summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-04-15 02:32:23 +0000
committerwtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-04-15 02:32:23 +0000
commit7c37a7b1ae7ff1df70303891757b09288a5ec743 (patch)
tree859344316fb63f9b45f39407b734cdf2282a91b0
parent8bb2fd7c8896ed389c6414f709381f641bdcd4f8 (diff)
downloadchromium_src-7c37a7b1ae7ff1df70303891757b09288a5ec743.zip
chromium_src-7c37a7b1ae7ff1df70303891757b09288a5ec743.tar.gz
chromium_src-7c37a7b1ae7ff1df70303891757b09288a5ec743.tar.bz2
Display the SECURITY_WARNING status in the location bar for the
ERR_CERT_UNABLE_TO_CHECK_REVOCATION certificate error. Do not display an info bar. Remove the unused ToolbarModel::GetIconHoverText function. R=pkasting,jcivelli BUG=27125 TEST=Visit port 452 on the chrometws server. Review URL: http://codereview.chromium.org/1653003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44611 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--chrome/app/generated_resources.grd3
-rw-r--r--chrome/browser/ssl/ssl_browser_tests.cc5
-rw-r--r--chrome/browser/ssl/ssl_policy.cc15
-rw-r--r--chrome/browser/toolbar_model.cc76
-rw-r--r--chrome/browser/toolbar_model.h14
5 files changed, 25 insertions, 88 deletions
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd
index 808164a..e7b9101 100644
--- a/chrome/app/generated_resources.grd
+++ b/chrome/app/generated_resources.grd
@@ -2454,9 +2454,6 @@ each locale. -->
<message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DETAILS" desc="Details for being unable to check revocation status of an X509 certificate">
Unable to check whether the server's certificate was revoked.
</message>
- <message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_INFO_BAR" desc="Info bar for being unable to check revocation status of an X509 certificate">
- Unable to check whether the server's certificate was revoked.
- </message>
<message name="IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_DESCRIPTION" desc="Description for being unable to check revocation status of an X509 certificate">
Server's certificate cannot be checked
</message>
diff --git a/chrome/browser/ssl/ssl_browser_tests.cc b/chrome/browser/ssl/ssl_browser_tests.cc
index fb3d447..d6ef458 100644
--- a/chrome/browser/ssl/ssl_browser_tests.cc
+++ b/chrome/browser/ssl/ssl_browser_tests.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -65,6 +65,9 @@ class SSLUITest : public InProcessBrowserTest {
entry->page_type());
EXPECT_EQ(SECURITY_STYLE_AUTHENTICATION_BROKEN,
entry->ssl().security_style());
+ // CERT_STATUS_UNABLE_TO_CHECK_REVOCATION doesn't lower the security style
+ // to SECURITY_STYLE_AUTHENTICATION_BROKEN.
+ ASSERT_NE(net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION, error);
EXPECT_EQ(error, entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS);
EXPECT_FALSE(entry->ssl().has_mixed_content());
EXPECT_FALSE(entry->ssl().has_unsafe_content());
diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc
index 2f21e5d..5f15772 100644
--- a/chrome/browser/ssl/ssl_policy.cc
+++ b/chrome/browser/ssl/ssl_policy.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
@@ -67,10 +67,9 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) {
handler->ContinueRequest();
break;
case net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
- // We ignore this error and display an infobar.
+ // We ignore this error but will show a warning status in the location
+ // bar.
handler->ContinueRequest();
- backend_->ShowMessage(l10n_util::GetString(
- IDS_CERT_ERROR_UNABLE_TO_CHECK_REVOCATION_INFO_BAR));
break;
case net::ERR_CERT_CONTAINS_ERRORS:
case net::ERR_CERT_REVOKED:
@@ -127,8 +126,12 @@ void SSLPolicy::UpdateEntry(NavigationEntry* entry) {
return;
}
- if (net::IsCertStatusError(entry->ssl().cert_status())) {
- entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
+ // If CERT_STATUS_UNABLE_TO_CHECK_REVOCATION is the only certificate error,
+ // don't lower the security style to SECURITY_STYLE_AUTHENTICATION_BROKEN.
+ int cert_errors = entry->ssl().cert_status() & net::CERT_STATUS_ALL_ERRORS;
+ if (cert_errors) {
+ if (cert_errors != net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION)
+ entry->ssl().set_security_style(SECURITY_STYLE_AUTHENTICATION_BROKEN);
return;
}
diff --git a/chrome/browser/toolbar_model.cc b/chrome/browser/toolbar_model.cc
index eeae184..9e79335 100644
--- a/chrome/browser/toolbar_model.cc
+++ b/chrome/browser/toolbar_model.cc
@@ -81,6 +81,11 @@ ToolbarModel::SecurityLevel ToolbarModel::GetSecurityLevel() const {
case SECURITY_STYLE_AUTHENTICATED:
if (ssl.has_mixed_content())
return SECURITY_WARNING;
+ if (net::IsCertStatusError(ssl.cert_status())) {
+ DCHECK_EQ(ssl.cert_status() & net::CERT_STATUS_ALL_ERRORS,
+ net::CERT_STATUS_UNABLE_TO_CHECK_REVOCATION);
+ return SECURITY_WARNING;
+ }
if ((ssl.cert_status() & net::CERT_STATUS_IS_EV) &&
CertStore::GetSharedInstance()->RetrieveCert(ssl.cert_id(), NULL))
return EV_SECURE;
@@ -104,45 +109,6 @@ int ToolbarModel::GetIcon() const {
return icon_ids[GetSecurityLevel()];
}
-void ToolbarModel::GetIconHoverText(std::wstring* text) const {
- DCHECK(text);
- text->clear();
-
- switch (GetSecurityLevel()) {
- case NONE:
- // There's no security icon, and thus no hover text.
