summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-11-18 22:26:29 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-11-18 22:26:29 +0000
commit34e3be8355b2fd61cd999226c4b8043af6c2200a (patch)
tree46ab94ce387e77d1d97c05f1aeef1ba168c73246 /net
parent447af0b1e8ca4638cdcc554ca5e3583015f23e60 (diff)
downloadchromium_src-34e3be8355b2fd61cd999226c4b8043af6c2200a.zip
chromium_src-34e3be8355b2fd61cd999226c4b8043af6c2200a.tar.gz
chromium_src-34e3be8355b2fd61cd999226c4b8043af6c2200a.tar.bz2
Revert "net: Plumb DnsCertProvenanceChecker around."
This reverts commit r66623. Some how it causes libnspr4.dll to be linked in Chrome Frame builds. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66687 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
-rw-r--r--net/http/http_cache.cc4
-rw-r--r--net/http/http_cache.h2
-rw-r--r--net/http/http_network_layer.cc9
-rw-r--r--net/http/http_network_layer.h5
-rw-r--r--net/http/http_network_layer_unittest.cc3
-rw-r--r--net/http/http_network_session.cc3
-rw-r--r--net/http/http_network_session.h6
-rw-r--r--net/http/http_network_transaction_unittest.cc3
-rw-r--r--net/http/http_proxy_client_socket_pool_unittest.cc2
-rw-r--r--net/http/http_response_body_drainer_unittest.cc5
-rw-r--r--net/http/http_stream_factory_unittest.cc3
-rw-r--r--net/net.gyp4
-rw-r--r--net/proxy/proxy_script_fetcher_impl_unittest.cc2
-rw-r--r--net/socket/client_socket_factory.cc15
-rw-r--r--net/socket/client_socket_factory.h6
-rw-r--r--net/socket/client_socket_pool_base_unittest.cc2
-rw-r--r--net/socket/client_socket_pool_manager.cc5
-rw-r--r--net/socket/client_socket_pool_manager.h3
-rw-r--r--net/socket/dns_cert_provenance_check.cc247
-rw-r--r--net/socket/dns_cert_provenance_check.h26
-rw-r--r--net/socket/dns_cert_provenance_checker.cc258
-rw-r--r--net/socket/dns_cert_provenance_checker.h60
-rw-r--r--net/socket/socket_test_util.cc4
-rw-r--r--net/socket/socket_test_util.h4
-rw-r--r--net/socket/ssl_client_socket_mac_factory.cc2
-rw-r--r--net/socket/ssl_client_socket_mac_factory.h4
-rw-r--r--net/socket/ssl_client_socket_nss.cc13
-rw-r--r--net/socket/ssl_client_socket_nss.h6
-rw-r--r--net/socket/ssl_client_socket_nss_factory.cc4
-rw-r--r--net/socket/ssl_client_socket_nss_factory.h4
-rw-r--r--net/socket/ssl_client_socket_pool.cc14
-rw-r--r--net/socket/ssl_client_socket_pool.h6
-rw-r--r--net/socket/ssl_client_socket_pool_unittest.cc2
-rw-r--r--net/socket/tcp_client_socket_pool_unittest.cc2
-rw-r--r--net/spdy/spdy_test_util.h3
-rw-r--r--net/tools/fetch/fetch_client.cc3
-rw-r--r--net/url_request/url_request_context.cc1
-rw-r--r--net/url_request/url_request_context.h7
-rw-r--r--net/url_request/url_request_unittest.h1
39 files changed, 315 insertions, 438 deletions
diff --git a/net/http/http_cache.cc b/net/http/http_cache.cc
index 896a6ac..1342afa 100644
--- a/net/http/http_cache.cc
+++ b/net/http/http_cache.cc
@@ -280,7 +280,6 @@ class HttpCache::SSLHostInfoFactoryAdaptor : public SSLHostInfoFactory {
HttpCache::HttpCache(HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker_,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
HttpAuthHandlerFactory* http_auth_handler_factory,
@@ -293,8 +292,7 @@ HttpCache::HttpCache(HostResolver* host_resolver,
ssl_host_info_factory_(new SSLHostInfoFactoryAdaptor(
ALLOW_THIS_IN_INITIALIZER_LIST(this))),
network_layer_(HttpNetworkLayer::CreateFactory(host_resolver,
- dnsrr_resolver, dns_cert_checker_,
- ssl_host_info_factory_.get(),
+ dnsrr_resolver, ssl_host_info_factory_.get(),
proxy_service, ssl_config_service,
http_auth_handler_factory, network_delegate, net_log)),
ALLOW_THIS_IN_INITIALIZER_LIST(task_factory_(this)),
diff --git a/net/http/http_cache.h b/net/http/http_cache.h
index 06c2ab9..0ce22e5 100644
--- a/net/http/http_cache.h
+++ b/net/http/http_cache.h
@@ -41,7 +41,6 @@ class Entry;
namespace net {
-class DnsCertProvenanceChecker;
class DnsRRResolver;
class HostResolver;
class HttpAuthHandlerFactory;
@@ -118,7 +117,6 @@ class HttpCache : public HttpTransactionFactory,
// The HttpCache takes ownership of the |backend_factory|.
HttpCache(HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
HttpAuthHandlerFactory* http_auth_handler_factory,
diff --git a/net/http/http_network_layer.cc b/net/http/http_network_layer.cc
index 3da23c2..5322e85 100644
--- a/net/http/http_network_layer.cc
+++ b/net/http/http_network_layer.cc
@@ -22,7 +22,6 @@ namespace net {
HttpTransactionFactory* HttpNetworkLayer::CreateFactory(
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
@@ -33,7 +32,6 @@ HttpTransactionFactory* HttpNetworkLayer::CreateFactory(
return new HttpNetworkLayer(ClientSocketFactory::GetDefaultFactory(),
host_resolver, dnsrr_resolver,
- dns_cert_checker,
ssl_host_info_factory, proxy_service,
ssl_config_service, http_auth_handler_factory,
network_delegate,
@@ -53,7 +51,6 @@ HttpNetworkLayer::HttpNetworkLayer(
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
@@ -63,7 +60,6 @@ HttpNetworkLayer::HttpNetworkLayer(
: socket_factory_(socket_factory),
host_resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
- dns_cert_checker_(dns_cert_checker),
ssl_host_info_factory_(ssl_host_info_factory),
proxy_service_(proxy_service),
ssl_config_service_(ssl_config_service),
@@ -81,7 +77,6 @@ HttpNetworkLayer::HttpNetworkLayer(
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
@@ -92,7 +87,6 @@ HttpNetworkLayer::HttpNetworkLayer(
: socket_factory_(socket_factory),
host_resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
- dns_cert_checker_(dns_cert_checker),
ssl_host_info_factory_(ssl_host_info_factory),
proxy_service_(proxy_service),
ssl_config_service_(ssl_config_service),
@@ -109,7 +103,6 @@ HttpNetworkLayer::HttpNetworkLayer(
HttpNetworkLayer::HttpNetworkLayer(HttpNetworkSession* session)
: socket_factory_(ClientSocketFactory::GetDefaultFactory()),
dnsrr_resolver_(NULL),
- dns_cert_checker_(NULL),
ssl_host_info_factory_(NULL),
ssl_config_service_(NULL),
session_(session),
@@ -151,7 +144,6 @@ HttpNetworkSession* HttpNetworkLayer::GetSession() {
session_ = new HttpNetworkSession(
host_resolver_,
dnsrr_resolver_,
- dns_cert_checker_,
ssl_host_info_factory_,
proxy_service_,
socket_factory_,
@@ -163,7 +155,6 @@ HttpNetworkSession* HttpNetworkLayer::GetSession() {
// These were just temps for lazy-initializing HttpNetworkSession.
host_resolver_ = NULL;
dnsrr_resolver_ = NULL;
- dns_cert_checker_ = NULL;
ssl_host_info_factory_ = NULL;
proxy_service_ = NULL;
socket_factory_ = NULL;
diff --git a/net/http/http_network_layer.h b/net/http/http_network_layer.h
index 7781efb..63ae3f2 100644
--- a/net/http/http_network_layer.h
+++ b/net/http/http_network_layer.h
@@ -16,7 +16,6 @@
namespace net {
class ClientSocketFactory;
-class DnsCertProvenanceChecker;
class DnsRRResolver;
class HostResolver;
class HttpAuthHandlerFactory;
@@ -35,7 +34,6 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe {
HttpNetworkLayer(ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
@@ -48,7 +46,6 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe {
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
@@ -65,7 +62,6 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe {
static HttpTransactionFactory* CreateFactory(
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service,
@@ -104,7 +100,6 @@ class HttpNetworkLayer : public HttpTransactionFactory, public NonThreadSafe {
// creating |session_|.
