summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpalmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-06-13 06:48:11 +0000
committerpalmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2013-06-13 06:48:11 +0000
commitb1c988bcd7869765e1bd56e592787af123340516 (patch)
tree3aafa3d0ddd90d90e059c0a38dd2d7a465fc81c1
parent9dcdbbef52460de45070d815eb1ad735d120ae07 (diff)
downloadchromium_src-b1c988bcd7869765e1bd56e592787af123340516.zip
chromium_src-b1c988bcd7869765e1bd56e592787af123340516.tar.gz
chromium_src-b1c988bcd7869765e1bd56e592787af123340516.tar.bz2
Give more request types a TransportSecurityState.
DCHECK on NULL TransportSecurityState, as a precursor to a real CHECK. It should be an error to try to connect with an SSL client socket without having a live TSS. BUG=246724 Review URL: https://chromiumcodereview.appspot.com/16501002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206013 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat
-rw-r--r--chrome/browser/chromeos/web_socket_proxy.cc5
-rw-r--r--chrome/browser/net/connection_tester.cc3
-rw-r--r--chrome/browser/net/connection_tester_unittest.cc6
-rw-r--r--chrome/service/net/service_url_request_context.cc1
-rw-r--r--content/browser/renderer_host/pepper/pepper_message_filter.cc7
-rw-r--r--content/browser/renderer_host/pepper/pepper_message_filter.h5
-rw-r--r--content/browser/renderer_host/pepper/pepper_tcp_socket.cc1
-rw-r--r--content/shell/shell_url_request_context_getter.cc4
-rw-r--r--jingle/glue/chrome_async_socket_unittest.cc6
-rw-r--r--jingle/glue/proxy_resolving_client_socket.cc4
-rw-r--r--net/http/http_network_layer_unittest.cc4
-rw-r--r--net/http/http_network_transaction_spdy2_unittest.cc2
-rw-r--r--net/http/http_network_transaction_spdy3_unittest.cc2
-rw-r--r--net/http/http_stream_factory_impl_unittest.cc5
-rw-r--r--net/http/transport_security_state.cc16
-rw-r--r--net/proxy/proxy_script_fetcher_impl_unittest.cc3
-rw-r--r--net/quic/quic_network_transaction_unittest.cc3
-rw-r--r--net/socket/ssl_client_socket_nss.cc3
-rw-r--r--net/socket/ssl_client_socket_openssl_unittest.cc6
-rw-r--r--net/socket/ssl_client_socket_pool_unittest.cc2
-rw-r--r--net/socket/ssl_client_socket_unittest.cc6
-rw-r--r--net/socket/ssl_server_socket_unittest.cc6
-rw-r--r--net/socket_stream/socket_stream.cc2
-rw-r--r--net/socket_stream/socket_stream.h1
-rw-r--r--net/spdy/spdy_test_util_common.cc6
-rw-r--r--net/spdy/spdy_test_util_common.h2
-rw-r--r--net/tools/fetch/fetch_client.cc4
-rw-r--r--net/url_request/url_request_test_util.cc4
-rw-r--r--net/url_request/url_request_unittest.cc1
-rw-r--r--remoting/host/url_request_context.cc1
-rw-r--r--remoting/protocol/ssl_hmac_channel_authenticator.cc3
-rw-r--r--remoting/protocol/ssl_hmac_channel_authenticator.h2
-rw-r--r--webkit/support/test_shell_request_context.cc3
33 files changed, 122 insertions, 7 deletions
diff --git a/chrome/browser/chromeos/web_socket_proxy.cc b/chrome/browser/chromeos/web_socket_proxy.cc
index 3c4d56b8..743da0a 100644
--- a/chrome/browser/chromeos/web_socket_proxy.cc
+++ b/chrome/browser/chromeos/web_socket_proxy.cc
@@ -54,6 +54,7 @@
#include "net/base/io_buffer.h"
#include "net/base/net_errors.h"
#include "net/cert/cert_verifier.h"
+#include "net/http/transport_security_state.h"
#include "net/socket/client_socket_factory.h"
#include "net/socket/client_socket_handle.h"
#include "net/socket/ssl_client_socket.h"
@@ -617,6 +618,9 @@ class SSLChan : public base::MessageLoopForIO::Watcher {
if (!cert_verifier_.get())
cert_verifier_.reset(net::CertVerifier::CreateDefault());
ssl_context.cert_verifier = cert_verifier_.get();
+ if (!transport_security_state_.get())
+ transport_security_state_.reset(new net::TransportSecurityState);
+ ssl_context.transport_security_state = transport_security_state_.get();
socket_.reset(factory->CreateSSLClientSocket(
handle, host_port_pair_, ssl_config_, ssl_context));
if (!socket_.get()) {
@@ -781,6 +785,7 @@ class SSLChan : public base::MessageLoopForIO::Watcher {
scoped_ptr<net::StreamSocket> socket_;
net::HostPortPair host_port_pair_;
scoped_ptr<net::CertVerifier> cert_verifier_;
+ scoped_ptr<net::TransportSecurityState> transport_security_state_;
net::SSLConfig ssl_config_;
IOBufferQueue inbound_stream_;
IOBufferQueue outbound_stream_;
diff --git a/chrome/browser/net/connection_tester.cc b/chrome/browser/net/connection_tester.cc
index 6725699..43755d0 100644
--- a/chrome/browser/net/connection_tester.cc
+++ b/chrome/browser/net/connection_tester.cc
@@ -25,6 +25,7 @@
#include "net/http/http_cache.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties_impl.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/dhcp_proxy_script_fetcher_factory.h"
#include "net/proxy/proxy_config_service_fixed.h"
#include "net/proxy/proxy_script_fetcher_impl.h"
@@ -108,6 +109,7 @@ class ExperimentURLRequestContext : public net::URLRequestContext {
// The rest of the dependencies are standard, and don't depend on the
// experiment being run.
