diff options
| author | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-20 01:59:01 +0000 |
|---|---|---|
| committer | rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-20 01:59:01 +0000 |
| commit | e0e087f07253fe3d95aeafdfa337463d4334b7fa (patch) | |
| tree | a6fa2b390d98f6c3c0beef87915407c4d27c5ed6 /net/http | |
| parent | b73bb80b3496c7e1e8de3d808fc451663885d0b7 (diff) | |
| download | chromium_src-e0e087f07253fe3d95aeafdfa337463d4334b7fa.zip chromium_src-e0e087f07253fe3d95aeafdfa337463d4334b7fa.tar.gz chromium_src-e0e087f07253fe3d95aeafdfa337463d4334b7fa.tar.bz2 | |
Change the HTTP cache to cache the entire certificate chain for SSL sites
When persisting an X509Certificate to a pickle, such as when storing to the HTTP cache, persist any intermediate certificates in addition to the end-entity certificate. This will allow the complete certificate chain to be displayed to the end user when viewing a cached entry, independent of whether a network request has been made to that site during the browsing session.
R=agl
BUG=7065
TEST=X509CertificateTest.Persist
Review URL: http://codereview.chromium.org/4645001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@82214 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http')
| -rw-r--r-- | net/http/http_response_info.cc | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/net/http/http_response_info.cc b/net/http/http_response_info.cc index fd76462..49090e0 100644 --- a/net/http/http_response_info.cc +++ b/net/http/http_response_info.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -22,7 +22,10 @@ namespace net { // serialized HttpResponseInfo. enum { // The version of the response info used when persisting response info. - RESPONSE_INFO_VERSION = 1, + RESPONSE_INFO_VERSION = 2, + + // The minimum version supported for deserializing response info. + RESPONSE_INFO_MINIMUM_VERSION = 1, // We reserve up to 8 bits for the version number. RESPONSE_INFO_VERSION_MASK = 0xFF, @@ -108,7 +111,8 @@ bool HttpResponseInfo::InitFromPickle(const Pickle& pickle, if (!pickle.ReadInt(&iter, &flags)) return false; int version = flags & RESPONSE_INFO_VERSION_MASK; - if (version != RESPONSE_INFO_VERSION) { + if (version < RESPONSE_INFO_MINIMUM_VERSION || + version > RESPONSE_INFO_VERSION) { DLOG(ERROR) << "unexpected response info version: " << version; return false; } @@ -131,8 +135,12 @@ bool HttpResponseInfo::InitFromPickle(const Pickle& pickle, // read ssl-info if (flags & RESPONSE_INFO_HAS_CERT) { - ssl_info.cert = - X509Certificate::CreateFromPickle(pickle, &iter); + // Version 1 only serialized only the end-entity certificate, + // while subsequent versions include the entire chain. + X509Certificate::PickleType type = (version == 1) ? + X509Certificate::PICKLETYPE_SINGLE_CERTIFICATE : + X509Certificate::PICKLETYPE_CERTIFICATE_CHAIN; + ssl_info.cert = X509Certificate::CreateFromPickle(pickle, &iter, type); } if (flags & RESPONSE_INFO_HAS_CERT_STATUS) { int cert_status; |