HostResolver* host_resolver_;
DnsRRResolver* dnsrr_resolver_;
- DnsCertProvenanceChecker* dns_cert_checker_;
SSLHostInfoFactory* ssl_host_info_factory_;
scoped_refptr<ProxyService> proxy_service_;
diff --git a/net/http/http_network_layer_unittest.cc b/net/http/http_network_layer_unittest.cc
index 3ed54bf..2850404 100644
--- a/net/http/http_network_layer_unittest.cc
+++ b/net/http/http_network_layer_unittest.cc
@@ -25,7 +25,6 @@ TEST_F(HttpNetworkLayerTest, CreateAndDestroy) {
NULL,
&host_resolver,
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
net::ProxyService::CreateDirect(),
new net::SSLConfigServiceDefaults,
@@ -45,7 +44,6 @@ TEST_F(HttpNetworkLayerTest, Suspend) {
NULL,
&host_resolver,
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
net::ProxyService::CreateDirect(),
new net::SSLConfigServiceDefaults,
@@ -94,7 +92,6 @@ TEST_F(HttpNetworkLayerTest, GET) {
&mock_socket_factory,
&host_resolver,
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
net::ProxyService::CreateDirect(),
new net::SSLConfigServiceDefaults,
diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc
index 1e77b49..d96f901 100644
--- a/net/http/http_network_session.cc
+++ b/net/http/http_network_session.cc
@@ -21,7 +21,6 @@ namespace net {
HttpNetworkSession::HttpNetworkSession(
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
ClientSocketFactory* client_socket_factory,
@@ -33,14 +32,12 @@ HttpNetworkSession::HttpNetworkSession(
: socket_factory_(client_socket_factory),
host_resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
- dns_cert_checker_(dns_cert_checker),
proxy_service_(proxy_service),
ssl_config_service_(ssl_config_service),
socket_pool_manager_(net_log,
client_socket_factory,
host_resolver,
dnsrr_resolver,
- dns_cert_checker,
ssl_host_info_factory,
proxy_service,
ssl_config_service),
diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h
index 43424d2..53ae36a 100644
--- a/net/http/http_network_session.h
+++ b/net/http/http_network_session.h
@@ -29,7 +29,6 @@ class Value;
namespace net {
class ClientSocketFactory;
-class DnsCertProvenanceChecker;
class DnsRRResolver;
class HttpAuthHandlerFactory;
class HttpNetworkDelegate;
@@ -49,7 +48,6 @@ class HttpNetworkSession : public base::RefCounted<HttpNetworkSession>,
HttpNetworkSession(
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
ClientSocketFactory* client_socket_factory,
@@ -110,9 +108,6 @@ class HttpNetworkSession : public base::RefCounted<HttpNetworkSession>,
ClientSocketFactory* socket_factory() { return socket_factory_; }
HostResolver* host_resolver() { return host_resolver_; }
DnsRRResolver* dnsrr_resolver() { return dnsrr_resolver_; }
- DnsCertProvenanceChecker* dns_cert_checker() {
- return dns_cert_checker_;
- }
ProxyService* proxy_service() { return proxy_service_; }
SSLConfigService* ssl_config_service() { return ssl_config_service_; }
SpdySessionPool* spdy_session_pool() { return spdy_session_pool_.get(); }
@@ -153,7 +148,6 @@ class HttpNetworkSession : public base::RefCounted<HttpNetworkSession>,
HttpAlternateProtocols alternate_protocols_;
HostResolver* const host_resolver_;
DnsRRResolver* dnsrr_resolver_;
- DnsCertProvenanceChecker* dns_cert_checker_;
scoped_refptr<ProxyService> proxy_service_;
scoped_refptr<SSLConfigService> ssl_config_service_;
ClientSocketPoolManager socket_pool_manager_;
diff --git a/net/http/http_network_transaction_unittest.cc b/net/http/http_network_transaction_unittest.cc
index f765696..6a389af 100644
--- a/net/http/http_network_transaction_unittest.cc
+++ b/net/http/http_network_transaction_unittest.cc
@@ -100,7 +100,6 @@ struct SessionDependencies {
HttpNetworkSession* CreateSession(SessionDependencies* session_deps) {
return new HttpNetworkSession(session_deps->host_resolver.get(),
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
session_deps->proxy_service,
&session_deps->socket_factory,
@@ -308,7 +307,7 @@ template<>
CaptureGroupNameSSLSocketPool::CaptureGroupNameSocketPool(
HttpNetworkSession* session)
: SSLClientSocketPool(0, 0, NULL, session->host_resolver(), NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL) {}
+ NULL, NULL, NULL, NULL, NULL, NULL) {}
//-----------------------------------------------------------------------------
diff --git a/net/http/http_proxy_client_socket_pool_unittest.cc b/net/http/http_proxy_client_socket_pool_unittest.cc
index 56fae19..f5bc2e7 100644
--- a/net/http/http_proxy_client_socket_pool_unittest.cc
+++ b/net/http/http_proxy_client_socket_pool_unittest.cc
@@ -66,7 +66,6 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam {
&ssl_histograms_,
host_resolver_.get(),
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
&socket_factory_,
&tcp_socket_pool_,
@@ -78,7 +77,6 @@ class HttpProxyClientSocketPoolTest : public TestWithHttpParam {
HttpAuthHandlerFactory::CreateDefault(host_resolver_.get())),
session_(new HttpNetworkSession(host_resolver_.get(),
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
ProxyService::CreateDirect(),
&socket_factory_,
diff --git a/net/http/http_response_body_drainer_unittest.cc b/net/http/http_response_body_drainer_unittest.cc
index 75f099a..d8c9bb7 100644
--- a/net/http/http_response_body_drainer_unittest.cc
+++ b/net/http/http_response_body_drainer_unittest.cc
@@ -175,9 +175,8 @@ class HttpResponseBodyDrainerTest : public testing::Test {
protected:
HttpResponseBodyDrainerTest()
: session_(new HttpNetworkSession(
- NULL /* host_resolver */,
- NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
+ NULL,
+ NULL,
NULL /* ssl_host_info_factory */,
ProxyService::CreateDirect(),
NULL,
diff --git a/net/http/http_stream_factory_unittest.cc b/net/http/http_stream_factory_unittest.cc
index 63fce33..c295363 100644
--- a/net/http/http_stream_factory_unittest.cc
+++ b/net/http/http_stream_factory_unittest.cc
@@ -44,7 +44,6 @@ struct SessionDependencies {
HttpNetworkSession* CreateSession(SessionDependencies* session_deps) {
return new HttpNetworkSession(session_deps->host_resolver.get(),
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
session_deps->proxy_service,
&session_deps->socket_factory,
@@ -171,7 +170,7 @@ template<>
CapturePreconnectsSSLSocketPool::CapturePreconnectsSocketPool(
HttpNetworkSession* session)
: SSLClientSocketPool(0, 0, NULL, session->host_resolver(), NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, NULL) {}
+ NULL, NULL, NULL, NULL, NULL, NULL) {}
TEST(HttpStreamFactoryTest, PreconnectDirect) {
for (size_t i = 0; i < arraysize(kTests); ++i) {
diff --git a/net/net.gyp b/net/net.gyp
index dc6e4b6..b9e3776 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -582,8 +582,8 @@
'socket/client_socket_pool_histograms.h',
'socket/client_socket_pool_manager.cc',
'socket/client_socket_pool_manager.h',
- 'socket/dns_cert_provenance_checker.cc',
- 'socket/dns_cert_provenance_checker.h',
+ 'socket/dns_cert_provenance_check.cc',
+ 'socket/dns_cert_provenance_check.h',
'socket/socket.h',
'socket/socks5_client_socket.cc',
'socket/socks5_client_socket.h',