storage_.set_cert_verifier(net::CertVerifier::CreateDefault());
+ storage_.set_transport_security_state(new net::TransportSecurityState);
storage_.set_ssl_config_service(new net::SSLConfigServiceDefaults);
storage_.set_http_auth_handler_factory(
net::HttpAuthHandlerFactory::CreateDefault(host_resolver()));
@@ -116,6 +118,7 @@ class ExperimentURLRequestContext : public net::URLRequestContext {
net::HttpNetworkSession::Params session_params;
session_params.host_resolver = host_resolver();
session_params.cert_verifier = cert_verifier();
+ session_params.transport_security_state = transport_security_state();
session_params.proxy_service = proxy_service();
session_params.ssl_config_service = ssl_config_service();
session_params.http_auth_handler_factory = http_auth_handler_factory();
diff --git a/chrome/browser/net/connection_tester_unittest.cc b/chrome/browser/net/connection_tester_unittest.cc
index ac4fa23..5d87aa1 100644
--- a/chrome/browser/net/connection_tester_unittest.cc
+++ b/chrome/browser/net/connection_tester_unittest.cc
@@ -14,6 +14,7 @@
#include "net/http/http_network_layer.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties_impl.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/proxy_config_service_fixed.h"
#include "net/proxy/proxy_service.h"
#include "net/ssl/ssl_config_service_defaults.h"
@@ -109,6 +110,7 @@ class ConnectionTesterTest : public PlatformTest {
ConnectionTesterDelegate test_delegate_;
net::MockHostResolver host_resolver_;
scoped_ptr<net::CertVerifier> cert_verifier_;
+ scoped_ptr<net::TransportSecurityState> transport_security_state_;
scoped_ptr<net::ProxyService> proxy_service_;
scoped_refptr<net::SSLConfigService> ssl_config_service_;
scoped_ptr<net::HttpTransactionFactory> http_transaction_factory_;
@@ -120,7 +122,10 @@ class ConnectionTesterTest : public PlatformTest {
void InitializeRequestContext() {
proxy_script_fetcher_context_->set_host_resolver(&host_resolver_);
cert_verifier_.reset(new net::MockCertVerifier);
+ transport_security_state_.reset(new net::TransportSecurityState);
proxy_script_fetcher_context_->set_cert_verifier(cert_verifier_.get());
+ proxy_script_fetcher_context_->set_transport_security_state(
+ transport_security_state_.get());
proxy_script_fetcher_context_->set_http_auth_handler_factory(
&http_auth_handler_factory_);
proxy_service_.reset(net::ProxyService::CreateDirect());
@@ -129,6 +134,7 @@ class ConnectionTesterTest : public PlatformTest {
net::HttpNetworkSession::Params session_params;
session_params.host_resolver = &host_resolver_;
session_params.cert_verifier = cert_verifier_.get();
+ session_params.transport_security_state = transport_security_state_.get();
session_params.http_auth_handler_factory = &http_auth_handler_factory_;
session_params.ssl_config_service = ssl_config_service_.get();
session_params.proxy_service = proxy_service_.get();
diff --git a/chrome/service/net/service_url_request_context.cc b/chrome/service/net/service_url_request_context.cc
index 6484a56..a316dac 100644
--- a/chrome/service/net/service_url_request_context.cc
+++ b/chrome/service/net/service_url_request_context.cc
@@ -123,6 +123,7 @@ ServiceURLRequestContext::ServiceURLRequestContext(
net::HttpNetworkSession::Params session_params;
session_params.host_resolver = host_resolver();
session_params.cert_verifier = cert_verifier();
+ session_params.transport_security_state = transport_security_state();
session_params.proxy_service = proxy_service();
session_params.ssl_config_service = ssl_config_service();
session_params.http_auth_handler_factory = http_auth_handler_factory();
diff --git a/content/browser/renderer_host/pepper/pepper_message_filter.cc b/content/browser/renderer_host/pepper/pepper_message_filter.cc
index 328c4ec..d423a89 100644
--- a/content/browser/renderer_host/pepper/pepper_message_filter.cc
+++ b/content/browser/renderer_host/pepper/pepper_message_filter.cc
@@ -159,6 +159,13 @@ net::CertVerifier* PepperMessageFilter::GetCertVerifier() {
return cert_verifier_.get();
}
+net::TransportSecurityState* PepperMessageFilter::GetTransportSecurityState() {
+ if (!transport_security_state_)
+ transport_security_state_.reset(new net::TransportSecurityState);
+
+ return transport_security_state_.get();
+}
+
uint32 PepperMessageFilter::AddAcceptedTCPSocket(
int32 routing_id,
uint32 plugin_dispatcher_id,
diff --git a/content/browser/renderer_host/pepper/pepper_message_filter.h b/content/browser/renderer_host/pepper/pepper_message_filter.h
index cb8f0e0..a745768 100644
--- a/content/browser/renderer_host/pepper/pepper_message_filter.h
+++ b/content/browser/renderer_host/pepper/pepper_message_filter.h
@@ -20,6 +20,7 @@
#include "content/public/common/process_type.h"
#include "net/base/net_util.h"
#include "net/base/network_change_notifier.h"
+#include "net/http/transport_security_state.h"
#include "net/socket/stream_socket.h"
#include "net/ssl/ssl_config_service.h"
#include "ppapi/c/pp_resource.h"
@@ -88,6 +89,7 @@ class PepperMessageFilter
net::HostResolver* GetHostResolver();
net::CertVerifier* GetCertVerifier();
+ net::TransportSecurityState* GetTransportSecurityState();
// Adds already accepted socket to the internal TCP sockets table. Takes
// ownership over |socket|. In the case of failure (full socket table)
@@ -217,6 +219,9 @@ class PepperMessageFilter
net::SSLConfig ssl_config_;
// This is lazily created. Users should use GetCertVerifier to retrieve it.
scoped_ptr<net::CertVerifier> cert_verifier_;
+ // This is lazily created. Users should use GetTransportSecurityState to
+ // retrieve it.