- return;
-
- case EV_SECURE:
- case SECURE: {
- // Note: Navigation controller and active entry are guaranteed non-NULL or
- // the security level would be NONE.
- GURL url(GetNavigationController()->GetActiveEntry()->url());
- DCHECK(url.has_host());
- *text = l10n_util::GetStringF(IDS_SECURE_CONNECTION,
- UTF8ToWide(url.host()));
- return;
- }
-
- case SECURITY_WARNING:
- *text = SSLErrorInfo::CreateError(SSLErrorInfo::MIXED_CONTENTS, NULL,
- GURL()).short_description();
- return;
-
- case SECURITY_ERROR:
- // See note above.
- CreateErrorText(GetNavigationController()->GetActiveEntry(), text);
- // If the authentication is broken, we should always have at least one
- // error.
- DCHECK(!text->empty());
- return;
-
- default:
- NOTREACHED();
- return;
- }
-}
-
std::wstring ToolbarModel::GetSecurityInfoText() const {
switch (GetSecurityLevel()) {
case NONE:
@@ -152,7 +118,8 @@ std::wstring ToolbarModel::GetSecurityInfoText() const {
case EV_SECURE: {
scoped_refptr<net::X509Certificate> cert;
- // See note in GetIconHoverText().
+ // Note: Navigation controller and active entry are guaranteed non-NULL
+ // or the security level would be NONE.
CertStore::GetSharedInstance()->RetrieveCert(
GetNavigationController()->GetActiveEntry()->ssl().cert_id(),
&cert);
@@ -175,32 +142,3 @@ NavigationController* ToolbarModel::GetNavigationController() const {
TabContents* current_tab = browser_->GetSelectedTabContents();
return current_tab ? &current_tab->controller() : NULL;
}
-
-void ToolbarModel::CreateErrorText(NavigationEntry* entry,
- std::wstring* text) const {
- const NavigationEntry::SSLStatus& ssl = entry->ssl();
- std::vector<SSLErrorInfo> errors;
- SSLErrorInfo::GetErrorsForCertStatus(ssl.cert_id(), ssl.cert_status(),
- entry->url(), &errors);
- if (ssl.has_mixed_content()) {
- errors.push_back(SSLErrorInfo::CreateError(SSLErrorInfo::MIXED_CONTENTS,
- NULL, GURL()));
- }
- if (ssl.has_unsafe_content()) {
- errors.push_back(SSLErrorInfo::CreateError(SSLErrorInfo::UNSAFE_CONTENTS,
- NULL, GURL()));
- }
-
- if (errors.empty()) {
- text->clear();
- } else if (errors.size() == 1) {
- *text = errors[0].short_description();
- } else {
- // Multiple errors.
- *text = l10n_util::GetString(IDS_SEVERAL_SSL_ERRORS);
- for (size_t i = 0; i < errors.size(); ++i) {
- text->append(L"\n");
- text->append(errors[i].short_description());
- }
- }
-}
diff --git a/chrome/browser/toolbar_model.h b/chrome/browser/toolbar_model.h
index 865d39d..96a48e5 100644
--- a/chrome/browser/toolbar_model.h
+++ b/chrome/browser/toolbar_model.h
@@ -18,11 +18,15 @@ class NavigationEntry;
// from the navigation controller returned by GetNavigationController().
class ToolbarModel {
public:
+ // TODO(wtc): unify ToolbarModel::SecurityLevel with SecurityStyle. We
+ // don't need two sets of security UI levels. SECURITY_STYLE_AUTHENTICATED
+ // needs to be refined into three levels: warning, standard, and EV.
enum SecurityLevel {
NONE = 0, // HTTP/no URL/user is editing
EV_SECURE, // HTTPS with valid EV cert
SECURE, // HTTPS (non-EV)
- SECURITY_WARNING, // HTTPS, but with mixed content on the page
+ SECURITY_WARNING, // HTTPS, but unable to check certificate revocation
+ // status or with mixed content on the page
SECURITY_ERROR, // Attempted HTTPS and failed, page not authenticated
NUM_SECURITY_LEVELS,
};
@@ -41,10 +45,6 @@ class ToolbarModel {
// user is editing; see AutocompleteEditView::GetIcon().
int GetIcon() const;
- // Sets the text displayed in the info bubble that appears when the user
- // hovers the mouse over the icon.
- void GetIconHoverText(std::wstring* text) const;
-
// Returns the text, if any, that should be displayed on the right of the
// location bar.
std::wstring GetSecurityInfoText() const;
@@ -60,10 +60,6 @@ class ToolbarModel {
// If this returns NULL, default values are used.
NavigationController* GetNavigationController() const;
- // Builds a short error message from the SSL status code found in |entry|.
- // The message is set in |text|.
- void CreateErrorText(NavigationEntry* entry, std::wstring* text) const;
-
Browser* browser_;
// Whether the text in the location bar is currently being edited.