From e5624f0b84c761a2a88fc30dd6d95b71a5b44ad6 Mon Sep 17 00:00:00 2001 From: "agl@chromium.org" Date: Tue, 27 Sep 2011 19:43:53 +0000 Subject: [PATCH] net: make HSTS hosts use the normal SSL interstitials (Reland of r102947, which was reverted in r102950.) SSL interstitials have better translations for the error messages and this returns us to the point where we have only a single UI for SSL errors, which will make some future changes easier. First, this change changes the SSL error callbacks to take an SSLInfo& rather than a X509Certificate* (which was already a TODO(wtc) in the code). Most of this change is the resulting plumbing. It also adds a |is_hsts_host| flag to the callbacks to denote an HSTS host. Finally, in ssl_policy.cc the |is_hsts_host| flag causes any error to be fatal. BUG=93527 http://codereview.chromium.org/7976036/ git-svn-id: svn://svn.chromium.org/chrome/trunk/src@102994 0039d316-1c4b-4281-b951-d872f2087c98 --- .../renderer_host/resource_dispatcher_host.cc | 6 ++-- .../renderer_host/resource_dispatcher_host.h | 4 +-- content/browser/ssl/ssl_cert_error_handler.cc | 16 ++++----- content/browser/ssl/ssl_cert_error_handler.h | 10 +++--- content/browser/ssl/ssl_manager.cc | 14 ++++---- content/browser/ssl/ssl_manager.h | 5 +-- content/browser/ssl/ssl_policy.cc | 2 +- net/base/cert_status_flags.h | 3 +- net/proxy/proxy_script_fetcher_impl.cc | 7 ++-- net/proxy/proxy_script_fetcher_impl.h | 5 +-- net/url_request/url_request.cc | 10 +++--- net/url_request/url_request.h | 11 ++++-- net/url_request/url_request_http_job.cc | 36 ++++++------------- net/url_request/url_request_http_job.h | 2 -- net/url_request/url_request_job.cc | 6 ++-- net/url_request/url_request_job.h | 4 ++- net/url_request/url_request_test_util.cc | 4 +-- net/url_request/url_request_test_util.h | 4 +-- webkit/fileapi/file_writer_delegate.cc | 17 +++++---- webkit/fileapi/file_writer_delegate.h | 22 +++++++----- .../simple_resource_loader_bridge.cc | 4 +-- 21 files changed, 97 insertions(+), 95 deletions(-) diff --git a/content/browser/renderer_host/resource_dispatcher_host.cc b/content/browser/renderer_host/resource_dispatcher_host.cc index 228d465a8f4099..ba94ab27afe63d 100644 --- a/content/browser/renderer_host/resource_dispatcher_host.cc +++ b/content/browser/renderer_host/resource_dispatcher_host.cc @@ -1306,10 +1306,10 @@ void ResourceDispatcherHost::OnCertificateRequested( void ResourceDispatcherHost::OnSSLCertificateError( net::URLRequest* request, - int cert_error, - net::X509Certificate* cert) { + const net::SSLInfo& ssl_info, + bool is_hsts_host) { DCHECK(request); - SSLManager::OnSSLCertificateError(this, request, cert_error, cert); + SSLManager::OnSSLCertificateError(this, request, ssl_info, is_hsts_host); } bool ResourceDispatcherHost::CanGetCookies( diff --git a/content/browser/renderer_host/resource_dispatcher_host.h b/content/browser/renderer_host/resource_dispatcher_host.h index 46266742a9d79c..37084925099f3d 100644 --- a/content/browser/renderer_host/resource_dispatcher_host.h +++ b/content/browser/renderer_host/resource_dispatcher_host.h @@ -190,8 +190,8 @@ class CONTENT_EXPORT ResourceDispatcherHost : public net::URLRequest::Delegate { net::URLRequest* request, net::SSLCertRequestInfo* cert_request_info) OVERRIDE; virtual void OnSSLCertificateError(net::URLRequest* request, - int cert_error, - net::X509Certificate* cert) OVERRIDE; + const net::SSLInfo& ssl_info, + bool is_hsts_host) OVERRIDE; virtual bool CanGetCookies(const net::URLRequest* request, const net::CookieList& cookie_list) const OVERRIDE; virtual bool CanSetCookie(const net::URLRequest* request, diff --git a/content/browser/ssl/ssl_cert_error_handler.cc b/content/browser/ssl/ssl_cert_error_handler.cc index c668b411d400d4..6af14979cfc045 100644 --- a/content/browser/ssl/ssl_cert_error_handler.cc +++ b/content/browser/ssl/ssl_cert_error_handler.