diff options
| author | jww <jww@chromium.org> | 2015-09-01 23:12:52 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-09-02 06:13:24 +0000 |
| commit | f4684d1bb87fb11d93888922b1f61e52f0d61042 (patch) | |
| tree | 4a4bf68fd59a2585bf679968bb229457c3acfb5d /content/browser/ssl | |
| parent | 28beaa15894779c747e6c6193b988b74a9b71289 (diff) | |
| download | chromium_src-f4684d1bb87fb11d93888922b1f61e52f0d61042.zip chromium_src-f4684d1bb87fb11d93888922b1f61e52f0d61042.tar.gz chromium_src-f4684d1bb87fb11d93888922b1f61e52f0d61042.tar.bz2 | |
Verify that cert status is valid before forgetting user exceptions
Adds a check in SSLPolicy when user exceptions for bad certificates are
forgotten to make sure that the certificate information is valid. Simply
adds a check that the cert_id is not 0. Also adds unit tests to validate
this chain of events.
In SSLPolicy, if a user has made an exception for an invalid certificate
for a host by clicking on an interstitial, that exception is forgotten
if a good certificate is ever seen for the host. Unfortunately, when we
checked if the certificate has an error or not, we forgot to check *if
the certificate info is valid*, and thus we were getting certificate
information that that was not valid, and by default lists no certificate
errors. Thus, Chrome thought it found a certificate without an error,
when what it really found was invalid certificate information.
BUG=516808
Review URL: https://codereview.chromium.org/1311453007
Cr-Commit-Position: refs/heads/master@{#346849}
Diffstat (limited to 'content/browser/ssl')
| -rw-r--r-- | content/browser/ssl/ssl_manager.h | 2 | ||||
| -rw-r--r-- | content/browser/ssl/ssl_policy.cc | 7 | ||||
| -rw-r--r-- | content/browser/ssl/ssl_policy_backend.h | 2 |
3 files changed, 8 insertions, 3 deletions
diff --git a/content/browser/ssl/ssl_manager.h b/content/browser/ssl/ssl_manager.h index fbf3e39..8128ee8 100644 --- a/content/browser/ssl/ssl_manager.h +++ b/content/browser/ssl/ssl_manager.h @@ -40,7 +40,7 @@ struct ResourceRequestDetails; // The security state (secure/insecure) is stored in the navigation entry. // Along with it are stored any SSL error code and the associated cert. -class SSLManager { +class CONTENT_EXPORT SSLManager { public: // Entry point for SSLCertificateErrors. This function begins the process // of resolving a certificate error during an SSL connection. SSLManager diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc index 8804409..cb8e4d7 100644 --- a/content/browser/ssl/ssl_policy.cc +++ b/content/browser/ssl/ssl_policy.cc @@ -124,7 +124,12 @@ void SSLPolicy::OnRequestStarted(SSLRequestInfo* info) { if (net::IsCertStatusError(info->ssl_cert_status())) { backend_->HostRanInsecureContent(info->url().host(), info->child_id()); - } else if (info->url().SchemeIsCryptographic()) { + } else if (info->ssl_cert_id() && info->url().SchemeIsCryptographic()) { + // If the scheme is https: or wss: *and* the security info for the cert has + // been set (i.e. the cert id is not 0), revoke any previous decisions that + // have occurred. If the cert info has not been set, do nothing since it + // isn't known if the connection was actually a valid connection or if it + // had a cert error. SSLGoodCertSeenEvent event = NO_PREVIOUS_EXCEPTION; if (backend_->HasAllowException(info->url().host())) { // If there's no certificate error, a good certificate has been seen, so diff --git a/content/browser/ssl/ssl_policy_backend.h b/content/browser/ssl/ssl_policy_backend.h index ed50c24..15c514a 100644 --- a/content/browser/ssl/ssl_policy_backend.h +++ b/content/browser/ssl/ssl_policy_backend.h @@ -17,7 +17,7 @@ namespace content { class NavigationControllerImpl; -class SSLPolicyBackend { +class CONTENT_EXPORT SSLPolicyBackend { public: explicit SSLPolicyBackend(NavigationControllerImpl* controller); |