+ scoped_ptr<net::TransportSecurityState> transport_security_state_;
uint32 next_socket_id_;
diff --git a/content/browser/renderer_host/pepper/pepper_tcp_socket.cc b/content/browser/renderer_host/pepper/pepper_tcp_socket.cc
index 5a7153c..1f58e08 100644
--- a/content/browser/renderer_host/pepper/pepper_tcp_socket.cc
+++ b/content/browser/renderer_host/pepper/pepper_tcp_socket.cc
@@ -138,6 +138,7 @@ void PepperTCPSocket::SSLHandshake(
net::HostPortPair host_port_pair(server_name, server_port);
net::SSLClientSocketContext ssl_context;
ssl_context.cert_verifier = manager_->GetCertVerifier();
+ ssl_context.transport_security_state = manager_->GetTransportSecurityState();
socket_.reset(factory->CreateSSLClientSocket(
handle, host_port_pair, manager_->ssl_config(), ssl_context));
if (!socket_) {
diff --git a/content/shell/shell_url_request_context_getter.cc b/content/shell/shell_url_request_context_getter.cc
index eabc762..7e2719d 100644
--- a/content/shell/shell_url_request_context_getter.cc
+++ b/content/shell/shell_url_request_context_getter.cc
@@ -24,6 +24,7 @@
#include "net/http/http_cache.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties_impl.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/proxy_service.h"
#include "net/ssl/default_server_bound_cert_store.h"
#include "net/ssl/server_bound_cert_service.h"
@@ -107,6 +108,7 @@ net::URLRequestContext* ShellURLRequestContextGetter::GetURLRequestContext() {
net::HostResolver::CreateDefaultResolver(NULL));
storage_->set_cert_verifier(net::CertVerifier::CreateDefault());
+ storage_->set_transport_security_state(new net::TransportSecurityState);
if (command_line.HasSwitch(switches::kDumpRenderTree)) {
storage_->set_proxy_service(net::ProxyService::CreateDirect());
} else {
@@ -135,6 +137,8 @@ net::URLRequestContext* ShellURLRequestContextGetter::GetURLRequestContext() {
net::HttpNetworkSession::Params network_session_params;
network_session_params.cert_verifier =
url_request_context_->cert_verifier();
+ network_session_params.transport_security_state =
+ url_request_context_->transport_security_state();
network_session_params.server_bound_cert_service =
url_request_context_->server_bound_cert_service();
network_session_params.proxy_service =
diff --git a/jingle/glue/chrome_async_socket_unittest.cc b/jingle/glue/chrome_async_socket_unittest.cc
index a6f1487..d493578 100644
--- a/jingle/glue/chrome_async_socket_unittest.cc
+++ b/jingle/glue/chrome_async_socket_unittest.cc
@@ -16,6 +16,7 @@
#include "net/base/net_errors.h"
#include "net/base/net_util.h"
#include "net/cert/mock_cert_verifier.h"
+#include "net/http/transport_security_state.h"
#include "net/socket/socket_test_util.h"
#include "net/socket/ssl_client_socket.h"
#include "net/ssl/ssl_config_service.h"
@@ -107,7 +108,8 @@ class MockXmppClientSocketFactory : public ResolvingClientSocketFactory {
const net::AddressList& address_list)
: mock_client_socket_factory_(mock_client_socket_factory),
address_list_(address_list),
- cert_verifier_(new net::MockCertVerifier) {
+ cert_verifier_(new net::MockCertVerifier),
+ transport_security_state_(new net::TransportSecurityState) {
}
// ResolvingClientSocketFactory implementation.
@@ -122,6 +124,7 @@ class MockXmppClientSocketFactory : public ResolvingClientSocketFactory {
const net::HostPortPair& host_and_port) OVERRIDE {
net::SSLClientSocketContext context;
context.cert_verifier = cert_verifier_.get();
+ context.transport_security_state = transport_security_state_.get();
return mock_client_socket_factory_->CreateSSLClientSocket(
transport_socket, host_and_port, ssl_config_, context);
}
@@ -131,6 +134,7 @@ class MockXmppClientSocketFactory : public ResolvingClientSocketFactory {
net::AddressList address_list_;
net::SSLConfig ssl_config_;
scoped_ptr<net::CertVerifier> cert_verifier_;
+ scoped_ptr<net::TransportSecurityState> transport_security_state_;
};
class ChromeAsyncSocketTest
diff --git a/jingle/glue/proxy_resolving_client_socket.cc b/jingle/glue/proxy_resolving_client_socket.cc
index 23ad12d..d63411b 100644
--- a/jingle/glue/proxy_resolving_client_socket.cc
+++ b/jingle/glue/proxy_resolving_client_socket.cc
@@ -54,10 +54,10 @@ ProxyResolvingClientSocket::ProxyResolvingClientSocket(
session_params.client_socket_factory = socket_factory;
session_params.host_resolver = request_context->host_resolver();
session_params.cert_verifier = request_context->cert_verifier();
+ session_params.transport_security_state =
+ request_context->transport_security_state();
// TODO(rkn): This is NULL because ServerBoundCertService is not thread safe.
session_params.server_bound_cert_service = NULL;
- // transport_security_state is NULL because it's not thread safe.
