
|
| diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc
|
| index d5584938a7fe8e07f83636351ca752d4a03eda1a..7f96ba2f51bab160e49a269ad7f7a9060855f41d 100644
|
| --- a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc
|
| +++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc
|
| @@ -24,13 +24,17 @@ namespace chrome_browser_net {
|
|
|
| // TODO(palmer): Switch to HTTPS when the error handling delegate is more
|
| // sophisticated. Ultimately we plan to attempt the report on many transports.
|
| -static const char kFraudulentCertificateUploadEndpoint[] =
|
| +const char kFraudulentCertificateUploadEndpoint[] =
|
| "http://clients3.google.com/log_cert_error";
|
|
|
| +// TODO(estark): Add the real server endpoint when live.
|
| +const char kInvalidCertificateChainUploadEndpoint[] = "";
|
| +
|
| ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter(
|
| net::URLRequestContext* request_context)
|
| : request_context_(request_context),
|
| - upload_url_(kFraudulentCertificateUploadEndpoint) {
|
| + pinning_violation_upload_url_(kFraudulentCertificateUploadEndpoint),
|
| + invalid_chain_upload_url_(kInvalidCertificateChainUploadEndpoint) {
|
| }
|
|
|
| ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() {
|
| @@ -61,17 +65,29 @@ static std::string BuildReport(const std::string& hostname,
|
|
|
| scoped_ptr<net::URLRequest>
|
| ChromeFraudulentCertificateReporter::CreateURLRequest(
|
| - net::URLRequestContext* context) {
|
| + net::URLRequestContext* context,
|
| + const GURL& upload_url) {
|
| scoped_ptr<net::URLRequest> request =
|
| - context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL);
|
| + context->CreateRequest(upload_url, net::DEFAULT_PRIORITY, this, NULL);
|
| request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES |
|
| net::LOAD_DO_NOT_SAVE_COOKIES);
|
| return request.Pass();
|
| }
|
|
|
| void ChromeFraudulentCertificateReporter::SendReport(
|
| + ReportType type,
|
| const std::string& hostname,
|
| const net::SSLInfo& ssl_info) {
|
| + if (type == REPORT_TYPE_EXTENDED_REPORTING) {
|
| + // TODO(estark): Double-check that the user is opted in.
|
| +
|
| + // TODO(estark): Temporarily, since there is no upload endpoint, just log
|
| + // the information.
|
| + LOG(ERROR) << "SSL report for " << hostname << ":\n"
|
| + << BuildReport(hostname, ssl_info) << "\n\n";
|
| + return;
|
| + }
|
| +
|
| // We do silent/automatic reporting ONLY for Google properties. For other
|
| // domains (when we start supporting that), we will ask for user permission.
|
| if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) {
|
| @@ -80,7 +96,8 @@ void ChromeFraudulentCertificateReporter::SendReport(
|
|
|
| std::string report = BuildReport(hostname, ssl_info);
|
|
|
| - scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_);
|
| + scoped_ptr<net::URLRequest> url_request =
|
| + CreateURLRequest(request_context_, pinning_violation_upload_url_);
|
| url_request->set_method("POST");
|
|
|
| scoped_ptr<net::UploadElementReader> reader(
|
|
|
Chromium Code Reviews
Issue 935663004:
Add checkbox for reporting invalid TLS/SSL cert chains (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master