In DefaultPolicy::OnCertError, if a cert error is allowed,

we should skip the code that determines what to do about a sub-resource. This is because in some HTTPS implementations, we continue to get errors on a cert after we have ignored that cert's errors. The current code works with WinHTTP because WinHTTP stops sending errors on a cert after we have ignored that cert's errors. This changelist allows the code to work with both kinds of HTTPS implementations. Fix nits (extra semicolons and insufficient whitespace) reported by cpplint.py. R=abarth,jcampan BUG=1272567 Review URL: http://codereview.chromium.org/2816 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@2252 0039d316-1c4b-4281-b951-d872f2087c98
author: wtc@google.com <wtc@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-09-16 00:14:56 +0000
committer: wtc@google.com <wtc@google.com@0039d316-1c4b-4281-b951-d872f2087c98> 2008-09-16 00:14:56 +0000
commit: a26d62f00cb97e14780ff719a547bae2fc1d365e (patch)
tree: 34aa7999590879e8d7d1455b9457ad1b8fc7c607 /chrome/browser
parent: b6386720972d9ac0fd5cfa5256e2f0fcacf71e4d (diff)
download: chromium_src-a26d62f00cb97e14780ff719a547bae2fc1d365e.zip
chromium_src-a26d62f00cb97e14780ff719a547bae2fc1d365e.tar.gz
chromium_src-a26d62f00cb97e14780ff719a547bae2fc1d365e.tar.bz2
1 files changed, 20 insertions, 21 deletions
diff --git a/chrome/browser/ssl_policy.cc b/chrome/browser/ssl_policy.cc
index beb2978..dbcfb75 100644
--- a/chrome/browser/ssl_policy.cc
+++ b/chrome/browser/ssl_policy.cc
@@ -160,7 +160,7 @@ class AuthorityInvalidPolicy : public SSLPolicy {
 class ContainsErrorsPolicy : public SSLPolicy {
  public:
   static SSLPolicy* GetInstance() {
-    return Singleton<ContainsErrorsPolicy>::get();;
+    return Singleton<ContainsErrorsPolicy>::get();
   }
 
   void OnCertError(const GURL& main_frame_url,
@@ -217,7 +217,7 @@ class RevokedPolicy : public SSLPolicy {
 class InvalidPolicy : public SSLPolicy {
  public:
   static SSLPolicy* GetInstance() {
-    return Singleton<InvalidPolicy>::get();;
+    return Singleton<InvalidPolicy>::get();
   }
 
   void OnCertError(const GURL& main_frame_url,
@@ -261,24 +261,6 @@ class DefaultPolicy : public SSLPolicy {
       return;
     }
 
-    if (error->resource_type() != ResourceType::MAIN_FRAME) {
-      if (main_frame_url.SchemeIsSecure() &&
-          !error->manager()->CanShowInsecureContent(main_frame_url)) {
-        error->manager()->ShowMessageWithLink(
-            l10n_util::GetString(IDS_SSL_INFO_BAR_FILTERED_CONTENT),
-            l10n_util::GetString(IDS_SSL_INFO_BAR_SHOW_CONTENT),
-            new ShowUnsafeContentTask(main_frame_url, error));
-        error->DenyRequest();
-      } else {
-        // TODO (jcampan): if we get a bad HTTPS resource from a secure frame in
-        // an insecure page, it might compromise any other page from the secure
-        // frame domain, we should change their style to insecure, or just
-        // filter the resource and show an info-bar.
-        error->ContinueRequest();
-      }
-      return;
-    }
-
     // First we check if we know the policy for this error.
     net::X509Certificate::Policy::Judgment judgment =
         error->manager()->QueryPolicy(error->ssl_info().cert,
@@ -301,6 +283,23 @@ class DefaultPolicy : public SSLPolicy {
         // For now we handle the DENIED as the UNKNOWN, which means a blocking
         // page is shown to the user every time he comes back to the page.
       case net::X509Certificate::Policy::UNKNOWN:
+        if (error->resource_type() != ResourceType::MAIN_FRAME) {
+          if (main_frame_url.SchemeIsSecure() &&
+              !error->manager()->CanShowInsecureContent(main_frame_url)) {
+            error->manager()->ShowMessageWithLink(
+                l10n_util::GetString(IDS_SSL_INFO_BAR_FILTERED_CONTENT),
+                l10n_util::GetString(IDS_SSL_INFO_BAR_SHOW_CONTENT),
+                new ShowUnsafeContentTask(main_frame_url, error));
+            error->DenyRequest();
+          } else {
+            // TODO(jcampan): if we get a bad HTTPS resource from a secure
+            // frame in an insecure page, it might compromise any other page
+            // from the secure frame domain, we should change their style to
+            // insecure, or just filter the resource and show an info-bar.
+            error->ContinueRequest();
+          }
+          break;
+        }
         // We don't know how to handle this error.  Ask our sub-policies.
         sub_policies_[index]->OnCertError(main_frame_url, error);
         break;
@@ -364,7 +363,7 @@ class DefaultPolicy : public SSLPolicy {
   SSLPolicy* sub_policies_[net::ERR_CERT_BEGIN - net::ERR_CERT_END];
 };
 
-} // namespace
+}  // namespace
 
 SSLPolicy* SSLPolicy::GetDefaultPolicy() {
   // Lazily initialize our default policy instance.
author	wtc@google.com <wtc@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-09-16 00:14:56 +0000
committer	wtc@google.com <wtc@google.com@0039d316-1c4b-4281-b951-d872f2087c98>	2008-09-16 00:14:56 +0000
commit	a26d62f00cb97e14780ff719a547bae2fc1d365e (patch)
tree	34aa7999590879e8d7d1455b9457ad1b8fc7c607 /chrome/browser
parent	b6386720972d9ac0fd5cfa5256e2f0fcacf71e4d (diff)
download	chromium_src-a26d62f00cb97e14780ff719a547bae2fc1d365e.zip chromium_src-a26d62f00cb97e14780ff719a547bae2fc1d365e.tar.gz chromium_src-a26d62f00cb97e14780ff719a547bae2fc1d365e.tar.bz2