diff --git a/net/proxy/proxy_script_fetcher_impl_unittest.cc b/net/proxy/proxy_script_fetcher_impl_unittest.cc
index 6266b68..4734997 100644
--- a/net/proxy/proxy_script_fetcher_impl_unittest.cc
+++ b/net/proxy/proxy_script_fetcher_impl_unittest.cc
@@ -43,7 +43,7 @@ class RequestContext : public URLRequestContext {
ssl_config_service_ = new net::SSLConfigServiceDefaults;
http_transaction_factory_ = new net::HttpCache(
- net::HttpNetworkLayer::CreateFactory(host_resolver_, NULL, NULL, NULL,
+ net::HttpNetworkLayer::CreateFactory(host_resolver_, NULL, NULL,
proxy_service_, ssl_config_service_, NULL, NULL, NULL),
net::HttpCache::DefaultBackend::InMemory(0));
}
diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc
index 8965630..72afd63 100644
--- a/net/socket/client_socket_factory.cc
+++ b/net/socket/client_socket_factory.cc
@@ -21,7 +21,7 @@
namespace net {
-class DnsCertProvenanceChecker;
+class DnsRRResolver;
namespace {
@@ -30,7 +30,7 @@ SSLClientSocket* DefaultSSLClientSocketFactory(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ DnsRRResolver* dnsrr_resolver) {
scoped_ptr<SSLHostInfo> shi(ssl_host_info);
#if defined(OS_WIN)
return new SSLClientSocketWin(transport_socket, host_and_port, ssl_config);
@@ -39,10 +39,10 @@ SSLClientSocket* DefaultSSLClientSocketFactory(
ssl_config);
#elif defined(USE_NSS)
return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), dns_cert_checker);
+ shi.release(), dnsrr_resolver);
#elif defined(OS_MACOSX)
return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), dns_cert_checker);
+ shi.release(), dnsrr_resolver);
#else
NOTIMPLEMENTED();
return NULL;
@@ -65,9 +65,9 @@ class DefaultClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ DnsRRResolver* dnsrr_resolver) {
return g_ssl_factory(transport_socket, host_and_port, ssl_config,
- ssl_host_info, dns_cert_checker);
+ ssl_host_info, dnsrr_resolver);
}
};
@@ -93,8 +93,7 @@ SSLClientSocket* ClientSocketFactory::CreateSSLClientSocket(
ClientSocketHandle* socket_handle = new ClientSocketHandle();
socket_handle->set_socket(transport_socket);
return CreateSSLClientSocket(socket_handle, host_and_port, ssl_config,
- ssl_host_info,
- NULL /* DnsCertProvenanceChecker */);
+ ssl_host_info, NULL /* DnsRRResolver */);
}
} // namespace net
diff --git a/net/socket/client_socket_factory.h b/net/socket/client_socket_factory.h
index 0ab370a9..196b2ab 100644
--- a/net/socket/client_socket_factory.h
+++ b/net/socket/client_socket_factory.h
@@ -16,7 +16,7 @@ namespace net {
class AddressList;
class ClientSocket;
class ClientSocketHandle;
-class DnsCertProvenanceChecker;
+class DnsRRResolver;
class HostPortPair;
class SSLClientSocket;
struct SSLConfig;
@@ -28,7 +28,7 @@ typedef SSLClientSocket* (*SSLClientSocketFactory)(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker);
+ DnsRRResolver* dnsrr_resolver);
// An interface used to instantiate ClientSocket objects. Used to facilitate
// testing code with mock socket implementations.
@@ -48,7 +48,7 @@ class ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) = 0;
+ DnsRRResolver* dnsrr_resolver) = 0;
// Deprecated function (http://crbug.com/37810) that takes a ClientSocket.
virtual SSLClientSocket* CreateSSLClientSocket(
diff --git a/net/socket/client_socket_pool_base_unittest.cc b/net/socket/client_socket_pool_base_unittest.cc
index d145bdf..5e7eb7f 100644
--- a/net/socket/client_socket_pool_base_unittest.cc
+++ b/net/socket/client_socket_pool_base_unittest.cc
@@ -110,7 +110,7 @@ class MockClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ DnsRRResolver* dnsrr_resolver) {
NOTIMPLEMENTED();
delete ssl_host_info;
return NULL;
diff --git a/net/socket/client_socket_pool_manager.cc b/net/socket/client_socket_pool_manager.cc
index 6c73c36..512360b 100644
--- a/net/socket/client_socket_pool_manager.cc
+++ b/net/socket/client_socket_pool_manager.cc
@@ -56,7 +56,6 @@ ClientSocketPoolManager::ClientSocketPoolManager(
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service)
@@ -64,7 +63,6 @@ ClientSocketPoolManager::ClientSocketPoolManager(
socket_factory_(socket_factory),
host_resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
- dns_cert_checker_(dns_cert_checker),
ssl_host_info_factory_(ssl_host_info_factory),
proxy_service_(proxy_service),
ssl_config_service_(ssl_config_service),
@@ -81,7 +79,6 @@ ClientSocketPoolManager::ClientSocketPoolManager(
&ssl_pool_histograms_,
host_resolver,
dnsrr_resolver,
- dns_cert_checker,
ssl_host_info_factory,
socket_factory,
tcp_socket_pool_.get(),
@@ -231,7 +228,6 @@ HttpProxyClientSocketPool* ClientSocketPoolManager::GetSocketPoolForHTTPProxy(
&ssl_for_https_proxy_pool_histograms_,
host_resolver_,
dnsrr_resolver_,
- dns_cert_checker_,
ssl_host_info_factory_,
socket_factory_,
tcp_https_ret.first->second /* https proxy */,
@@ -267,7 +263,6 @@ SSLClientSocketPool* ClientSocketPoolManager::GetSocketPoolForSSLWithProxy(
&ssl_pool_histograms_,
host_resolver_,
dnsrr_resolver_,
- dns_cert_checker_,
ssl_host_info_factory_,
socket_factory_,
NULL, /* no tcp pool, we always go through a proxy */
diff --git a/net/socket/client_socket_pool_manager.h b/net/socket/client_socket_pool_manager.h
index 823213e..c6d8f6f 100644
--- a/net/socket/client_socket_pool_manager.h
+++ b/net/socket/client_socket_pool_manager.h
@@ -25,7 +25,6 @@ namespace net {
class ClientSocketFactory;
class ClientSocketPoolHistograms;
-class DnsCertProvenanceChecker;
class DnsRRResolver;
class HostPortPair;
class HttpProxyClientSocketPool;
@@ -62,7 +61,6 @@ class ClientSocketPoolManager : public NonThreadSafe {
ClientSocketFactory* socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ProxyService* proxy_service,
SSLConfigService* ssl_config_service);
@@ -107,7 +105,6 @@ class ClientSocketPoolManager : public NonThreadSafe {
ClientSocketFactory* const socket_factory_;
HostResolver* const host_resolver_;
DnsRRResolver* const dnsrr_resolver_;
- DnsCertProvenanceChecker* const dns_cert_checker_;
SSLHostInfoFactory* const ssl_host_info_factory_;
const scoped_refptr<ProxyService> proxy_service_;
const scoped_refptr<SSLConfigService> ssl_config_service_;
diff --git a/net/socket/dns_cert_provenance_check.cc b/net/socket/dns_cert_provenance_check.cc
new file mode 100644
index 0000000..61b9a04
--- /dev/null
+++ b/net/socket/dns_cert_provenance_check.cc
@@ -0,0 +1,247 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/socket/dns_cert_provenance_check.h"
+
+#include <nspr.h>
+
+#include <hasht.h>
+#include <keyhi.h>
+#include <pk11pub.h>
+#include <sechash.h>
+
+#include <string>
+
+#include "base/crypto/encryptor.h"
+#include "base/crypto/symmetric_key.h"
+#include "base/non_thread_safe.h"
+#include "base/pickle.h"
+#include "net/base/completion_callback.h"
+#include "net/base/dns_util.h"
+#include "net/base/dnsrr_resolver.h"
+#include "net/base/net_errors.h"
+#include "net/base/net_log.h"
+
+namespace net {
+
+namespace {
+
+// A DER encoded SubjectPublicKeyInfo structure containing the server's public
+// key.