- session_params.transport_security_state = NULL;
session_params.proxy_service = request_context->proxy_service();
session_params.ssl_config_service = request_context->ssl_config_service();
session_params.http_auth_handler_factory =
diff --git a/net/http/http_network_layer_unittest.cc b/net/http/http_network_layer_unittest.cc
index 36598b0..16815c7 100644
--- a/net/http/http_network_layer_unittest.cc
+++ b/net/http/http_network_layer_unittest.cc
@@ -11,6 +11,7 @@
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties_impl.h"
#include "net/http/http_transaction_unittest.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/proxy_service.h"
#include "net/socket/socket_test_util.h"
#include "net/spdy/spdy_session_pool.h"
@@ -32,11 +33,13 @@ class HttpNetworkLayerTest : public PlatformTest {
void ConfigureTestDependencies(ProxyService* proxy_service) {
cert_verifier_.reset(new MockCertVerifier);
+ transport_security_state_.reset(new TransportSecurityState);
proxy_service_.reset(proxy_service);
HttpNetworkSession::Params session_params;
session_params.client_socket_factory = &mock_socket_factory_;
session_params.host_resolver = &host_resolver_;
session_params.cert_verifier = cert_verifier_.get();
+ session_params.transport_security_state = transport_security_state_.get();
session_params.proxy_service = proxy_service_.get();
session_params.ssl_config_service = ssl_config_service_.get();
session_params.http_server_properties = &http_server_properties_;
@@ -47,6 +50,7 @@ class HttpNetworkLayerTest : public PlatformTest {
MockClientSocketFactory mock_socket_factory_;
MockHostResolver host_resolver_;
scoped_ptr<CertVerifier> cert_verifier_;
+ scoped_ptr<TransportSecurityState> transport_security_state_;
scoped_ptr<ProxyService> proxy_service_;
const scoped_refptr<SSLConfigService> ssl_config_service_;
scoped_refptr<HttpNetworkSession> network_session_;
diff --git a/net/http/http_network_transaction_spdy2_unittest.cc b/net/http/http_network_transaction_spdy2_unittest.cc
index 6e03d84..e2976f1 100644
--- a/net/http/http_network_transaction_spdy2_unittest.cc
+++ b/net/http/http_network_transaction_spdy2_unittest.cc
@@ -8843,6 +8843,8 @@ TEST_F(HttpNetworkTransactionSpdy2Test,
scoped_ptr<ClientSocketHandle> ssl_connection(new ClientSocketHandle);
SSLClientSocketContext context;
context.cert_verifier = session_deps_.cert_verifier.get();
+ context.transport_security_state =
+ session_deps_.transport_security_state.get();
ssl_connection->set_socket(
session_deps_.socket_factory->CreateSSLClientSocket(
connection.release(),
diff --git a/net/http/http_network_transaction_spdy3_unittest.cc b/net/http/http_network_transaction_spdy3_unittest.cc
index ee98333..c4055c9 100644
--- a/net/http/http_network_transaction_spdy3_unittest.cc
+++ b/net/http/http_network_transaction_spdy3_unittest.cc
@@ -8826,6 +8826,8 @@ TEST_F(HttpNetworkTransactionSpdy3Test,
scoped_ptr<ClientSocketHandle> ssl_connection(new ClientSocketHandle);
SSLClientSocketContext context;
context.cert_verifier = session_deps_.cert_verifier.get();
+ context.transport_security_state =
+ session_deps_.transport_security_state.get();
ssl_connection->set_socket(
session_deps_.socket_factory->CreateSSLClientSocket(
connection.release(),
diff --git a/net/http/http_stream_factory_impl_unittest.cc b/net/http/http_stream_factory_impl_unittest.cc
index 6f4e6ea..0200b8f 100644
--- a/net/http/http_stream_factory_impl_unittest.cc
+++ b/net/http/http_stream_factory_impl_unittest.cc
@@ -18,6 +18,7 @@
#include "net/http/http_request_info.h"
#include "net/http/http_server_properties_impl.h"
#include "net/http/http_stream.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/proxy_info.h"
#include "net/proxy/proxy_service.h"
#include "net/socket/mock_client_socket_pool_manager.h"
@@ -131,6 +132,7 @@ struct SessionDependencies {
explicit SessionDependencies(ProxyService* proxy_service)
: host_resolver(new MockHostResolver),
cert_verifier(new MockCertVerifier),
+ transport_security_state(new TransportSecurityState),
proxy_service(proxy_service),
ssl_config_service(new SSLConfigServiceDefaults),
http_auth_handler_factory(
@@ -139,6 +141,7 @@ struct SessionDependencies {
scoped_ptr<MockHostResolverBase> host_resolver;
scoped_ptr<CertVerifier> cert_verifier;
+ scoped_ptr<TransportSecurityState> transport_security_state;
scoped_ptr<ProxyService> proxy_service;
scoped_refptr<SSLConfigService> ssl_config_service;
MockClientSocketFactory socket_factory;
@@ -151,6 +154,8 @@ HttpNetworkSession* CreateSession(SessionDependencies* session_deps) {
HttpNetworkSession::Params params;
params.host_resolver = session_deps->host_resolver.get();
params.cert_verifier = session_deps->cert_verifier.get();
+ params.transport_security_state =
+ session_deps->transport_security_state.get();
params.proxy_service = session_deps->proxy_service.get();
params.ssl_config_service = session_deps->ssl_config_service.get();
params.client_socket_factory = &session_deps->socket_factory;
diff --git a/net/http/transport_security_state.cc b/net/http/transport_security_state.cc
index 06d08b51..f7ed7e8 100644
--- a/net/http/transport_security_state.cc
+++ b/net/http/transport_security_state.cc
@@ -85,6 +85,7 @@ bool AddHash(const char* sha1_hash,
TransportSecurityState::TransportSecurityState()
: delegate_(NULL) {
+ DCHECK(CalledOnValidThread());
}
TransportSecurityState::Iterator::Iterator(const TransportSecurityState& state)
@@ -96,6 +97,7 @@ TransportSecurityState::Iterator::~Iterator() {}
void TransportSecurityState::SetDelegate(
TransportSecurityState::Delegate* delegate) {
+ DCHECK(CalledOnValidThread());
delegate_ = delegate;
}
@@ -198,6 +200,7 @@ bool TransportSecurityState::GetDomainState(const std::string& host,
}
void TransportSecurityState::ClearDynamicData() {
+ DCHECK(CalledOnValidThread());
enabled_hosts_.clear();
}
@@ -220,7 +223,9 @@ void TransportSecurityState::DeleteAllDynamicDataSince(const base::Time& time) {
DirtyNotify();
}
-TransportSecurityState::~TransportSecurityState() {}
+TransportSecurityState::~TransportSecurityState() {
+ DCHECK(CalledOnValidThread());
+}
void TransportSecurityState::DirtyNotify() {
DCHECK(CalledOnValidThread());
@@ -615,6 +620,8 @@ static const struct HSTSPreload* GetHSTSPreload(
bool TransportSecurityState::AddHSTSHeader(const std::string& host,
const std::string& value) {
+ DCHECK(CalledOnValidThread());
+
base::Time now = base::Time::Now();
base::TimeDelta max_age;
TransportSecurityState::DomainState domain_state;
@@ -635,6 +642,8 @@ bool TransportSecurityState::AddHSTSHeader(const std::string& host,
bool TransportSecurityState::AddHPKPHeader(const std::string& host,
const std::string& value,
const SSLInfo& ssl_info) {
+ DCHECK(CalledOnValidThread());
+
base::Time now = base::Time::Now();
base::TimeDelta max_age;
TransportSecurityState::DomainState domain_state;
@@ -653,6 +662,8 @@ bool TransportSecurityState::AddHPKPHeader(const std::string& host,
bool TransportSecurityState::AddHSTS(const std::string& host,
const base::Time& expiry,
bool include_subdomains) {
+ DCHECK(CalledOnValidThread());
+
// Copy-and-modify the existing DomainState for this host (if any).
