diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-21 17:45:33 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-02-21 17:45:33 +0000 |
| commit | 3dd663e0d0daf7248aac7fbc161f79c6f3de191a (patch) | |
| tree | ca1bb6c3bc718493f4154839ea831bc20ad58baa /net/socket | |
| parent | 6351d4712c9b5f7ad41a53cb13ac279e08dcb3a5 (diff) | |
| download | chromium_src-3dd663e0d0daf7248aac7fbc161f79c6f3de191a.zip chromium_src-3dd663e0d0daf7248aac7fbc161f79c6f3de191a.tar.gz chromium_src-3dd663e0d0daf7248aac7fbc161f79c6f3de191a.tar.bz2 | |
net: remove special case for Kaspersky HTTPS
Kaspersky released an updated version some months ago and hopefully most users
have upgraded by now.
BUG=86208
TEST=none
Review URL: https://chromiumcodereview.appspot.com/9419014
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@122835 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 11 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.h | 3 |
2 files changed, 1 insertions, 13 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 9c74ecb..094b07e 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -454,7 +454,6 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, completed_handshake_(false), ssl_session_cache_shard_(context.ssl_session_cache_shard), eset_mitm_detected_(false), - kaspersky_mitm_detected_(false), predicted_cert_chain_correct_(false), next_handshake_state_(STATE_NONE), nss_fd_(NULL), @@ -652,7 +651,6 @@ void SSLClientSocketNSS::Disconnect() { ssl_connection_status_ = 0; completed_handshake_ = false; eset_mitm_detected_ = false; - kaspersky_mitm_detected_ = false; start_cert_verification_time_ = base::TimeTicks(); predicted_cert_chain_correct_ = false; nss_bufs_ = NULL; @@ -1446,8 +1444,6 @@ int SSLClientSocketNSS::DoHandshake() { if (handshake_callback_called_) { if (eset_mitm_detected_) { net_error = ERR_ESET_ANTI_VIRUS_SSL_INTERCEPTION; - } else if (kaspersky_mitm_detected_) { - net_error = ERR_KASPERSKY_ANTI_VIRUS_SSL_INTERCEPTION; } else { // We need to see if the predicted certificate chain (in // |ssl_host_info_->state().certs) matches the actual certificate chain @@ -2148,18 +2144,13 @@ SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, if (cert) { char* common_name = CERT_GetCommonName(&cert->issuer); if (common_name) { - if (false_start && strcmp(common_name, "ESET_RootSslCert") == 0) + if (false_start && strcmp(common_name, "ESET_RootSslCert") == 0) { // ESET anti-virus is capable of intercepting HTTPS connections on // Windows. However, it is False Start intolerant and causes the // connections to hang forever. We detect ESET by the issuer of the // leaf certificate and set a flag to return a specific error, giving // the user instructions for reconfiguring ESET. that->eset_mitm_detected_ = true; - if (strcmp(common_name, - "Kaspersky Anti-Virus personal root certificate") == 0) { - // Kaspersky has an unknown intolerance to our HTTPS handshakes and so - // we detect and give a more helpful error message. - that->kaspersky_mitm_detected_ = true; } if (false_start && strcmp(common_name, "ContentWatch Root Certificate Authority") == 0) { diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index e9f4f48..3ce5b78 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -276,9 +276,6 @@ class SSLClientSocketNSS : public SSLClientSocket { // True iff we believe that the user has an ESET product intercepting our // HTTPS connections. bool eset_mitm_detected_; - // True iff we believe that the user has a Kaspersky product intercepting our - // HTTPS connections. - bool kaspersky_mitm_detected_; // True iff |ssl_host_info_| contained a predicted certificate chain and // that we found the prediction to be correct. |