From 18ebedbcbcb280116c04c189a469c94269c0858b Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
Date: Thu, 29 Sep 2016 17:27:39 +0200
Subject: Add known logs to certificate transparency
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is needed to avoid certificate errors when google servers ask us
to enforce certificate transparency.

Change-Id: I0199d29502b94b05c336ef24eac5f3783d171767
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
---
 src/core/url_request_context_getter_qt.cpp | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/core/url_request_context_getter_qt.cpp b/src/core/url_request_context_getter_qt.cpp
index e5df27135..61f359a87 100644
--- a/src/core/url_request_context_getter_qt.cpp
+++ b/src/core/url_request_context_getter_qt.cpp
@@ -49,6 +49,7 @@
 #include "content/public/common/content_switches.h"
 #include "net/base/cache_type.h"
 #include "net/cert/cert_verifier.h"
+#include "net/cert/ct_known_logs.h"
 #include "net/cert/ct_log_verifier.h"
 #include "net/cert/ct_policy_enforcer.h"
 #include "net/cert/multi_log_ct_verifier.h"
@@ -229,7 +230,9 @@ void URLRequestContextGetterQt::generateStorage()
     Q_ASSERT(proxyConfigService);
 
     m_storage->set_cert_verifier(net::CertVerifier::CreateDefault());
-    m_storage->set_cert_transparency_verifier(base::WrapUnique(new net::MultiLogCTVerifier()));
+    std::unique_ptr<net::MultiLogCTVerifier> ct_verifier(new net::MultiLogCTVerifier());
+    ct_verifier->AddLogs(net::ct::CreateLogVerifiersForKnownLogs());
+    m_storage->set_cert_transparency_verifier(std::move(ct_verifier));
     m_storage->set_ct_policy_enforcer(base::WrapUnique(new net::CTPolicyEnforcer));
 
     std::unique_ptr<net::HostResolver> host_resolver(net::HostResolver::CreateDefaultResolver(NULL));
@@ -422,6 +425,10 @@ static bool doNetworkSessionParamsMatch(const net::HttpNetworkSession::Params &f
         return false;
     if (first.host_resolver != second.host_resolver)
         return false;
+    if (first.cert_transparency_verifier != second.cert_transparency_verifier)
+        return false;
+    if (first.ct_policy_enforcer != second.ct_policy_enforcer)
+        return false;
 
     return true;
 }
-- 
cgit v1.2.3