TransportSecurityState::DomainState domain_state;
const std::string canonicalized_host = CanonicalizeHost(host);
@@ -674,6 +685,8 @@ bool TransportSecurityState::AddHPKP(const std::string& host,
const base::Time& expiry,
bool include_subdomains,
const HashValueVector& hashes) {
+ DCHECK(CalledOnValidThread());
+
// Copy-and-modify the existing DomainState for this host (if any).
TransportSecurityState::DomainState domain_state;
const std::string canonicalized_host = CanonicalizeHost(host);
@@ -778,6 +791,7 @@ bool TransportSecurityState::GetStaticDomainState(
void TransportSecurityState::AddOrUpdateEnabledHosts(
const std::string& hashed_host, const DomainState& state) {
+ DCHECK(CalledOnValidThread());
enabled_hosts_[hashed_host] = state;
}
diff --git a/net/proxy/proxy_script_fetcher_impl_unittest.cc b/net/proxy/proxy_script_fetcher_impl_unittest.cc
index b4f1f7a..1c89b3c 100644
--- a/net/proxy/proxy_script_fetcher_impl_unittest.cc
+++ b/net/proxy/proxy_script_fetcher_impl_unittest.cc
@@ -19,6 +19,7 @@
#include "net/http/http_cache.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties_impl.h"
+#include "net/http/transport_security_state.h"
#include "net/ssl/ssl_config_service_defaults.h"
#include "net/test/spawned_test_server/spawned_test_server.h"
#include "net/url_request/file_protocol_handler.h"
@@ -52,6 +53,7 @@ class RequestContext : public URLRequestContext {
ProxyConfig no_proxy;
storage_.set_host_resolver(scoped_ptr<HostResolver>(new MockHostResolver));
storage_.set_cert_verifier(new MockCertVerifier);
+ storage_.set_transport_security_state(new TransportSecurityState);
storage_.set_proxy_service(ProxyService::CreateFixed(no_proxy));
storage_.set_ssl_config_service(new SSLConfigServiceDefaults);
storage_.set_http_server_properties(new HttpServerPropertiesImpl);
@@ -59,6 +61,7 @@ class RequestContext : public URLRequestContext {
HttpNetworkSession::Params params;
params.host_resolver = host_resolver();
params.cert_verifier = cert_verifier();
+ params.transport_security_state = transport_security_state();
params.proxy_service = proxy_service();
params.ssl_config_service = ssl_config_service();
params.http_server_properties = http_server_properties();
diff --git a/net/quic/quic_network_transaction_unittest.cc b/net/quic/quic_network_transaction_unittest.cc
index 72fa6ce..d93032c 100644
--- a/net/quic/quic_network_transaction_unittest.cc
+++ b/net/quic/quic_network_transaction_unittest.cc
@@ -18,6 +18,7 @@
#include "net/http/http_stream.h"
#include "net/http/http_stream_factory.h"
#include "net/http/http_transaction_unittest.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/proxy_config_service_fixed.h"
#include "net/proxy/proxy_resolver.h"
#include "net/proxy/proxy_service.h"
@@ -225,6 +226,7 @@ class QuicNetworkTransactionTest : public PlatformTest {
params_.quic_crypto_client_stream_factory = &crypto_client_stream_factory_;
params_.host_resolver = &host_resolver_;
params_.cert_verifier = &cert_verifier_;
+ params_.transport_security_state = &transport_security_state_;
params_.proxy_service = proxy_service_.get();
params_.ssl_config_service = ssl_config_service_.get();
params_.http_auth_handler_factory = auth_handler_factory_.get();
@@ -315,6 +317,7 @@ class QuicNetworkTransactionTest : public PlatformTest {
MockClock* clock_; // Owned by QuicStreamFactory after CreateSession.
MockHostResolver host_resolver_;
MockCertVerifier cert_verifier_;
+ TransportSecurityState transport_security_state_;
scoped_refptr<SSLConfigServiceDefaults> ssl_config_service_;
scoped_ptr<ProxyService> proxy_service_;
scoped_ptr<QuicSpdyCompressor> compressor_;
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index c37d690..54758e2 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -2935,6 +2935,9 @@ SSLClientSocketNSS::GetNextProto(std::string* proto,
int SSLClientSocketNSS::Connect(const CompletionCallback& callback) {
EnterFunction("");
DCHECK(transport_.get());
+ // It is an error to create an SSLClientSocket whose context has no
+ // TransportSecurityState.
