From c16dcc3a26ced978b7f2042c20096d46753abb9b Mon Sep 17 00:00:00 2001
From: "agl@chromium.org"
 <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon, 22 Aug 2011 15:01:09 +0000
Subject: net: only enable certificate pinning in official builds.

This is to make sure that pins don't escape into forks of the code which may
not be updated in a timly manner.

BUG=none
TEST=none

Review URL: http://codereview.chromium.org/7659016

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@97642 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/base/transport_security_state.cc    | 8 ++++++++
 net/url_request/url_request_http_job.cc | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/net/base/transport_security_state.cc b/net/base/transport_security_state.cc
index e82734d..a35325a 100644
--- a/net/base/transport_security_state.cc
+++ b/net/base/transport_security_state.cc
@@ -569,11 +569,19 @@ bool TransportSecurityState::IsPreloadedSTS(
     0,
   };
 
+  // kTestAcceptableCerts doesn't actually match any public keys and is used
+  // with "pinningtest.appspot.com", below, to test if pinning is active.
+  static const char* kTestAcceptableCerts[] = {
+    "sha1/AAAAAAAAAAAAAAAAAAAAAAAAAAA=",
+  };
+
   // In the medium term this list is likely to just be hardcoded here. This,
   // slightly odd, form removes the need for additional relocations records.
   static const struct HSTSPreload kPreloadedSTS[] = {
     // (*.)google.com, iff using SSL must use an acceptable certificate.
     {12, true, "\006google\003com", false, kGoogleAcceptableCerts },
+    {25, true, "\013pinningtest\007appspot\003com", false,
+     kTestAcceptableCerts },
     // Now we force HTTPS for subtrees of google.com.
     {19, true, "\006health\006google\003com", true, kGoogleAcceptableCerts },
     {21, true, "\010checkout\006google\003com", true, kGoogleAcceptableCerts },
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 23e7367..5f30e55 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -738,7 +738,12 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
   // Clear the IO_PENDING status
   SetStatus(URLRequestStatus());
 
+#if defined(OFFICIAL_BUILD) && !defined(ANDROID)
   // Take care of any mandates for public key pinning.
+  //
+  // Pinning is only enabled for official builds to make sure that others don't
+  // end up with pins that cannot be easily updated.
+  //
   // TODO(agl): we might have an issue here where a request for foo.example.com
   // merges into a SPDY connection to www.example.com, and gets a different
   // certificate.
@@ -762,6 +767,7 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
       }
     }
   }
+#endif
 
   if (result == OK) {
     SaveCookiesAndNotifyHeadersComplete();
-- 
cgit v1.1