Index: chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
diff --git a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
index d5584938a7fe8e07f83636351ca752d4a03eda1a..7f96ba2f51bab160e49a269ad7f7a9060855f41d 100644 |
--- a/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
+++ b/chrome/browser/net/chrome_fraudulent_certificate_reporter.cc |
@@ -24,13 +24,17 @@ namespace chrome_browser_net { |
// TODO(palmer): Switch to HTTPS when the error handling delegate is more |
// sophisticated. Ultimately we plan to attempt the report on many transports. |
-static const char kFraudulentCertificateUploadEndpoint[] = |
+const char kFraudulentCertificateUploadEndpoint[] = |
"http://clients3.google.com/log_cert_error"; |
+// TODO(estark): Add the real server endpoint when live. |
+const char kInvalidCertificateChainUploadEndpoint[] = ""; |
+ |
ChromeFraudulentCertificateReporter::ChromeFraudulentCertificateReporter( |
net::URLRequestContext* request_context) |
: request_context_(request_context), |
- upload_url_(kFraudulentCertificateUploadEndpoint) { |
+ pinning_violation_upload_url_(kFraudulentCertificateUploadEndpoint), |
+ invalid_chain_upload_url_(kInvalidCertificateChainUploadEndpoint) { |
} |
ChromeFraudulentCertificateReporter::~ChromeFraudulentCertificateReporter() { |
@@ -61,17 +65,29 @@ static std::string BuildReport(const std::string& hostname, |
scoped_ptr<net::URLRequest> |
ChromeFraudulentCertificateReporter::CreateURLRequest( |
- net::URLRequestContext* context) { |
+ net::URLRequestContext* context, |
+ const GURL& upload_url) { |
scoped_ptr<net::URLRequest> request = |
- context->CreateRequest(upload_url_, net::DEFAULT_PRIORITY, this, NULL); |
+ context->CreateRequest(upload_url, net::DEFAULT_PRIORITY, this, NULL); |
request->SetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES | |
net::LOAD_DO_NOT_SAVE_COOKIES); |
return request.Pass(); |
} |
void ChromeFraudulentCertificateReporter::SendReport( |
+ ReportType type, |
const std::string& hostname, |
const net::SSLInfo& ssl_info) { |
+ if (type == REPORT_TYPE_EXTENDED_REPORTING) { |
+ // TODO(estark): Double-check that the user is opted in. |
+ |
+ // TODO(estark): Temporarily, since there is no upload endpoint, just log |
+ // the information. |
+ LOG(ERROR) << "SSL report for " << hostname << ":\n" |
mattm
2015/03/04 02:58:41
This dumps a serialized protobuf to the log? I thi
estark
2015/03/12 22:22:21
Changed to DVLOG(3).
mattm
2015/03/17 20:58:12
I still question the wisdom of logging binary data
estark
2015/03/18 15:57:18
Ok, I changed it to just log the hostname. We don'
|
+ << BuildReport(hostname, ssl_info) << "\n\n"; |
+ return; |
+ } |
+ |
// We do silent/automatic reporting ONLY for Google properties. For other |
// domains (when we start supporting that), we will ask for user permission. |
if (!net::TransportSecurityState::IsGooglePinnedProperty(hostname)) { |
@@ -80,7 +96,8 @@ void ChromeFraudulentCertificateReporter::SendReport( |
std::string report = BuildReport(hostname, ssl_info); |
- scoped_ptr<net::URLRequest> url_request = CreateURLRequest(request_context_); |
+ scoped_ptr<net::URLRequest> url_request = |
+ CreateURLRequest(request_context_, pinning_violation_upload_url_); |
url_request->set_method("POST"); |
scoped_ptr<net::UploadElementReader> reader( |