diff options
| author | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-06-13 06:48:11 +0000 |
|---|---|---|
| committer | palmer@chromium.org <palmer@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-06-13 06:48:11 +0000 |
| commit | b1c988bcd7869765e1bd56e592787af123340516 (patch) | |
| tree | 3aafa3d0ddd90d90e059c0a38dd2d7a465fc81c1 /remoting/protocol | |
| parent | 9dcdbbef52460de45070d815eb1ad735d120ae07 (diff) | |
| download | chromium_src-b1c988bcd7869765e1bd56e592787af123340516.zip chromium_src-b1c988bcd7869765e1bd56e592787af123340516.tar.gz chromium_src-b1c988bcd7869765e1bd56e592787af123340516.tar.bz2 | |
Give more request types a TransportSecurityState.
DCHECK on NULL TransportSecurityState, as a precursor to a real CHECK. It
should be an error to try to connect with an SSL client socket without
having a live TSS.
BUG=246724
Review URL: https://chromiumcodereview.appspot.com/16501002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@206013 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting/protocol')
| -rw-r--r-- | remoting/protocol/ssl_hmac_channel_authenticator.cc | 3 | ||||
| -rw-r--r-- | remoting/protocol/ssl_hmac_channel_authenticator.h | 2 |
2 files changed, 5 insertions, 0 deletions
diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.cc b/remoting/protocol/ssl_hmac_channel_authenticator.cc index 587d71a..93249bd 100644 --- a/remoting/protocol/ssl_hmac_channel_authenticator.cc +++ b/remoting/protocol/ssl_hmac_channel_authenticator.cc @@ -12,6 +12,7 @@ #include "net/base/net_errors.h" #include "net/cert/cert_verifier.h" #include "net/cert/x509_certificate.h" +#include "net/http/transport_security_state.h" #include "net/socket/client_socket_factory.h" #include "net/socket/ssl_client_socket.h" #include "net/socket/ssl_server_socket.h" @@ -83,6 +84,7 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate( &SslHmacChannelAuthenticator::OnConnected, base::Unretained(this))); } else { cert_verifier_.reset(net::CertVerifier::CreateDefault()); + transport_security_state_.reset(new net::TransportSecurityState); net::SSLConfig::CertAndStatus cert_and_status; cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; @@ -100,6 +102,7 @@ void SslHmacChannelAuthenticator::SecureAndAuthenticate( net::HostPortPair host_and_port(kSslFakeHostName, 0); net::SSLClientSocketContext context; context.cert_verifier = cert_verifier_.get(); + context.transport_security_state = transport_security_state_.get(); socket_.reset( net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( socket.release(), host_and_port, ssl_config, context)); diff --git a/remoting/protocol/ssl_hmac_channel_authenticator.h b/remoting/protocol/ssl_hmac_channel_authenticator.h index 6f7440c..320466c 100644 --- a/remoting/protocol/ssl_hmac_channel_authenticator.h +++ b/remoting/protocol/ssl_hmac_channel_authenticator.h @@ -18,6 +18,7 @@ class CertVerifier; class DrainableIOBuffer; class GrowableIOBuffer; class SSLSocket; +class TransportSecurityState; } // namespace net namespace remoting { @@ -89,6 +90,7 @@ class SslHmacChannelAuthenticator : public ChannelAuthenticator, // Used in the CLIENT mode only. std::string remote_cert_; scoped_ptr<net::CertVerifier> cert_verifier_; + scoped_ptr<net::TransportSecurityState> transport_security_state_; scoped_ptr<net::SSLSocket> socket_; DoneCallback done_callback_; |