+const uint8 kServerPublicKey[] = {
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
+ 0x04, 0xc7, 0xea, 0x88, 0x60, 0x52, 0xe3, 0xa3, 0x3e, 0x39, 0x92, 0x0f, 0xa4,
+ 0x3d, 0xba, 0xd8, 0x02, 0x2d, 0x06, 0x4d, 0x64, 0x98, 0x66, 0xb4, 0x82, 0xf0,
+ 0x23, 0xa6, 0xd8, 0x37, 0x55, 0x7c, 0x01, 0xbf, 0x18, 0xd8, 0x16, 0x9e, 0x66,
+ 0xdc, 0x49, 0xbf, 0x2e, 0x86, 0xe3, 0x99, 0xbd, 0xb3, 0x75, 0x25, 0x61, 0x04,
+ 0x6c, 0x2e, 0xfb, 0x32, 0x42, 0x27, 0xe4, 0x23, 0xea, 0xcd, 0x81, 0x62, 0xc1,
+};
+
+class DNSCertProvenanceChecker : public NonThreadSafe {
+ public:
+ DNSCertProvenanceChecker(const std::string hostname,
+ DnsRRResolver* dnsrr_resolver,
+ const std::vector<base::StringPiece>& der_certs)
+ : hostname_(hostname),
+ dnsrr_resolver_(dnsrr_resolver),
+ der_certs_(der_certs.size()),
+ handle_(DnsRRResolver::kInvalidHandle),
+ ALLOW_THIS_IN_INITIALIZER_LIST(callback_(
+ this, &DNSCertProvenanceChecker::ResolutionComplete)) {
+ for (size_t i = 0; i < der_certs.size(); i++)
+ der_certs_[i] = der_certs[i].as_string();
+ }
+
+ void Start() {
+ DCHECK(CalledOnValidThread());
+
+ if (der_certs_.empty())
+ return;
+
+ uint8 fingerprint[SHA1_LENGTH];
+ SECStatus rv = HASH_HashBuf(
+ HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(),
+ der_certs_[0].size());
+ DCHECK_EQ(SECSuccess, rv);
+ char fingerprint_hex[SHA1_LENGTH * 2 + 1];
+ for (unsigned i = 0; i < sizeof(fingerprint); i++) {
+ static const char hextable[] = "0123456789abcdef";
+ fingerprint_hex[i*2] = hextable[fingerprint[i] >> 4];
+ fingerprint_hex[i*2 + 1] = hextable[fingerprint[i] & 15];
+ }
+ fingerprint_hex[SHA1_LENGTH * 2] = 0;
+
+ static const char kBaseCertName[] = ".certs.links.org";
+ domain_.assign(fingerprint_hex);
+ domain_.append(kBaseCertName);
+
+ handle_ = dnsrr_resolver_->Resolve(
+ domain_, kDNS_TXT, 0 /* flags */, &callback_, &response_,
+ 0 /* priority */, BoundNetLog());
+ if (handle_ == DnsRRResolver::kInvalidHandle) {
+ LOG(ERROR) << "Failed to resolve " << domain_ << " for " << hostname_;
+ delete this;
+ }
+ }
+
+ private:
+ void ResolutionComplete(int status) {
+ DCHECK(CalledOnValidThread());
+
+ if (status == ERR_NAME_NOT_RESOLVED ||
+ (status == OK && response_.rrdatas.empty())) {
+ LOG(ERROR) << "FAILED"
+ << " hostname:" << hostname_
+ << " domain:" << domain_;
+ BuildRecord();
+ } else if (status == OK) {
+ LOG(ERROR) << "GOOD"
+ << " hostname:" << hostname_
+ << " resp:" << response_.rrdatas[0];
+ } else {
+ LOG(ERROR) << "Unknown error " << status << " for " << domain_;
+ }
+
+ delete this;
+ }
+
+ // BuildRecord encrypts the certificate chain to a fixed public key and
+ // returns the encrypted blob. Since this code is reporting a possible HTTPS
+ // failure, it would seem silly to use HTTPS to protect the uploaded report.
+ std::string BuildRecord() {
+ static const int kVersion = 0;
+ static const unsigned kKeySizeInBytes = 16; // AES-128
+ static const unsigned kIVSizeInBytes = 16; // AES's block size
+ static const unsigned kPadSize = 4096; // we pad up to 4KB,
+ // This is a DER encoded, ANSI X9.62 CurveParams object which simply
+ // specifies P256.
+ static const uint8 kANSIX962CurveParams[] = {
+ 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
+ };
+
+ DCHECK(CalledOnValidThread());
+
+ Pickle p;
+ p.WriteString(hostname_);
+ p.WriteInt(der_certs_.size());
+ for (std::vector<std::string>::const_iterator
+ i = der_certs_.begin(); i != der_certs_.end(); i++) {
+ p.WriteString(*i);
+ }
+ // We pad to eliminate the possibility that someone could see the size of
+ // an upload and use that information to reduce the anonymity set of the
+ // certificate chain.
+ // The "2*sizeof(uint32)" here covers the padding length which we add next
+ // and Pickle's internal length which it includes at the beginning of the
+ // data.
+ unsigned pad_bytes = kPadSize - ((p.size() + 2*sizeof(uint32)) % kPadSize);
+ p.WriteUInt32(pad_bytes);
+ char* padding = new char[pad_bytes];
+ memset(padding, 0, pad_bytes);
+ p.WriteData(padding, pad_bytes);
+ delete[] padding;
+
+ // We generate a random public value and perform a DH key agreement with
+ // the server's fixed value.
+ SECKEYPublicKey* pub_key = NULL;
+ SECKEYPrivateKey* priv_key = NULL;
+ SECItem ec_der_params;
+ memset(&ec_der_params, 0, sizeof(ec_der_params));
+ ec_der_params.data = const_cast<uint8*>(kANSIX962CurveParams);
+ ec_der_params.len = sizeof(kANSIX962CurveParams);
+ priv_key = SECKEY_CreateECPrivateKey(&ec_der_params, &pub_key, NULL);
+ SECKEYPublicKey* server_pub_key = GetServerPubKey();
+
+ // This extracts the big-endian, x value of the shared point.
+ // The values of the arguments match ssl3_SendECDHClientKeyExchange in NSS
+ // 3.12.8's lib/ssl/ssl3ecc.c
+ PK11SymKey* pms = PK11_PubDeriveWithKDF(
+ priv_key, server_pub_key, PR_FALSE /* is sender */,
+ NULL /* random a */, NULL /* random b */, CKM_ECDH1_DERIVE,
+ CKM_TLS_MASTER_KEY_DERIVE_DH, CKA_DERIVE, 0 /* key size */,
+ CKD_NULL /* KDF */, NULL /* shared data */, NULL /* wincx */);
+ SECKEY_DestroyPublicKey(server_pub_key);
+ SECStatus rv = PK11_ExtractKeyValue(pms);
+ DCHECK_EQ(SECSuccess, rv);
+ SECItem* x_data = PK11_GetKeyData(pms);
+
+ // The key and IV are 128-bits and generated from a SHA256 hash of the x
+ // value.
+ char key_data[SHA256_LENGTH];
+ HASH_HashBuf(HASH_AlgSHA256, reinterpret_cast<uint8*>(key_data),
+ x_data->data, x_data->len);
+ PK11_FreeSymKey(pms);
+
+ DCHECK_GE(sizeof(key_data), kKeySizeInBytes + kIVSizeInBytes);
+ std::string raw_key(key_data, kKeySizeInBytes);
+
+ scoped_ptr<base::SymmetricKey> symkey(
+ base::SymmetricKey::Import(base::SymmetricKey::AES, raw_key));
+ std::string iv(key_data + kKeySizeInBytes, kIVSizeInBytes);
+
+ base::Encryptor encryptor;
+ bool r = encryptor.Init(symkey.get(), base::Encryptor::CBC, iv);
+ CHECK(r);
+
+ std::string plaintext(reinterpret_cast<const char*>(p.data()), p.size());
+ std::string ciphertext;
+ encryptor.Encrypt(plaintext, &ciphertext);
+
+ // We use another Pickle object to serialise the 'outer' wrapping of the
+ // plaintext.
