diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-09-27 16:39:00 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-09-27 16:39:00 +0000 |
| commit | 41a8669d04f762fe62a68b74425133b3c91f9ff6 (patch) | |
| tree | 7289381e127c4e9ede8e2550da91a1325516b60f /net | |
| parent | 46bcd237ebf1d597de0f0f974c7adb3ede6ba621 (diff) | |
| download | chromium_src-41a8669d04f762fe62a68b74425133b3c91f9ff6.zip chromium_src-41a8669d04f762fe62a68b74425133b3c91f9ff6.tar.gz chromium_src-41a8669d04f762fe62a68b74425133b3c91f9ff6.tar.bz2 | |
net: make HSTS hosts use the normal SSL interstitials
SSL interstitials have better translations for the error messages and this
returns us to the point where we have only a single UI for SSL errors, which
will make some future changes easier.
First, this change changes the SSL error callbacks to take an SSLInfo& rather
than a X509Certificate* (which was already a TODO(wtc) in the code). Most of
this change is the resulting plumbing.
It also adds a |is_hsts_host| flag to the callbacks to denote an HSTS host.
Finally, in ssl_policy.cc the |is_hsts_host| flag causes any error to be
fatal.
BUG=93527
http://codereview.chromium.org/7976036/
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102947 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/proxy/proxy_script_fetcher_impl.cc | 7 | ||||
| -rw-r--r-- | net/proxy/proxy_script_fetcher_impl.h | 5 | ||||
| -rw-r--r-- | net/url_request/url_request.cc | 10 | ||||
| -rw-r--r-- | net/url_request/url_request.h | 11 | ||||
| -rw-r--r-- | net/url_request/url_request_http_job.cc | 36 | ||||
| -rw-r--r-- | net/url_request/url_request_http_job.h | 2 | ||||
| -rw-r--r-- | net/url_request/url_request_job.cc | 6 | ||||
| -rw-r--r-- | net/url_request/url_request_job.h | 4 | ||||
| -rw-r--r-- | net/url_request/url_request_test_util.cc | 4 | ||||
| -rw-r--r-- | net/url_request/url_request_test_util.h | 4 |
10 files changed, 40 insertions, 49 deletions
diff --git a/net/proxy/proxy_script_fetcher_impl.cc b/net/proxy/proxy_script_fetcher_impl.cc index 7025e72..bb0e57c 100644 --- a/net/proxy/proxy_script_fetcher_impl.cc +++ b/net/proxy/proxy_script_fetcher_impl.cc @@ -9,6 +9,7 @@ #include "base/logging.h" #include "base/message_loop.h" #include "base/string_util.h" +#include "net/base/cert_status_flags.h" #include "net/base/data_url.h" #include "net/base/io_buffer.h" #include "net/base/load_flags.h" @@ -190,12 +191,12 @@ void ProxyScriptFetcherImpl::OnAuthRequired(URLRequest* request, } void ProxyScriptFetcherImpl::OnSSLCertificateError(URLRequest* request, - int cert_error, - X509Certificate* cert) { + const SSLInfo& ssl_info, + bool is_hsts_host) { DCHECK_EQ(request, cur_request_.get()); LOG(WARNING) << "SSL certificate error when fetching PAC script, aborting."; // Certificate errors are in same space as net errors. - result_code_ = cert_error; + result_code_ = MapCertStatusToNetError(ssl_info.cert_status); request->Cancel(); } diff --git a/net/proxy/proxy_script_fetcher_impl.h b/net/proxy/proxy_script_fetcher_impl.h index ff57a28..0236559 100644 --- a/net/proxy/proxy_script_fetcher_impl.h +++ b/net/proxy/proxy_script_fetcher_impl.h @@ -53,8 +53,9 @@ class NET_EXPORT ProxyScriptFetcherImpl : public ProxyScriptFetcher, // URLRequest::Delegate methods: virtual void OnAuthRequired(URLRequest* request, AuthChallengeInfo* auth_info) OVERRIDE; - virtual void OnSSLCertificateError(URLRequest* request, int cert_error, - X509Certificate* cert) OVERRIDE; + virtual void OnSSLCertificateError(URLRequest* request, + const SSLInfo& ssl_info, + bool is_hsts_ok) OVERRIDE; virtual void OnResponseStarted(URLRequest* request) OVERRIDE; virtual void OnReadCompleted(URLRequest* request, int num_bytes) OVERRIDE; diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc index 02667b5..3c12da6 100644 --- a/net/url_request/url_request.cc +++ b/net/url_request/url_request.cc @@ -112,8 +112,8 @@ void URLRequest::Delegate::OnCertificateRequested( } void