+ DCHECK(transport_security_state_);
DCHECK_EQ(STATE_NONE, next_handshake_state_);
DCHECK(user_connect_callback_.is_null());
DCHECK(!callback.is_null());
diff --git a/net/socket/ssl_client_socket_openssl_unittest.cc b/net/socket/ssl_client_socket_openssl_unittest.cc
index 80f7a8f..7a37cdc 100644
--- a/net/socket/ssl_client_socket_openssl_unittest.cc
+++ b/net/socket/ssl_client_socket_openssl_unittest.cc
@@ -29,6 +29,7 @@
#include "net/cert/mock_cert_verifier.h"
#include "net/cert/test_root_certs.h"
#include "net/dns/host_resolver.h"
+#include "net/http/transport_security_state.h"
#include "net/socket/client_socket_factory.h"
#include "net/socket/client_socket_handle.h"
#include "net/socket/socket_test_util.h"
@@ -93,9 +94,11 @@ class SSLClientSocketOpenSSLClientAuthTest : public PlatformTest {
public:
SSLClientSocketOpenSSLClientAuthTest()
: socket_factory_(net::ClientSocketFactory::GetDefaultFactory()),
- cert_verifier_(new net::MockCertVerifier) {
+ cert_verifier_(new net::MockCertVerifier),
+ transport_security_state_(new net::TransportSecurityState) {
cert_verifier_->set_default_result(net::OK);
context_.cert_verifier = cert_verifier_.get();
+ context_.transport_security_state = transport_security_state_.get();
key_store_ = net::OpenSSLClientKeyStore::GetInstance();
}
@@ -185,6 +188,7 @@ class SSLClientSocketOpenSSLClientAuthTest : public PlatformTest {
ClientSocketFactory* socket_factory_;
scoped_ptr<MockCertVerifier> cert_verifier_;
+ scoped_ptr<TransportSecurityState> transport_security_state_;
SSLClientSocketContext context_;
OpenSSLClientKeyStore* key_store_;
scoped_ptr<SpawnedTestServer> test_server_;
diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc
index 1801d3c..db37ebd 100644
--- a/net/socket/ssl_client_socket_pool_unittest.cc
+++ b/net/socket/ssl_client_socket_pool_unittest.cc
@@ -181,6 +181,7 @@ class SSLClientSocketPoolTest : public testing::Test {
HttpNetworkSession::Params params;
params.host_resolver = &host_resolver_;
params.cert_verifier = cert_verifier_.get();
+ params.transport_security_state = transport_security_state_.get();
params.proxy_service = proxy_service_.get();
params.client_socket_factory = &socket_factory_;
params.ssl_config_service = ssl_config_service_.get();
@@ -195,6 +196,7 @@ class SSLClientSocketPoolTest : public testing::Test {
MockClientSocketFactory socket_factory_;
MockCachingHostResolver host_resolver_;
scoped_ptr<CertVerifier> cert_verifier_;
+ scoped_ptr<TransportSecurityState> transport_security_state_;
const scoped_ptr<ProxyService> proxy_service_;
const scoped_refptr<SSLConfigService> ssl_config_service_;
const scoped_ptr<HttpAuthHandlerFactory> http_auth_handler_factory_;
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 1f1ab72..7042113 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -16,6 +16,7 @@
#include "net/cert/mock_cert_verifier.h"
#include "net/cert/test_root_certs.h"
#include "net/dns/host_resolver.h"
+#include "net/http/transport_security_state.h"
#include "net/socket/client_socket_factory.h"
#include "net/socket/client_socket_handle.h"
#include "net/socket/socket_test_util.h"
@@ -505,9 +506,11 @@ class SSLClientSocketTest : public PlatformTest {
public:
SSLClientSocketTest()
: socket_factory_(net::ClientSocketFactory::GetDefaultFactory()),
- cert_verifier_(new net::MockCertVerifier) {
+ cert_verifier_(new net::MockCertVerifier),
+ transport_security_state_(new net::TransportSecurityState) {
cert_verifier_->set_default_result(net::OK);
context_.cert_verifier = cert_verifier_.get();
+ context_.transport_security_state = transport_security_state_.get();
}
protected:
@@ -523,6 +526,7 @@ class SSLClientSocketTest : public PlatformTest {
net::ClientSocketFactory* socket_factory_;
scoped_ptr<net::MockCertVerifier> cert_verifier_;
+ scoped_ptr<net::TransportSecurityState> transport_security_state_;
net::SSLClientSocketContext context_;
};
diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc
index da388b9..959d6b3 100644
--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -37,6 +37,7 @@
#include "net/cert/cert_status_flags.h"
#include "net/cert/mock_cert_verifier.h"
#include "net/cert/x509_certificate.h"
+#include "net/http/transport_security_state.h"
#include "net/socket/client_socket_factory.h"
#include "net/socket/socket_test_util.h"
#include "net/socket/ssl_client_socket.h"
@@ -296,7 +297,8 @@ class SSLServerSocketTest : public PlatformTest {
public:
SSLServerSocketTest()
: socket_factory_(net::ClientSocketFactory::GetDefaultFactory()),
- cert_verifier_(new MockCertVerifier()) {
+ cert_verifier_(new MockCertVerifier()),
+ transport_security_state_(new TransportSecurityState) {
cert_verifier_->set_default_result(net::CERT_STATUS_AUTHORITY_INVALID);
}
@@ -341,6 +343,7 @@ class SSLServerSocketTest : public PlatformTest {
net::HostPortPair host_and_pair("unittest", 0);
net::SSLClientSocketContext context;
context.cert_verifier = cert_verifier_.get();
+ context.transport_security_state = transport_security_state_.get();
client_socket_.reset(
socket_factory_->CreateSSLClientSocket(
fake_client_socket, host_and_pair, ssl_config, context));
@@ -354,6 +357,7 @@ class SSLServerSocketTest : public PlatformTest {
scoped_ptr<net::SSLServerSocket> server_socket_;
net::ClientSocketFactory* socket_factory_;
scoped_ptr<net::MockCertVerifier> cert_verifier_;
+ scoped_ptr<net::TransportSecurityState> transport_security_state_;
};
// SSLServerSocket is only implemented using NSS.
diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc
index 098621e..5053900 100644
--- a/net/socket_stream/socket_stream.cc
+++ b/net/socket_stream/socket_stream.cc
@@ -989,6 +989,7 @@ int SocketStream::DoSecureProxyConnect() {
DCHECK(factory_);
SSLClientSocketContext ssl_context;
ssl_context.cert_verifier = context_->cert_verifier();
+ ssl_context.transport_security_state = context_->transport_security_state();
ssl_context.server_bound_cert_service = context_->server_bound_cert_service();
socket_.reset(factory_->CreateSSLClientSocket(
socket_.release(),
@@ -1042,6 +1043,7 @@ int SocketStream::DoSSLConnect() {
DCHECK(factory_);
SSLClientSocketContext ssl_context;
ssl_context.cert_verifier = context_->cert_verifier();
+ ssl_context.transport_security_state = context_->transport_security_state();
ssl_context.server_bound_cert_service = context_->server_bound_cert_service();
socket_.reset(factory_->CreateSSLClientSocket(socket_.release(),
HostPortPair::FromURL(url_),
diff --git a/net/socket_stream/socket_stream.h b/net/socket_stream/socket_stream.h
index 003c2f7..9a21c6e 100644
--- a/net/socket_stream/socket_stream.h
+++ b/net/socket_stream/socket_stream.h
@@ -37,6 +37,7 @@ class ServerBoundCertService;
class SingleRequestHostResolver;
class StreamSocket;
class SocketStreamMetrics;
+class TransportSecurityState;
class URLRequestContext;
// SocketStream is used to implement Web Sockets.
