diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-07 22:03:26 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-11-07 22:03:26 +0000 |
| commit | 8aacd9bfc63d4b3b06c9bdd43e27c836b7cc610b (patch) | |
| tree | 714bb02de3a79decbd059af6bf88335818eb972a /net | |
| parent | b9d63525eb08c5fa463ccfe9446e783cc614d325 (diff) | |
| download | chromium_src-8aacd9bfc63d4b3b06c9bdd43e27c836b7cc610b.zip chromium_src-8aacd9bfc63d4b3b06c9bdd43e27c836b7cc610b.tar.gz chromium_src-8aacd9bfc63d4b3b06c9bdd43e27c836b7cc610b.tar.bz2 | |
net: have pinning checks ignore minor certificate errors.
Pinning checks are deliberatly enforced last because the other certificate
errors are more specific and have more helpful error messages.
However, we shouldn't allow minor certificate errors to override pinning
checks.
BUG=103244
TEST=Check that https://pinningtest.appspot.com fails in an official build.
Review URL: http://codereview.chromium.org/8467019
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108918 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/url_request/url_request_http_job.cc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index 889fba86..425b747 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -670,8 +670,9 @@ void URLRequestHttpJob::OnStartCompleted(int result) { // merges into a SPDY connection to www.example.com, and gets a different // certificate. const SSLInfo& ssl_info = transaction_->GetResponseInfo()->ssl_info; - if (result == OK && - ssl_info.is_valid() && + if (ssl_info.is_valid() && + (result == OK || (IsCertificateError(result) && + IsCertStatusMinorError(ssl_info.cert_status))) && ssl_info.is_issued_by_known_root && context_->transport_security_state()) { TransportSecurityState::DomainState domain_state; |