+ Pickle outer;
+ outer.WriteInt(kVersion);
+
+ SECItem* pub_key_serialized = SECKEY_EncodeDERSubjectPublicKeyInfo(pub_key);
+ outer.WriteString(
+ std::string(reinterpret_cast<char*>(pub_key_serialized->data),
+ pub_key_serialized->len));
+ SECITEM_FreeItem(pub_key_serialized, PR_TRUE);
+
+ outer.WriteString(ciphertext);
+
+ SECKEY_DestroyPublicKey(pub_key);
+ SECKEY_DestroyPrivateKey(priv_key);
+
+ return std::string(reinterpret_cast<const char*>(outer.data()),
+ outer.size());
+ }
+
+ SECKEYPublicKey* GetServerPubKey() {
+ DCHECK(CalledOnValidThread());
+
+ SECItem der;
+ memset(&der, 0, sizeof(der));
+ der.data = const_cast<uint8*>(kServerPublicKey);
+ der.len = sizeof(kServerPublicKey);
+
+ CERTSubjectPublicKeyInfo* spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
+ SECKEYPublicKey* public_key = SECKEY_ExtractPublicKey(spki);
+ SECKEY_DestroySubjectPublicKeyInfo(spki);
+
+ return public_key;
+ }
+
+ const std::string hostname_;
+ std::string domain_;
+ DnsRRResolver* const dnsrr_resolver_;
+ std::vector<std::string> der_certs_;
+ RRResponse response_;
+ DnsRRResolver::Handle handle_;
+ CompletionCallbackImpl<DNSCertProvenanceChecker> callback_;
+};
+
+} // anonymous namespace
+
+void DoAsyncDNSCertProvenanceVerification(
+ const std::string& hostname,
+ DnsRRResolver* dnsrr_resolver,
+ const std::vector<base::StringPiece>& der_certs) {
+ DNSCertProvenanceChecker* c(new DNSCertProvenanceChecker(
+ hostname, dnsrr_resolver, der_certs));
+ c->Start();
+}
+
+} // namespace net
diff --git a/net/socket/dns_cert_provenance_check.h b/net/socket/dns_cert_provenance_check.h
new file mode 100644
index 0000000..289cccf
--- /dev/null
+++ b/net/socket/dns_cert_provenance_check.h
@@ -0,0 +1,26 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef NET_SOCKET_DNS_CERT_PROVENANCE_CHECK_H
+#define NET_SOCKET_DNS_CERT_PROVENANCE_CHECK_H
+
+#include <string>
+#include <vector>
+
+#include "base/string_piece.h"
+
+namespace net {
+
+class DnsRRResolver;
+
+// DoAsyncDNSCertProvenanceVerification starts an asynchronous check for the
+// given certificate chain. It must be run on the network thread.
+void DoAsyncDNSCertProvenanceVerification(
+ const std::string& hostname,
+ DnsRRResolver* dnsrr_resolver,
+ const std::vector<base::StringPiece>& der_certs);
+
+} // namespace net
+
+#endif // NET_SOCKET_DNS_CERT_PROVENANCE_CHECK_H
diff --git a/net/socket/dns_cert_provenance_checker.cc b/net/socket/dns_cert_provenance_checker.cc
deleted file mode 100644
index 16ea87f..0000000
--- a/net/socket/dns_cert_provenance_checker.cc
+++ /dev/null
@@ -1,258 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/socket/dns_cert_provenance_checker.h"
-
-#include <nspr.h>
-
-#include <hasht.h>
-#include <keyhi.h>
-#include <pk11pub.h>
-#include <sechash.h>
-
-#include <string>
-
-#include "base/basictypes.h"
-#include "base/crypto/encryptor.h"
-#include "base/crypto/symmetric_key.h"
-#include "base/non_thread_safe.h"
-#include "base/pickle.h"
-#include "net/base/completion_callback.h"
-#include "net/base/dns_util.h"
-#include "net/base/dnsrr_resolver.h"
-#include "net/base/net_errors.h"
-#include "net/base/net_log.h"
-
-namespace net {
-
-namespace {
-
-// A DER encoded SubjectPublicKeyInfo structure containing the server's public
-// key.
-const uint8 kServerPublicKey[] = {
- 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
- 0x04, 0xc7, 0xea, 0x88, 0x60, 0x52, 0xe3, 0xa3, 0x3e, 0x39, 0x92, 0x0f, 0xa4,
- 0x3d, 0xba, 0xd8, 0x02, 0x2d, 0x06, 0x4d, 0x64, 0x98, 0x66, 0xb4, 0x82, 0xf0,
- 0x23, 0xa6, 0xd8, 0x37, 0x55, 0x7c, 0x01, 0xbf, 0x18, 0xd8, 0x16, 0x9e, 0x66,
- 0xdc, 0x49, 0xbf, 0x2e, 0x86, 0xe3, 0x99, 0xbd, 0xb3, 0x75, 0x25, 0x61, 0x04,
- 0x6c, 0x2e, 0xfb, 0x32, 0x42, 0x27, 0xe4, 0x23, 0xea, 0xcd, 0x81, 0x62, 0xc1,
-};
-
-// DnsCertProvenanceCheck performs the DNS lookup of the certificate. This
-// class is self-deleting.
-class DnsCertProvenanceCheck : public NonThreadSafe {
- public:
- DnsCertProvenanceCheck(
- const std::string& hostname,
- DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker::Delegate* delegate,
- const std::vector<base::StringPiece>& der_certs)
- : hostname_(hostname),
- dnsrr_resolver_(dnsrr_resolver),
- delegate_(delegate),
- der_certs_(der_certs.size()),
- handle_(DnsRRResolver::kInvalidHandle),
- ALLOW_THIS_IN_INITIALIZER_LIST(callback_(
- this, &DnsCertProvenanceCheck::ResolutionComplete)) {
- for (size_t i = 0; i < der_certs.size(); i++)
- der_certs_[i] = der_certs[i].as_string();
- }
-
- void Start() {
- DCHECK(CalledOnValidThread());
-
- if (der_certs_.empty())
- return;
-
- uint8 fingerprint[SHA1_LENGTH];
- SECStatus rv = HASH_HashBuf(
- HASH_AlgSHA1, fingerprint, (uint8*) der_certs_[0].data(),
- der_certs_[0].size());
- DCHECK_EQ(SECSuccess, rv);
- char fingerprint_hex[SHA1_LENGTH * 2 + 1];
- for (unsigned i = 0; i < sizeof(fingerprint); i++) {
- static const char hextable[] = "0123456789abcdef";
- fingerprint_hex[i*2] = hextable[fingerprint[i] >> 4];
- fingerprint_hex[i*2 + 1] = hextable[fingerprint[i] & 15];
- }
- fingerprint_hex[SHA1_LENGTH * 2] = 0;
-
- static const char kBaseCertName[] = ".certs.links.org";
- domain_.assign(fingerprint_hex);
- domain_.append(kBaseCertName);
-
- handle_ = dnsrr_resolver_->Resolve(
- domain_, kDNS_TXT, 0 /* flags */, &callback_, &response_,
- 0 /* priority */, BoundNetLog());
- if (handle_ == DnsRRResolver::kInvalidHandle) {
- LOG(ERROR) << "Failed to resolve " << domain_ << " for " << hostname_;
- delete this;
- }
- }
-
- private:
- void ResolutionComplete(int status) {
- DCHECK(CalledOnValidThread());
-
- if (status == ERR_NAME_NOT_RESOLVED ||
- (status == OK && response_.rrdatas.empty())) {
- LOG(ERROR) << "FAILED"
- << " hostname:" << hostname_
- << " domain:" << domain_;
- delegate_->OnDnsCertLookupFailed(hostname_, der_certs_);
- } else if (status == OK) {
- LOG(ERROR) << "GOOD"
- << " hostname:" << hostname_
- << " resp:" << response_.rrdatas[0];
- } else {
- LOG(ERROR) << "Unknown error " << status << " for " << domain_;
- }
-
- delete this;
- }
-
-
- const std::string hostname_;
- std::string domain_;
- DnsRRResolver* dnsrr_resolver_;
- DnsCertProvenanceChecker::Delegate* const delegate_;
- std::vector<std::string> der_certs_;
- RRResponse response_;
- DnsRRResolver::Handle handle_;
- CompletionCallbackImpl<DnsCertProvenanceCheck> callback_;
-};
-
-SECKEYPublicKey* GetServerPubKey() {
- SECItem der;
- memset(&der, 0, sizeof(der));
- der.data = const_cast<uint8*>(kServerPublicKey);
- der.len = sizeof(kServerPublicKey);
-
- CERTSubjectPublicKeyInfo* spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
- SECKEYPublicKey* public_key = SECKEY_ExtractPublicKey(spki);
- SECKEY_DestroySubjectPublicKeyInfo(spki);
-
- return public_key;
-}
-
-} // namespace
-
-// static
-std::string DnsCertProvenanceChecker::BuildEncryptedReport(
- const std::string& hostname,
- const std::vector<std::string>& der_certs) {
- static const int kVersion = 0;
- static const unsigned kKeySizeInBytes = 16; // AES-128
- static const unsigned kIVSizeInBytes = 16; // AES's block size
- static const unsigned kPadSize = 4096; // we pad up to 4KB,
- // This is a DER encoded, ANSI X9.62 CurveParams object which simply
- // specifies P256.
