diff options
author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-08-08 11:05:03 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2016-09-14 08:15:45 +0000 |
commit | a6e29d8c3ea8a3f2530761f5db1ae1f620655d6a (patch) | |
tree | a11527f272356d1ae3365126cd0bc08a333a8f20 /src/core | |
parent | f1e2b2d80366b43ba638290bca55272b000b3ce1 (diff) |
Certificate transparency
Adds certificate errors and services to handle enforcing of certificate
transparency. No logs are used though.
Change-Id: If7f954487e1a9a3b0ff68e33ff3766f49ea89b0a
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'src/core')
-rw-r--r-- | src/core/certificate_error_controller.cpp | 3 | ||||
-rw-r--r-- | src/core/certificate_error_controller.h | 3 | ||||
-rw-r--r-- | src/core/url_request_context_getter_qt.cpp | 8 |
3 files changed, 13 insertions, 1 deletions
diff --git a/src/core/certificate_error_controller.cpp b/src/core/certificate_error_controller.cpp index 65bba733a..18835a5c7 100644 --- a/src/core/certificate_error_controller.cpp +++ b/src/core/certificate_error_controller.cpp @@ -66,6 +66,7 @@ ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateNonUniqueName, net::ER ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateWeakKey, net::ERR_CERT_WEAK_KEY) ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateNameConstraintViolation, net::ERR_CERT_NAME_CONSTRAINT_VIOLATION) ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateValidityTooLong, net::ERR_CERT_VALIDITY_TOO_LONG) +ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateTransparencyRequired, net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED) ASSERT_ENUMS_MATCH(CertificateErrorController::CertificateErrorEnd, net::ERR_CERT_END) void CertificateErrorControllerPrivate::accept(bool accepted) @@ -174,6 +175,8 @@ QString CertificateErrorController::errorString() const return getQStringForMessageId(IDS_CERT_ERROR_NAME_CONSTRAINT_VIOLATION_DESCRIPTION); case CertificateValidityTooLong: return getQStringForMessageId(IDS_CERT_ERROR_VALIDITY_TOO_LONG_DESCRIPTION); + case CertificateTransparencyRequired: + return getQStringForMessageId(IDS_CERT_ERROR_CERTIFICATE_TRANSPARENCY_REQUIRED_DESCRIPTION); case CertificateUnableToCheckRevocation: // Deprecated in Chromium. default: break; diff --git a/src/core/certificate_error_controller.h b/src/core/certificate_error_controller.h index 27f18946f..554281644 100644 --- a/src/core/certificate_error_controller.h +++ b/src/core/certificate_error_controller.h @@ -71,8 +71,9 @@ public: CertificateWeakKey = -211, CertificateNameConstraintViolation = -212, CertificateValidityTooLong = -213, + CertificateTransparencyRequired = -214, - CertificateErrorEnd = -214 // not an error, just an enum boundary + CertificateErrorEnd = -215 // not an error, just an enum boundary }; CertificateError error() const; diff --git a/src/core/url_request_context_getter_qt.cpp b/src/core/url_request_context_getter_qt.cpp index 591fed9b5..25f7e36e6 100644 --- a/src/core/url_request_context_getter_qt.cpp +++ b/src/core/url_request_context_getter_qt.cpp @@ -40,6 +40,7 @@ #include "url_request_context_getter_qt.h" #include "base/command_line.h" +#include "base/memory/ptr_util.h" #include "base/strings/string_util.h" #include "base/threading/worker_pool.h" #include "base/threading/sequenced_worker_pool.h" @@ -48,6 +49,9 @@ #include "content/public/common/content_switches.h" #include "net/base/cache_type.h" #include "net/cert/cert_verifier.h" +#include "net/cert/ct_log_verifier.h" +#include "net/cert/ct_policy_enforcer.h" +#include "net/cert/multi_log_ct_verifier.h" #include "net/disk_cache/disk_cache.h" #include "net/dns/host_resolver.h" #include "net/dns/mapped_host_resolver.h" @@ -225,6 +229,8 @@ void URLRequestContextGetterQt::generateStorage() Q_ASSERT(proxyConfigService); m_storage->set_cert_verifier(net::CertVerifier::CreateDefault()); + m_storage->set_cert_transparency_verifier(base::WrapUnique(new net::MultiLogCTVerifier())); + m_storage->set_ct_policy_enforcer(base::WrapUnique(new net::CTPolicyEnforcer)); std::unique_ptr<net::HostResolver> host_resolver(net::HostResolver::CreateDefaultResolver(NULL)); @@ -435,6 +441,8 @@ net::HttpNetworkSession::Params URLRequestContextGetterQt::generateNetworkSessio network_session_params.http_server_properties = m_urlRequestContext->http_server_properties(); network_session_params.ignore_certificate_errors = m_ignoreCertificateErrors; network_session_params.host_resolver = m_urlRequestContext->host_resolver(); + network_session_params.cert_transparency_verifier = m_urlRequestContext->cert_transparency_verifier(); + network_session_params.ct_policy_enforcer = m_urlRequestContext->ct_policy_enforcer(); return network_session_params; } |