diff --git a/net/spdy/spdy_test_util_common.cc b/net/spdy/spdy_test_util_common.cc
index ccd9fa6..8ad49cc 100644
--- a/net/spdy/spdy_test_util_common.cc
+++ b/net/spdy/spdy_test_util_common.cc
@@ -330,6 +330,7 @@ crypto::ECSignatureCreator* MockECSignatureCreatorFactory::Create(
SpdySessionDependencies::SpdySessionDependencies(NextProto protocol)
: host_resolver(new MockCachingHostResolver),
cert_verifier(new MockCertVerifier),
+ transport_security_state(new TransportSecurityState),
proxy_service(ProxyService::CreateDirect()),
ssl_config_service(new SSLConfigServiceDefaults),
socket_factory(new MockClientSocketFactory),
@@ -359,6 +360,7 @@ SpdySessionDependencies::SpdySessionDependencies(
NextProto protocol, ProxyService* proxy_service)
: host_resolver(new MockHostResolver),
cert_verifier(new MockCertVerifier),
+ transport_security_state(new TransportSecurityState),
proxy_service(proxy_service),
ssl_config_service(new SSLConfigServiceDefaults),
socket_factory(new MockClientSocketFactory),
@@ -410,6 +412,8 @@ net::HttpNetworkSession::Params SpdySessionDependencies::CreateSessionParams(
net::HttpNetworkSession::Params params;
params.host_resolver = session_deps->host_resolver.get();
params.cert_verifier = session_deps->cert_verifier.get();
+ params.transport_security_state =
+ session_deps->transport_security_state.get();
params.proxy_service = session_deps->proxy_service.get();
params.ssl_config_service = session_deps->ssl_config_service.get();
params.http_auth_handler_factory =
@@ -434,6 +438,7 @@ SpdyURLRequestContext::SpdyURLRequestContext(NextProto protocol)
storage_.set_host_resolver(scoped_ptr<HostResolver>(new MockHostResolver));
storage_.set_cert_verifier(new MockCertVerifier);
+ storage_.set_transport_security_state(new TransportSecurityState);
storage_.set_proxy_service(ProxyService::CreateDirect());
storage_.set_ssl_config_service(new SSLConfigServiceDefaults);
storage_.set_http_auth_handler_factory(HttpAuthHandlerFactory::CreateDefault(
@@ -443,6 +448,7 @@ SpdyURLRequestContext::SpdyURLRequestContext(NextProto protocol)
params.client_socket_factory = &socket_factory_;
params.host_resolver = host_resolver();
params.cert_verifier = cert_verifier();
+ params.transport_security_state = transport_security_state();
params.proxy_service = proxy_service();
params.ssl_config_service = ssl_config_service();
params.http_auth_handler_factory = http_auth_handler_factory();
diff --git a/net/spdy/spdy_test_util_common.h b/net/spdy/spdy_test_util_common.h
index 785e710..5595d9c 100644
--- a/net/spdy/spdy_test_util_common.h
+++ b/net/spdy/spdy_test_util_common.h
@@ -17,6 +17,7 @@
#include "net/http/http_auth_handler_factory.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties_impl.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/proxy_service.h"
#include "net/socket/next_proto.h"
#include "net/socket/socket_test_util.h"
@@ -193,6 +194,7 @@ struct SpdySessionDependencies {
// NOTE: host_resolver must be ordered before http_auth_handler_factory.
scoped_ptr<MockHostResolverBase> host_resolver;
scoped_ptr<CertVerifier> cert_verifier;
+ scoped_ptr<TransportSecurityState> transport_security_state;
scoped_ptr<ProxyService> proxy_service;
scoped_refptr<SSLConfigService> ssl_config_service;
scoped_ptr<MockClientSocketFactory> socket_factory;
diff --git a/net/tools/fetch/fetch_client.cc b/net/tools/fetch/fetch_client.cc
index 58a7522..a3c826e 100644
--- a/net/tools/fetch/fetch_client.cc
+++ b/net/tools/fetch/fetch_client.cc
@@ -26,6 +26,7 @@
#include "net/http/http_request_info.h"
#include "net/http/http_server_properties_impl.h"
#include "net/http/http_transaction.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/proxy_service.h"
#include "net/ssl/ssl_config_service_defaults.h"
@@ -146,6 +147,8 @@ int main(int argc, char** argv) {
net::HostResolver::CreateDefaultResolver(NULL));
scoped_ptr<net::CertVerifier> cert_verifier(
net::CertVerifier::CreateDefault());
+ scoped_ptr<net::TransportSecurityState> transport_security_state(
+ new net::TransportSecurityState);
scoped_ptr<net::ProxyService> proxy_service(
net::ProxyService::CreateDirect());
scoped_refptr<net::SSLConfigService> ssl_config_service(
@@ -158,6 +161,7 @@ int main(int argc, char** argv) {
net::HttpNetworkSession::Params session_params;
session_params.host_resolver = host_resolver.get();
session_params.cert_verifier = cert_verifier.get();
+ session_params.transport_security_state = transport_security_state.get();
session_params.proxy_service = proxy_service.get();
session_params.http_auth_handler_factory = http_auth_handler_factory.get();
session_params.http_server_properties = &http_server_properties;
diff --git a/net/url_request/url_request_test_util.cc b/net/url_request/url_request_test_util.cc
index 95964fe..68b3404 100644
--- a/net/url_request/url_request_test_util.cc
+++ b/net/url_request/url_request_test_util.cc
@@ -14,6 +14,7 @@
#include "net/dns/mock_host_resolver.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties_impl.h"
+#include "net/http/transport_security_state.h"
#include "net/ssl/default_server_bound_cert_store.h"
#include "net/ssl/server_bound_cert_service.h"
#include "net/url_request/static_http_user_agent_settings.h"
@@ -72,6 +73,8 @@ void TestURLRequestContext::Init() {
context_storage_.set_proxy_service(ProxyService::CreateDirect());
if (!cert_verifier())
context_storage_.set_cert_verifier(CertVerifier::CreateDefault());
+ if (!transport_security_state())