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -6,22 +6,20 @@ #include "content/browser/renderer_host/resource_dispatcher_host.h" #include "content/browser/ssl/ssl_policy.h" +#include "net/base/cert_status_flags.h" #include "net/base/x509_certificate.h" SSLCertErrorHandler::SSLCertErrorHandler( ResourceDispatcherHost* rdh, net::URLRequest* request, ResourceType::Type resource_type, - int cert_error, - net::X509Certificate* cert) + const net::SSLInfo& ssl_info, + bool is_hsts_host) : SSLErrorHandler(rdh, request, resource_type), - cert_error_(cert_error) { + ssl_info_(ssl_info), + cert_error_(net::MapCertStatusToNetError(ssl_info.cert_status)), + is_hsts_host_(is_hsts_host) { DCHECK(request == resource_dispatcher_host_->GetURLRequest(request_id_)); - - // We cannot use the request->ssl_info(), it's not been initialized yet, so - // we have to set the fields manually. - ssl_info_.cert = cert; - ssl_info_.SetCertError(cert_error); } SSLCertErrorHandler* SSLCertErrorHandler::AsSSLCertErrorHandler() { diff --git a/content/browser/ssl/ssl_cert_error_handler.h b/content/browser/ssl/ssl_cert_error_handler.h index 6dcbe0ffe41ca3..62b1a1e86a54ad 100644 --- a/content/browser/ssl/ssl_cert_error_handler.h +++ b/content/browser/ssl/ssl_cert_error_handler.h @@ -1,4 +1,4 @@ -// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Copyright (c) 2011 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -24,14 +24,15 @@ class SSLCertErrorHandler : public SSLErrorHandler { SSLCertErrorHandler(ResourceDispatcherHost* rdh, net::URLRequest* request, ResourceType::Type resource_type, - int cert_error, - net::X509Certificate* cert); + const net::SSLInfo& ssl_info, + bool is_hsts_host); virtual SSLCertErrorHandler* AsSSLCertErrorHandler(); // These accessors are available on either thread const net::SSLInfo& ssl_info() const { return ssl_info_; } int cert_error() const { return cert_error_; } + bool is_hsts_host() const { return is_hsts_host_; } protected: // SSLErrorHandler methods @@ -42,8 +43,9 @@ class SSLCertErrorHandler : public SSLErrorHandler { virtual ~SSLCertErrorHandler(); // These read-only members may be accessed on any thread. - net::SSLInfo ssl_info_; + const net::SSLInfo ssl_info_; const int cert_error_; // The error we represent. + const bool is_hsts_host_; // true if the error is from an HSTS host. DISALLOW_COPY_AND_ASSIGN(SSLCertErrorHandler); }; diff --git a/content/browser/ssl/ssl_manager.cc b/content/browser/ssl/ssl_manager.cc index 6ae6fb9c98d2ff..83b4d66105e7e2 100644 --- a/content/browser/ssl/ssl_manager.cc +++ b/content/browser/ssl/ssl_manager.cc @@ -24,10 +24,12 @@ // static void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh, net::URLRequest* request, - int cert_error, - net::X509Certificate* cert) { - DVLOG(1) << "OnSSLCertificateError() cert_error: " << cert_error - << " url: " << request->url().spec(); + const net::SSLInfo& ssl_info, + bool is_hsts_host) { + DVLOG(1) << "OnSSLCertificateError() cert_error: " + << net::MapCertStatusToNetError(ssl_info.cert_status) + << " url: " << request->url().spec() + << " cert_status: " << std::hex << ssl_info.cert_status; ResourceDispatcherHostRequestInfo* info = ResourceDispatcherHost::InfoForRequest(request); @@ -39,8 +41,8 @@ void SSLManager::OnSSLCertificateError(ResourceDispatcherHost* rdh, NewRunnableMethod(new SSLCertErrorHandler(rdh, request, info->resource_type(), - cert_error, - cert), + ssl_info, + is_hsts_host), &SSLCertErrorHandler::Dispatch)); } diff --git a/content/browser/ssl/ssl_manager.h b/content/browser/ssl/ssl_manager.h index 24892bf89edc3c..abb9522068202f 100644 --- a/content/browser/ssl/ssl_manager.h +++ b/content/browser/ssl/ssl_manager.h @@ -28,6 +28,7 @@ class ResourceRequestDetails; class SSLPolicy; namespace net { +class SSLInfo; class URLRequest; } // namespace net @@ -49,8 +50,8 @@ class SSLManager : public NotificationObserver { // Called on the IO thread. static void OnSSLCertificateError(ResourceDispatcherHost* resource_dispatcher, net::URLRequest* request, - int cert_error, - net::X509Certificate* cert); + const net::SSLInfo& ssl_info, + bool is_hsts_host); // Called when SSL state for a host or tab changes. Broadcasts the // SSL_INTERNAL_STATE_CHANGED notification. diff --git a/content/browser/ssl/ssl_policy.cc b/content/browser/ssl/ssl_policy.cc index 1d9f3f60616102..256c27f34ff607 100644 --- a/content/browser/ssl/ssl_policy.cc +++ b/content/browser/ssl/ssl_policy.cc @@ -58,7 +58,7 @@ void SSLPolicy::OnCertError(SSLCertErrorHandler* handler) { case net::ERR_CERT_DATE_INVALID: case net::ERR_CERT_AUTHORITY_INVALID: case net::ERR_CERT_WEAK_SIGNATURE_ALGORITHM: - OnCertErrorInternal(handler, true); + OnCertErrorInternal(handler, !handler->is_hsts_host()); break; case net::ERR_CERT_NO_REVOCATION_MECHANISM: // Ignore this error. diff --git a/net/base/cert_status_flags.h b/net/base/cert_status_flags.h index 7e7016bc91c225..76cf4c83c3a40c 100644 --- a/net/base/cert_status_flags.h +++ b/net/base/cert_status_flags.h @@ -7,6 +7,7 @@ #pragma once #include "base/basictypes.h" +#include "net/base/net_export.h" namespace net { @@ -48,7 +49,7 @@ CertStatus MapNetErrorToCertStatus(int error); // Maps the most serious certificate error in the certificate status flags // to the equivalent network error code. -int MapCertStatusToNetError(CertStatus cert_status); +NET_EXPORT int MapCertStatusToNetError(CertStatus cert_status); } // namespace net diff --git a/net/proxy/proxy_script_fetcher_impl.cc b/net/proxy/proxy_script_fetcher_impl.cc index 7025e72696eaba..bb0e57ce63722f 100644 --- a/net/proxy/proxy_script_fetcher_impl.cc +++ b/net/proxy/proxy_script_fetcher_impl.cc @@ -9,6 +9,7 @@ #include "base/logging.h" #include "base/message_loop.h" #include "base/string_util.h" +#include "net/base/cert_status_flags.h" #include "net/base/data_url.h" #include "net/base/io_buffer.h" #include "net/base/load_flags.h" @@ -190,12 +191,12 @@ void ProxyScriptFetcherImpl::OnAuthRequired(URLRequest* request, } void ProxyScriptFetcherImpl::OnSSLCertificateError(URLRequest* request, - int cert_error, - X509Certificate* cert) { + const SSLInfo& ssl_info, + bool is_hsts_host) { DCHECK_EQ(request, cur_request_.get()); LOG(WARNING) << "SSL certificate error when fetching PAC script, aborting."; // Certificate errors are in same space as net errors. - result_code_ = cert_error; + result_code_ = MapCertStatusToNetError(ssl_info.cert_status); request->Cancel(); } diff --git a/net/proxy/proxy_script_fetcher_impl.h b/net/proxy/proxy_script_fetcher_impl.h index ff57a288630783..023655941ad199 100644 --- a/net/proxy/proxy_script_fetcher_impl.h +++ b/net/proxy/proxy_script_fetcher_impl.h @@ -53,8 +53,9 @@ class NET_EXPORT