diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-09-27 19:43:53 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-09-27 19:43:53 +0000 |
| commit | e5624f0b84c761a2a88fc30dd6d95b71a5b44ad6 (patch) | |
| tree | 0b8c7ef9296786dcd233c9640a1a69a4fa008235 /net/proxy | |
| parent | faf6cc757fa0e8f0baf343c589a3d35bb7019e23 (diff) | |
| download | chromium_src-e5624f0b84c761a2a88fc30dd6d95b71a5b44ad6.zip chromium_src-e5624f0b84c761a2a88fc30dd6d95b71a5b44ad6.tar.gz chromium_src-e5624f0b84c761a2a88fc30dd6d95b71a5b44ad6.tar.bz2 | |
net: make HSTS hosts use the normal SSL interstitials
(Reland of r102947, which was reverted in r102950.)
SSL interstitials have better translations for the error messages and this
returns us to the point where we have only a single UI for SSL errors, which
will make some future changes easier.
First, this change changes the SSL error callbacks to take an SSLInfo& rather
than a X509Certificate* (which was already a TODO(wtc) in the code). Most of
this change is the resulting plumbing.
It also adds a |is_hsts_host| flag to the callbacks to denote an HSTS host.
Finally, in ssl_policy.cc the |is_hsts_host| flag causes any error to be
fatal.
BUG=93527
http://codereview.chromium.org/7976036/
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102994 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/proxy')
| -rw-r--r-- | net/proxy/proxy_script_fetcher_impl.cc | 7 | ||||
| -rw-r--r-- | net/proxy/proxy_script_fetcher_impl.h | 5 |
2 files changed, 7 insertions, 5 deletions
diff --git a/net/proxy/proxy_script_fetcher_impl.cc b/net/proxy/proxy_script_fetcher_impl.cc index 7025e72..bb0e57c 100644 --- a/net/proxy/proxy_script_fetcher_impl.cc +++ b/net/proxy/proxy_script_fetcher_impl.cc @@ -9,6 +9,7 @@ #include "base/logging.h" #include "base/message_loop.h" #include "base/string_util.h" +#include "net/base/cert_status_flags.h" #include "net/base/data_url.h" #include "net/base/io_buffer.h" #include "net/base/load_flags.h" @@ -190,12 +191,12 @@ void ProxyScriptFetcherImpl::OnAuthRequired(URLRequest* request, } void ProxyScriptFetcherImpl::OnSSLCertificateError(URLRequest* request, - int cert_error, - X509Certificate* cert) { + const SSLInfo& ssl_info, + bool is_hsts_host) { DCHECK_EQ(request, cur_request_.get()); LOG(WARNING) << "SSL certificate error when fetching PAC script, aborting."; // Certificate errors are in same space as net errors. - result_code_ = cert_error; + result_code_ = MapCertStatusToNetError(ssl_info.cert_status); request->Cancel(); } diff --git a/net/proxy/proxy_script_fetcher_impl.h b/net/proxy/proxy_script_fetcher_impl.h index ff57a28..0236559 100644 --- a/net/proxy/proxy_script_fetcher_impl.h +++ b/net/proxy/proxy_script_fetcher_impl.h @@ -53,8 +53,9 @@ class NET_EXPORT ProxyScriptFetcherImpl : public ProxyScriptFetcher, // URLRequest::Delegate methods: virtual void OnAuthRequired(URLRequest* request, AuthChallengeInfo* auth_info) OVERRIDE; - virtual void OnSSLCertificateError(URLRequest* request, int cert_error, - X509Certificate* cert) OVERRIDE; + virtual void OnSSLCertificateError(URLRequest* request, + const SSLInfo& ssl_info, + bool is_hsts_ok) OVERRIDE; virtual void OnResponseStarted(URLRequest* request) OVERRIDE; virtual void OnReadCompleted(URLRequest* request, int num_bytes) OVERRIDE; |