- static const uint8 kANSIX962CurveParams[] = {
- 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
- };
-
- Pickle p;
- p.WriteString(hostname);
- p.WriteInt(der_certs.size());
- for (std::vector<std::string>::const_iterator
- i = der_certs.begin(); i != der_certs.end(); i++) {
- p.WriteString(*i);
- }
- // We pad to eliminate the possibility that someone could see the size of
- // an upload and use that information to reduce the anonymity set of the
- // certificate chain.
- // The "2*sizeof(uint32)" here covers the padding length which we add next
- // and Pickle's internal length which it includes at the beginning of the
- // data.
- unsigned pad_bytes = kPadSize - ((p.size() + 2*sizeof(uint32)) % kPadSize);
- p.WriteUInt32(pad_bytes);
- char* padding = new char[pad_bytes];
- memset(padding, 0, pad_bytes);
- p.WriteData(padding, pad_bytes);
- delete[] padding;
-
- // We generate a random public value and perform a DH key agreement with
- // the server's fixed value.
- SECKEYPublicKey* pub_key = NULL;
- SECKEYPrivateKey* priv_key = NULL;
- SECItem ec_der_params;
- memset(&ec_der_params, 0, sizeof(ec_der_params));
- ec_der_params.data = const_cast<uint8*>(kANSIX962CurveParams);
- ec_der_params.len = sizeof(kANSIX962CurveParams);
- priv_key = SECKEY_CreateECPrivateKey(&ec_der_params, &pub_key, NULL);
- SECKEYPublicKey* server_pub_key = GetServerPubKey();
-
- // This extracts the big-endian, x value of the shared point.
- // The values of the arguments match ssl3_SendECDHClientKeyExchange in NSS
- // 3.12.8's lib/ssl/ssl3ecc.c
- PK11SymKey* pms = PK11_PubDeriveWithKDF(
- priv_key, server_pub_key, PR_FALSE /* is sender */,
- NULL /* random a */, NULL /* random b */, CKM_ECDH1_DERIVE,
- CKM_TLS_MASTER_KEY_DERIVE_DH, CKA_DERIVE, 0 /* key size */,
- CKD_NULL /* KDF */, NULL /* shared data */, NULL /* wincx */);
- SECKEY_DestroyPublicKey(server_pub_key);
- SECStatus rv = PK11_ExtractKeyValue(pms);
- DCHECK_EQ(SECSuccess, rv);
- SECItem* x_data = PK11_GetKeyData(pms);
-
- // The key and IV are 128-bits and generated from a SHA256 hash of the x
- // value.
- char key_data[SHA256_LENGTH];
- HASH_HashBuf(HASH_AlgSHA256, reinterpret_cast<uint8*>(key_data),
- x_data->data, x_data->len);
- PK11_FreeSymKey(pms);
-
- DCHECK_GE(sizeof(key_data), kKeySizeInBytes + kIVSizeInBytes);
- std::string raw_key(key_data, kKeySizeInBytes);
-
- scoped_ptr<base::SymmetricKey> symkey(
- base::SymmetricKey::Import(base::SymmetricKey::AES, raw_key));
- std::string iv(key_data + kKeySizeInBytes, kIVSizeInBytes);
-
- base::Encryptor encryptor;
- bool r = encryptor.Init(symkey.get(), base::Encryptor::CBC, iv);
- CHECK(r);
-
- std::string plaintext(reinterpret_cast<const char*>(p.data()), p.size());
- std::string ciphertext;
- encryptor.Encrypt(plaintext, &ciphertext);
-
- // We use another Pickle object to serialise the 'outer' wrapping of the
- // plaintext.
- Pickle outer;
- outer.WriteInt(kVersion);
-
- SECItem* pub_key_serialized = SECKEY_EncodeDERSubjectPublicKeyInfo(pub_key);
- outer.WriteString(
- std::string(reinterpret_cast<char*>(pub_key_serialized->data),
- pub_key_serialized->len));
- SECITEM_FreeItem(pub_key_serialized, PR_TRUE);
-
- outer.WriteString(ciphertext);
-
- SECKEY_DestroyPublicKey(pub_key);
- SECKEY_DestroyPrivateKey(priv_key);
-
- return std::string(reinterpret_cast<const char*>(outer.data()),
- outer.size());
-}
-
-void DnsCertProvenanceChecker::DoAsyncLookup(
- const std::string& hostname,
- const std::vector<base::StringPiece>& der_certs,
- DnsRRResolver* dnsrr_resolver,
- Delegate* delegate) {
- DnsCertProvenanceCheck* check = new DnsCertProvenanceCheck(
- hostname, dnsrr_resolver, delegate, der_certs);
- check->Start();
-}
-
-DnsCertProvenanceChecker::Delegate::~Delegate() {
-}
-
-DnsCertProvenanceChecker::~DnsCertProvenanceChecker() {
-}
-
-} // namespace net
diff --git a/net/socket/dns_cert_provenance_checker.h b/net/socket/dns_cert_provenance_checker.h
deleted file mode 100644
index 8fef60f..0000000
--- a/net/socket/dns_cert_provenance_checker.h
+++ /dev/null
@@ -1,60 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_SOCKET_DNS_CERT_PROVENANCE_CHECKER_H
-#define NET_SOCKET_DNS_CERT_PROVENANCE_CHECKER_H
-
-#include <string>
-#include <vector>
-
-#include "base/string_piece.h"
-
-namespace net {
-
-class DnsRRResolver;
-
-// DnsCertProvenanceChecker is an interface for asynchronously checking HTTPS
-// certificates via a DNS side-channel.
-class DnsCertProvenanceChecker {
- public:
- class Delegate {
- public:
- virtual ~Delegate();
-
- virtual void OnDnsCertLookupFailed(
- const std::string& hostname,
- const std::vector<std::string>& der_certs) = 0;
- };
-
- virtual ~DnsCertProvenanceChecker();
-
- // DoAsyncVerification starts an asynchronous check for the given certificate
- // chain. It must be run on the network thread.
- virtual void DoAsyncVerification(
- const std::string& hostname,
- const std::vector<base::StringPiece>& der_certs) = 0;
-
-
- protected:
- // DoAsyncLookup performs a DNS lookup for the given name and certificate
- // chain. In the event that the lookup reports a failure, the Delegate is
- // called back.
- static void DoAsyncLookup(
- const std::string& hostname,
- const std::vector<base::StringPiece>& der_certs,
- DnsRRResolver* dnsrr_resolver,
- Delegate* delegate);
-
- // BuildEncryptedRecord encrypts the certificate chain to a fixed public key
- // and returns the encrypted blob. Since this code is reporting a possible
- // HTTPS failure, it would seem silly to use HTTPS to protect the uploaded
- // report.
- static std::string BuildEncryptedReport(
- const std::string& hostname,
- const std::vector<std::string>& der_certs);
-};
-
-} // namespace net
-
-#endif // NET_SOCKET_DNS_CERT_PROVENANCE_CHECK_H
diff --git a/net/socket/socket_test_util.cc b/net/socket/socket_test_util.cc
index b2e738a..8378c1d 100644
--- a/net/socket/socket_test_util.cc
+++ b/net/socket/socket_test_util.cc
@@ -1016,7 +1016,7 @@ SSLClientSocket* MockClientSocketFactory::CreateSSLClientSocket(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ DnsRRResolver* dnsrr_resolver) {
MockSSLClientSocket* socket =
new MockSSLClientSocket(transport_socket, host_and_port, ssl_config,
ssl_host_info, mock_ssl_data_.GetNext());
@@ -1066,7 +1066,7 @@ SSLClientSocket* DeterministicMockClientSocketFactory::CreateSSLClientSocket(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ DnsRRResolver* dnsrr_resolver) {
MockSSLClientSocket* socket =
new MockSSLClientSocket(transport_socket, host_and_port, ssl_config,
ssl_host_info, mock_ssl_data_.GetNext());
diff --git a/net/socket/socket_test_util.h b/net/socket/socket_test_util.h
index 147a4ba..ba0b94a 100644
--- a/net/socket/socket_test_util.h
+++ b/net/socket/socket_test_util.h
@@ -535,7 +535,7 @@ class MockClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker);
+ DnsRRResolver* dnsrr_resolver);
SocketDataProviderArray<SocketDataProvider>& mock_data() {
return mock_data_;
}
@@ -880,7 +880,7 @@ class DeterministicMockClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker);
+ DnsRRResolver* dnsrr_resolver);
SocketDataProviderArray<DeterministicSocketData>& mock_data() {
return mock_data_;
diff --git a/net/socket/ssl_client_socket_mac_factory.cc b/net/socket/ssl_client_socket_mac_factory.cc
index bf732e6..a4ffb78 100644
--- a/net/socket/ssl_client_socket_mac_factory.cc
+++ b/net/socket/ssl_client_socket_mac_factory.cc
@@ -14,7 +14,7 @@ SSLClientSocket* SSLClientSocketMacFactory(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ DnsRRResolver* dnsrr_resolver) {
delete ssl_host_info;
return new SSLClientSocketMac(transport_socket, host_and_port, ssl_config);
}
diff --git a/net/socket/ssl_client_socket_mac_factory.h b/net/socket/ssl_client_socket_mac_factory.h
index 5539136..c8f48ea 100644
--- a/net/socket/ssl_client_socket_mac_factory.h
+++ b/net/socket/ssl_client_socket_mac_factory.h
@@ -10,7 +10,7 @@
namespace net {
-class DnsCertProvenanceChecker;
+class DnsRRResolver;
class SSLHostInfo;
// Creates SSLClientSocketMac objects.