+ context_storage_.set_transport_security_state(new TransportSecurityState);
if (!ssl_config_service())
context_storage_.set_ssl_config_service(new SSLConfigServiceDefaults);
if (!http_auth_handler_factory()) {
@@ -94,6 +97,7 @@ void TestURLRequestContext::Init() {
params.client_socket_factory = client_socket_factory();
params.host_resolver = host_resolver();
params.cert_verifier = cert_verifier();
+ params.transport_security_state = transport_security_state();
params.proxy_service = proxy_service();
params.ssl_config_service = ssl_config_service();
params.http_auth_handler_factory = http_auth_handler_factory();
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index a22423d..aae296f 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -5093,6 +5093,7 @@ TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) {
HttpNetworkSession::Params params;
params.host_resolver = default_context_.host_resolver();
params.cert_verifier = default_context_.cert_verifier();
+ params.transport_security_state = default_context_.transport_security_state();
params.proxy_service = default_context_.proxy_service();
params.ssl_config_service = default_context_.ssl_config_service();
params.http_auth_handler_factory =
diff --git a/remoting/host/url_request_context.cc b/remoting/host/url_request_context.cc
index c3240fe..aec661f 100644
--- a/remoting/host/url_request_context.cc
+++ b/remoting/host/url_request_context.cc
@@ -96,6 +96,7 @@ URLRequestContext::URLRequestContext(
net::HttpNetworkSession::Params session_params;
session_params.host_resolver = host_resolver();
session_params.cert_verifier = cert_verifier();
+ session_params.transport_security_state = transport_security_state();
session_params.proxy_service = proxy_service();
session_params.ssl_config_service = ssl_config_service();
session_params.http_auth_handler_factory = http_auth_handler_factory();
diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.cc b/remoting/protocol/ssl_hmac_channel_authenticator.cc
index 587d71a..93249bd 100644
--- a/remoting/protocol/ssl_hmac_channel_authenticator.cc
+++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc
@@ -12,6 +12,7 @@
#include "net/base/net_errors.h"
#include "net/cert/cert_verifier.h"
#include "net/cert/x509_certificate.h"
+#include "net/http/transport_security_state.h"
#include "net/socket/client_socket_factory.h"
#include "net/socket/ssl_client_socket.h"
#include "net/socket/ssl_server_socket.h"
@@ -83,6 +84,7 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate(
&SslHmacChannelAuthenticator::OnConnected, base::Unretained(this)));
} else {
cert_verifier_.reset(net::CertVerifier::CreateDefault());
+ transport_security_state_.reset(new net::TransportSecurityState);
net::SSLConfig::CertAndStatus cert_and_status;
cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
@@ -100,6 +102,7 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate(
net::HostPortPair host_and_port(kSslFakeHostName, 0);
net::SSLClientSocketContext context;
context.cert_verifier = cert_verifier_.get();
+ context.transport_security_state = transport_security_state_.get();
socket_.reset(
net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(
socket.release(), host_and_port, ssl_config, context));
diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.h b/remoting/protocol/ssl_hmac_channel_authenticator.h
index 6f7440c..320466c 100644
--- a/remoting/protocol/ssl_hmac_channel_authenticator.h
+++ b/remoting/protocol/ssl_hmac_channel_authenticator.h
@@ -18,6 +18,7 @@ class CertVerifier;
class DrainableIOBuffer;
class GrowableIOBuffer;
class SSLSocket;
+class TransportSecurityState;
} // namespace net
namespace remoting {
@@ -89,6 +90,7 @@ class SslHmacChannelAuthenticator : public ChannelAuthenticator,
// Used in the CLIENT mode only.
std::string remote_cert_;
scoped_ptr<net::CertVerifier> cert_verifier_;
+ scoped_ptr<net::TransportSecurityState> transport_security_state_;
scoped_ptr<net::SSLSocket> socket_;
DoneCallback done_callback_;
diff --git a/webkit/support/test_shell_request_context.cc b/webkit/support/test_shell_request_context.cc
index edd005a..a7801de 100644
--- a/webkit/support/test_shell_request_context.cc
+++ b/webkit/support/test_shell_request_context.cc
@@ -16,6 +16,7 @@
#include "net/http/http_auth_handler_factory.h"
#include "net/http/http_network_session.h"
#include "net/http/http_server_properties_impl.h"
+#include "net/http/transport_security_state.h"
#include "net/proxy/proxy_config_service.h"
#include "net/proxy/proxy_config_service_fixed.h"
#include "net/proxy/proxy_service.h"
@@ -84,6 +85,7 @@ void TestShellRequestContext::Init(
storage_.set_host_resolver(net::HostResolver::CreateDefaultResolver(NULL));
storage_.set_cert_verifier(net::CertVerifier::CreateDefault());
+ storage_.set_transport_security_state(new net::TransportSecurityState);
storage_.set_proxy_service(net::ProxyService::CreateUsingSystemProxyResolver(
proxy_config_service.release(), 0, NULL));
storage_.set_ssl_config_service(
@@ -104,6 +106,7 @@ void TestShellRequestContext::Init(
net::HttpNetworkSession::Params network_session_params;
network_session_params.host_resolver = host_resolver();
network_session_params.cert_verifier = cert_verifier();
+ network_session_params.transport_security_state = transport_security_state();
network_session_params.server_bound_cert_service =
server_bound_cert_service();
network_session_params.proxy_service = proxy_service();
generated by cgit v1.1 at 2024-09-16 12:29:42 +0000