URLRequest::Delegate::OnSSLCertificateError(URLRequest* request, - int cert_error, - X509Certificate* cert) { + const SSLInfo& ssl_info, + bool is_hsts_ok) { request->Cancel(); } @@ -783,10 +783,10 @@ void URLRequest::NotifyCertificateRequested( delegate_->OnCertificateRequested(this, cert_request_info); } -void URLRequest::NotifySSLCertificateError(int cert_error, - X509Certificate* cert) { +void URLRequest::NotifySSLCertificateError(const SSLInfo& ssl_info, + bool is_hsts_host) { if (delegate_) - delegate_->OnSSLCertificateError(this, cert_error, cert); + delegate_->OnSSLCertificateError(this, ssl_info, is_hsts_host); } bool URLRequest::CanGetCookies(const CookieList& cookie_list) const { diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h index 640f045..7f5f961 100644 --- a/net/url_request/url_request.h +++ b/net/url_request/url_request.h @@ -83,6 +83,7 @@ class CookieOptions; class HostPortPair; class IOBuffer; class SSLCertRequestInfo; +class SSLInfo; class UploadData; class URLRequestContext; class URLRequestJob; @@ -266,9 +267,12 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe) { // safe thing and Cancel() the request or decide to proceed by calling // ContinueDespiteLastError(). cert_error is a ERR_* error code // indicating what's wrong with the certificate. + // If |is_hsts_host| is true then the host in question is an HSTS host + // which demands a higher level of security. In this case, errors must not + // be bypassable by the user. virtual void OnSSLCertificateError(URLRequest* request, - int cert_error, - X509Certificate* cert); + const SSLInfo& ssl_info, + bool is_hsts_host); // Called when reading cookies to allow the delegate to block access to the // cookie. This method will never be invoked when LOAD_DO_NOT_SEND_COOKIES @@ -713,7 +717,8 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe) { // of these functions. void NotifyAuthRequired(AuthChallengeInfo* auth_info); void NotifyCertificateRequested(SSLCertRequestInfo* cert_request_info); - void NotifySSLCertificateError(int cert_error, X509Certificate* cert); + void NotifySSLCertificateError(const SSLInfo& ssl_info, + bool is_hsts_host); bool CanGetCookies(const CookieList& cookie_list) const; bool CanSetCookie(const std::string& cookie_line, CookieOptions* options) const; diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index cdb94fa..08b7762 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -686,13 +686,18 @@ void URLRequestHttpJob::OnStartCompleted(int result) { if (result == OK) { SaveCookiesAndNotifyHeadersComplete(); - } else if (ShouldTreatAsCertificateError(result)) { + } else if (IsCertificateError(result)) { // We encountered an SSL certificate error. Ask our delegate to decide // what we should do. - // TODO(wtc): also pass ssl_info.cert_status, or just pass the whole - // ssl_info. - NotifySSLCertificateError( - result, transaction_->GetResponseInfo()->ssl_info.cert); + + TransportSecurityState::DomainState domain_state; + const bool is_hsts_host = + context_->transport_security_state() && + context_->transport_security_state()->IsEnabledForHost( + &domain_state, request_info_.url.host(), + SSLConfigService::IsSNIAvailable(context_->ssl_config_service())); + NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, + is_hsts_host); } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { NotifyCertificateRequested( transaction_->GetResponseInfo()->cert_request_info); @@ -719,27 +724,6 @@ void URLRequestHttpJob::OnReadCompleted(int result) { NotifyReadComplete(result); } -bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) { - if (!IsCertificateError(result)) - return false; - - // Revocation check failures are always certificate errors, even if the host - // is using Strict-Transport-Security. - if (result == ERR_CERT_UNABLE_TO_CHECK_REVOCATION) - return true; - - // Check whether our context is using Strict-Transport-Security. - if (!context_->transport_security_state()) - return true; - - TransportSecurityState::DomainState domain_state; - const bool r = context_->transport_security_state()->IsEnabledForHost( - &domain_state, request_info_.url.host(), - SSLConfigService::IsSNIAvailable(context_->ssl_config_service())); - - return !r; -} - void URLRequestHttpJob::RestartTransactionWithAuth( const string16& username, const string16& password) { diff --git a/net/url_request/url_request_http_job.h b/net/url_request/url_request_http_job.h index 8293c13..883948d 100644 --- a/net/url_request/url_request_http_job.h +++ b/net/url_request/url_request_http_job.h @@ -59,8 +59,6 @@ class URLRequestHttpJob : public URLRequestJob { void OnReadCompleted(int result); void NotifyBeforeSendHeadersCallback(int result); - bool ShouldTreatAsCertificateError(int result); - void RestartTransactionWithAuth(const string16& username, const string16& password); diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc index 47e38e9..2a23d61 100644 --- a/net/url_request/url_request_job.cc +++ b/net/url_request/url_request_job.cc @@ -228,12 +228,12 @@ void URLRequestJob::NotifyCertificateRequested( request_->NotifyCertificateRequested(cert_request_info); } -void URLRequestJob::NotifySSLCertificateError(int cert_error, - X509Certificate* cert) { +void URLRequestJob::NotifySSLCertificateError(const SSLInfo& ssl_info, + bool is_hsts_host) { if (!request_) return; // The request was destroyed, so there is no more work to do. - request_->NotifySSLCertificateError(cert_error, cert); + request_->NotifySSLCertificateError(ssl_info, is_hsts_host); } bool URLRequestJob::CanGetCookies(const CookieList& cookie_list) const { diff --git a/net/url_request/url_request_job.h b/net/url_request/url_request_job.h index 01547cc..4231ddd 100644 --- a/net/url_request/url_request_job.h +++ b/net/url_request/url_request_job.h @@ -30,6 +30,7 @@ class HttpRequestHeaders; class HttpResponseInfo; class IOBuffer; class SSLCertRequestInfo; +class SSLInfo; class URLRequest; class UploadData; class URLRequestStatus; @@ -197,7 +198,8 @@ class NET_EXPORT URLRequestJob : public base::RefCounted<URLRequestJob>, void NotifyCertificateRequested(SSLCertRequestInfo* cert_request_info); // Notifies the job about an SSL certificate error. - void NotifySSLCertificateError(int cert_error, X509Certificate* cert); + void NotifySSLCertificateError(const SSLInfo& ssl_info, + bool is_hsts_host); // Delegates to URLRequest::Delegate. bool CanGetCookies(const CookieList& cookie_list) const; diff --git a/net/url_request/url_request_test_util.cc b/net/url_request/url_request_test_util.cc index f49d0c4..bffad74 100644 --- a/net/url_request/url_request_test_util.cc +++ b/net/url_request/url_request_test_util.cc @@ -193,8 +193,8 @@ void TestDelegate::OnAuthRequired(net::URLRequest* request, } void TestDelegate::OnSSLCertificateError(net::URLRequest* request, - int cert_error, - net::X509Certificate* cert) { + const net::SSLInfo& ssl_info, + bool is_hsts_host) { // The caller can control whether it needs all SSL requests to go through, // independent of any possible errors, or whether it wants SSL errors to // cancel the request. diff --git a/net/url_request/url_request_test_util.h b/net/url_request/url_request_test_util.h index cac7a72..f8ef867 100644 --- a/net/url_request/url_request_test_util.h +++ b/net/url_request/url_request_test_util.h @@ -129,8 +129,8 @@ class TestDelegate : public net::URLRequest::Delegate { virtual void OnAuthRequired(net::URLRequest* request, net::AuthChallengeInfo* auth_info) OVERRIDE; virtual void OnSSLCertificateError(net::URLRequest* request, - int cert_error, - net::X509Certificate* cert) OVERRIDE; + const net::SSLInfo& ssl_info, + bool is_hsts_host) OVERRIDE; virtual bool CanGetCookies(const net::URLRequest* request, const net::CookieList& cookie_list) const OVERRIDE; virtual bool CanSetCookie(const net::URLRequest* request, |