@@ -19,7 +19,7 @@ SSLClientSocket* SSLClientSocketMacFactory(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker);
+ DnsRRResolver* dnsrr_resolver);
} // namespace net
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 0625698..3234320 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -93,7 +93,7 @@
#include "net/base/sys_addrinfo.h"
#include "net/ocsp/nss_ocsp.h"
#include "net/socket/client_socket_handle.h"
-#include "net/socket/dns_cert_provenance_checker.h"
+#include "net/socket/dns_cert_provenance_check.h"
#include "net/socket/ssl_error_params.h"
#include "net/socket/ssl_host_info.h"
@@ -399,7 +399,7 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_ctx)
+ DnsRRResolver* dnsrr_resolver)
: ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_(
this, &SSLClientSocketNSS::BufferSendComplete)),
ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_(
@@ -435,7 +435,7 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
predicted_npn_status_(kNextProtoUnsupported),
predicted_npn_proto_used_(false),
ssl_host_info_(ssl_host_info),
- dns_cert_checker_(dns_ctx) {
+ dnsrr_resolver_(dnsrr_resolver) {
EnterFunction("");
}
@@ -2348,13 +2348,6 @@ static DNSValidationResult CheckDNSSECChain(
}
int SSLClientSocketNSS::DoVerifyDNSSEC(int result) {
- if (ssl_config_.dns_cert_provenance_checking_enabled &&
- dns_cert_checker_) {
- PeerCertificateChain certs(nss_fd_);
- dns_cert_checker_->DoAsyncVerification(
- host_and_port_.host(), certs.AsStringPieceVector());
- }
-
if (ssl_config_.dnssec_enabled) {
DNSValidationResult r = CheckDNSSECChain(host_and_port_.host(),
server_cert_nss_);
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h
index 7743097..b2725f6 100644
--- a/net/socket/ssl_client_socket_nss.h
+++ b/net/socket/ssl_client_socket_nss.h
@@ -31,7 +31,7 @@ namespace net {
class BoundNetLog;
class CertVerifier;
class ClientSocketHandle;
-class DnsCertProvenanceChecker;
+class DnsRRResolver;
class SSLHostInfo;
class X509Certificate;
@@ -48,7 +48,7 @@ class SSLClientSocketNSS : public SSLClientSocket {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dnsrr_resolver);
+ DnsRRResolver* dnsrr_resolver);
~SSLClientSocketNSS();
// SSLClientSocket methods:
@@ -250,7 +250,7 @@ class SSLClientSocketNSS : public SSLClientSocket {
bool predicted_npn_proto_used_;
scoped_ptr<SSLHostInfo> ssl_host_info_;
- DnsCertProvenanceChecker* const dns_cert_checker_;
+ DnsRRResolver* const dnsrr_resolver_;
};
} // namespace net
diff --git a/net/socket/ssl_client_socket_nss_factory.cc b/net/socket/ssl_client_socket_nss_factory.cc
index e4c01f0..f7fc435 100644
--- a/net/socket/ssl_client_socket_nss_factory.cc
+++ b/net/socket/ssl_client_socket_nss_factory.cc
@@ -19,10 +19,10 @@ SSLClientSocket* SSLClientSocketNSSFactory(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ DnsRRResolver* dnsrr_resolver) {
scoped_ptr<SSLHostInfo> shi(ssl_host_info);
return new SSLClientSocketNSS(transport_socket, host_and_port, ssl_config,
- shi.release(), dns_cert_checker);
+ shi.release(), dnsrr_resolver);
}
} // namespace net
diff --git a/net/socket/ssl_client_socket_nss_factory.h b/net/socket/ssl_client_socket_nss_factory.h
index 15b05b2..c51b5be 100644
--- a/net/socket/ssl_client_socket_nss_factory.h
+++ b/net/socket/ssl_client_socket_nss_factory.h
@@ -10,7 +10,7 @@
namespace net {
-class DnsCertProvenanceChecker;
+class DnsRRResolver;
class SSLHostInfo;
// Creates SSLClientSocketNSS objects.
@@ -19,7 +19,7 @@ SSLClientSocket* SSLClientSocketNSSFactory(
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker);
+ DnsRRResolver* dnsrr_resolver);
} // namespace net
diff --git a/net/socket/ssl_client_socket_pool.cc b/net/socket/ssl_client_socket_pool.cc
index 5b21005..785faab 100644
--- a/net/socket/ssl_client_socket_pool.cc
+++ b/net/socket/ssl_client_socket_pool.cc
@@ -78,7 +78,6 @@ SSLConnectJob::SSLConnectJob(
ClientSocketFactory* client_socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
Delegate* delegate,
NetLog* net_log)
@@ -91,7 +90,6 @@ SSLConnectJob::SSLConnectJob(
client_socket_factory_(client_socket_factory),
resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
- dns_cert_checker_(dns_cert_checker),
ssl_host_info_factory_(ssl_host_info_factory),
ALLOW_THIS_IN_INITIALIZER_LIST(
callback_(this, &SSLConnectJob::OnIOComplete)) {}
@@ -289,7 +287,7 @@ int SSLConnectJob::DoSSLConnect() {
ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
transport_socket_handle_.release(), params_->host_and_port(),
- params_->ssl_config(), ssl_host_info_.release(), dns_cert_checker_));
+ params_->ssl_config(), ssl_host_info_.release(), dnsrr_resolver_));
return ssl_socket_->Connect(&callback_);
}
@@ -360,8 +358,8 @@ ConnectJob* SSLClientSocketPool::SSLConnectJobFactory::NewConnectJob(
return new SSLConnectJob(group_name, request.params(), ConnectionTimeout(),
tcp_pool_, socks_pool_, http_proxy_pool_,
client_socket_factory_, host_resolver_,
- dnsrr_resolver_, dns_cert_checker_,
- ssl_host_info_factory_, delegate, net_log_);
+ dnsrr_resolver_, ssl_host_info_factory_, delegate,
+ net_log_);
}
SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
@@ -371,7 +369,6 @@ SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
ClientSocketFactory* client_socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
NetLog* net_log)
: tcp_pool_(tcp_pool),
@@ -380,7 +377,6 @@ SSLClientSocketPool::SSLConnectJobFactory::SSLConnectJobFactory(
client_socket_factory_(client_socket_factory),
host_resolver_(host_resolver),
dnsrr_resolver_(dnsrr_resolver),
- dns_cert_checker_(dns_cert_checker),
ssl_host_info_factory_(ssl_host_info_factory),
net_log_(net_log) {
base::TimeDelta max_transport_timeout = base::TimeDelta();
@@ -407,7 +403,6 @@ SSLClientSocketPool::SSLClientSocketPool(
ClientSocketPoolHistograms* histograms,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ClientSocketFactory* client_socket_factory,
TCPClientSocketPool* tcp_pool,
@@ -424,8 +419,7 @@ SSLClientSocketPool::SSLClientSocketPool(
base::TimeDelta::FromSeconds(kUsedIdleSocketTimeout),
new SSLConnectJobFactory(tcp_pool, socks_pool, http_proxy_pool,
client_socket_factory, host_resolver,
- dnsrr_resolver, dns_cert_checker,
- ssl_host_info_factory,
+ dnsrr_resolver, ssl_host_info_factory,
net_log)),
ssl_config_service_(ssl_config_service) {
if (ssl_config_service_)
diff --git a/net/socket/ssl_client_socket_pool.h b/net/socket/ssl_client_socket_pool.h
index 5eb8594..11cf250 100644
--- a/net/socket/ssl_client_socket_pool.h
+++ b/net/socket/ssl_client_socket_pool.h
@@ -24,7 +24,6 @@ namespace net {
class ClientSocketFactory;
class ConnectJobFactory;
-class DnsCertProvenanceChecker;
class DnsRRResolver;
class HostPortPair;
class HttpProxyClientSocketPool;
@@ -96,7 +95,6 @@ class SSLConnectJob : public ConnectJob {
ClientSocketFactory* client_socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
Delegate* delegate,
NetLog* net_log);
@@ -146,7 +144,6 @@ class SSLConnectJob : public ConnectJob {
ClientSocketFactory* const client_socket_factory_;
HostResolver* const resolver_;
DnsRRResolver* const dnsrr_resolver_;
- DnsCertProvenanceChecker* dns_cert_checker_;
SSLHostInfoFactory* const ssl_host_info_factory_;
State next_state_;
@@ -174,7 +171,6 @@ class SSLClientSocketPool : public ClientSocketPool,
ClientSocketPoolHistograms* histograms,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
ClientSocketFactory* client_socket_factory,
TCPClientSocketPool* tcp_pool,
@@ -248,7 +244,6 @@ class SSLClientSocketPool : public ClientSocketPool,
ClientSocketFactory* client_socket_factory,
HostResolver* host_resolver,
DnsRRResolver* dnsrr_resolver,
- DnsCertProvenanceChecker* dns_cert_checker,
SSLHostInfoFactory* ssl_host_info_factory,
NetLog* net_log);
@@ -269,7 +264,6 @@ class SSLClientSocketPool : public ClientSocketPool,
ClientSocketFactory* const client_socket_factory_;
HostResolver* const host_resolver_;
DnsRRResolver* const dnsrr_resolver_;
- DnsCertProvenanceChecker* const dns_cert_checker_;
SSLHostInfoFactory* const ssl_host_info_factory_;
base::TimeDelta timeout_;
NetLog* net_log_;
diff --git a/net/socket/ssl_client_socket_pool_unittest.cc b/net/socket/ssl_client_socket_pool_unittest.cc
index 247638b..f58a762 100644
--- a/net/socket/ssl_client_socket_pool_unittest.cc
+++ b/net/socket/ssl_client_socket_pool_unittest.cc
@@ -40,7 +40,6 @@ class SSLClientSocketPoolTest : public testing::Test {
host_resolver_.get())),
session_(new HttpNetworkSession(host_resolver_.get(),
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
ProxyService::CreateDirect(),
&socket_factory_,
@@ -98,7 +97,6 @@ class SSLClientSocketPoolTest : public testing::Test {
ssl_histograms_.get(),
NULL,
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
&socket_factory_,
tcp_pool ? &tcp_socket_pool_ : NULL,
diff --git a/net/socket/tcp_client_socket_pool_unittest.cc b/net/socket/tcp_client_socket_pool_unittest.cc
index c44815c..215b9ba 100644
--- a/net/socket/tcp_client_socket_pool_unittest.cc
+++ b/net/socket/tcp_client_socket_pool_unittest.cc
@@ -251,7 +251,7 @@ class MockClientSocketFactory : public ClientSocketFactory {
const HostPortPair& host_and_port,
const SSLConfig& ssl_config,
SSLHostInfo* ssl_host_info,
- DnsCertProvenanceChecker* dns_cert_checker) {
+ DnsRRResolver* dnsrr_resolver) {
NOTIMPLEMENTED();
delete ssl_host_info;
return NULL;
diff --git a/net/spdy/spdy_test_util.h b/net/spdy/spdy_test_util.h
index 0a81bb7..aecf08e 100644
--- a/net/spdy/spdy_test_util.h
+++ b/net/spdy/spdy_test_util.h
@@ -358,7 +358,6 @@ class SpdySessionDependencies {
SpdySessionDependencies* session_deps) {
return new HttpNetworkSession(session_deps->host_resolver.get(),
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
session_deps->proxy_service,
session_deps->socket_factory.get(),
@@ -372,7 +371,6 @@ class SpdySessionDependencies {
SpdySessionDependencies* session_deps) {
return new HttpNetworkSession(session_deps->host_resolver.get(),
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
session_deps->proxy_service,
session_deps->
@@ -397,7 +395,6 @@ class SpdyURLRequestContext : public URLRequestContext {
new HttpNetworkLayer(&socket_factory_,
host_resolver_,
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
proxy_service_,
ssl_config_service_,
diff --git a/net/tools/fetch/fetch_client.cc b/net/tools/fetch/fetch_client.cc
index 138bed3..3bdbcbf 100644
--- a/net/tools/fetch/fetch_client.cc
+++ b/net/tools/fetch/fetch_client.cc
@@ -147,7 +147,7 @@ int main(int argc, char**argv) {
scoped_ptr<net::HttpAuthHandlerFactory> http_auth_handler_factory(
net::HttpAuthHandlerFactory::CreateDefault(host_resolver.get()));
if (use_cache) {
- factory = new net::HttpCache(host_resolver.get(), NULL, NULL, proxy_service,
+ factory = new net::HttpCache(host_resolver.get(), NULL, proxy_service,
ssl_config_service, http_auth_handler_factory.get(), NULL, NULL,
net::HttpCache::DefaultBackend::InMemory(0));
} else {
@@ -155,7 +155,6 @@ int main(int argc, char**argv) {
net::ClientSocketFactory::GetDefaultFactory(),
host_resolver.get(),
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
proxy_service,
ssl_config_service,
diff --git a/net/url_request/url_request_context.cc b/net/url_request/url_request_context.cc
index 281aa7e..137901d 100644
--- a/net/url_request/url_request_context.cc
+++ b/net/url_request/url_request_context.cc
@@ -12,7 +12,6 @@ URLRequestContext::URLRequestContext()
: net_log_(NULL),
host_resolver_(NULL),
dnsrr_resolver_(NULL),
- dns_cert_checker_(NULL),
http_transaction_factory_(NULL),
ftp_transaction_factory_(NULL),
http_auth_handler_factory_(NULL),
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index f935f5f..bbbae67 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -18,12 +18,10 @@
#include "net/base/transport_security_state.h"
#include "net/ftp/ftp_auth_cache.h"
#include "net/proxy/proxy_service.h"
-#include "net/socket/dns_cert_provenance_checker.h"
namespace net {
class CookiePolicy;
class CookieStore;
-class DnsCertProvenanceChecker;
class DnsRRResolver;
class FtpTransactionFactory;
class HostResolver;
@@ -53,10 +51,6 @@ class URLRequestContext
return dnsrr_resolver_;
}
- net::DnsCertProvenanceChecker* dns_cert_checker() const {
- return dns_cert_checker_.get();
- }
-
// Get the proxy service for this context.
net::ProxyService* proxy_service() const {
return proxy_service_;
@@ -130,7 +124,6 @@ class URLRequestContext
net::NetLog* net_log_;
net::HostResolver* host_resolver_;
net::DnsRRResolver* dnsrr_resolver_;
- scoped_ptr<net::DnsCertProvenanceChecker> dns_cert_checker_;
scoped_refptr<net::ProxyService> proxy_service_;
scoped_refptr<net::SSLConfigService> ssl_config_service_;
net::HttpTransactionFactory* http_transaction_factory_;
diff --git a/net/url_request/url_request_unittest.h b/net/url_request/url_request_unittest.h
index 378b133..abb6ab5 100644
--- a/net/url_request/url_request_unittest.h
+++ b/net/url_request/url_request_unittest.h
@@ -162,7 +162,6 @@ class TestURLRequestContext : public URLRequestContext {
http_transaction_factory_ = new net::HttpCache(
net::HttpNetworkLayer::CreateFactory(host_resolver_,
NULL /* dnsrr_resolver */,
- NULL /* dns_cert_checker */,
NULL /* ssl_host_info_factory */,
proxy_service_,
ssl_config_service_,
generated by cgit v1.1 at 2024-09-08 01:31:44 +0000