ProxyScriptFetcherImpl : public ProxyScriptFetcher, // URLRequest::Delegate methods: virtual void OnAuthRequired(URLRequest* request, AuthChallengeInfo* auth_info) OVERRIDE; - virtual void OnSSLCertificateError(URLRequest* request, int cert_error, - X509Certificate* cert) OVERRIDE; + virtual void OnSSLCertificateError(URLRequest* request, + const SSLInfo& ssl_info, + bool is_hsts_ok) OVERRIDE; virtual void OnResponseStarted(URLRequest* request) OVERRIDE; virtual void OnReadCompleted(URLRequest* request, int num_bytes) OVERRIDE; diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc index 02667b5afe128d..3c12da6984c23b 100644 --- a/net/url_request/url_request.cc +++ b/net/url_request/url_request.cc @@ -112,8 +112,8 @@ void URLRequest::Delegate::OnCertificateRequested( } void URLRequest::Delegate::OnSSLCertificateError(URLRequest* request, - int cert_error, - X509Certificate* cert) { + const SSLInfo& ssl_info, + bool is_hsts_ok) { request->Cancel(); } @@ -783,10 +783,10 @@ void URLRequest::NotifyCertificateRequested( delegate_->OnCertificateRequested(this, cert_request_info); } -void URLRequest::NotifySSLCertificateError(int cert_error, - X509Certificate* cert) { +void URLRequest::NotifySSLCertificateError(const SSLInfo& ssl_info, + bool is_hsts_host) { if (delegate_) - delegate_->OnSSLCertificateError(this, cert_error, cert); + delegate_->OnSSLCertificateError(this, ssl_info, is_hsts_host); } bool URLRequest::CanGetCookies(const CookieList& cookie_list) const { diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h index 640f045e60f739..7f5f961446f4b6 100644 --- a/net/url_request/url_request.h +++ b/net/url_request/url_request.h @@ -83,6 +83,7 @@ class CookieOptions; class HostPortPair; class IOBuffer; class SSLCertRequestInfo; +class SSLInfo; class UploadData; class URLRequestContext; class URLRequestJob; @@ -266,9 +267,12 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe) { // safe thing and Cancel() the request or decide to proceed by calling // ContinueDespiteLastError(). cert_error is a ERR_* error code // indicating what's wrong with the certificate. + // If |is_hsts_host| is true then the host in question is an HSTS host + // which demands a higher level of security. In this case, errors must not + // be bypassable by the user. virtual void OnSSLCertificateError(URLRequest* request, - int cert_error, - X509Certificate* cert); + const SSLInfo& ssl_info, + bool is_hsts_host); // Called when reading cookies to allow the delegate to block access to the // cookie. This method will never be invoked when LOAD_DO_NOT_SEND_COOKIES @@ -713,7 +717,8 @@ class NET_EXPORT URLRequest : NON_EXPORTED_BASE(public base::NonThreadSafe) { // of these functions. void NotifyAuthRequired(AuthChallengeInfo* auth_info); void NotifyCertificateRequested(SSLCertRequestInfo* cert_request_info); - void NotifySSLCertificateError(int cert_error, X509Certificate* cert); + void NotifySSLCertificateError(const SSLInfo& ssl_info, + bool is_hsts_host); bool CanGetCookies(const CookieList& cookie_list) const; bool CanSetCookie(const std::string& cookie_line, CookieOptions* options) const; diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc index cdb94faeb7e067..08b77626b61672 100644 --- a/net/url_request/url_request_http_job.cc +++ b/net/url_request/url_request_http_job.cc @@ -686,13 +686,18 @@ void URLRequestHttpJob::OnStartCompleted(int result) { if (result == OK) { SaveCookiesAndNotifyHeadersComplete(); - } else if (ShouldTreatAsCertificateError(result)) { + } else if (IsCertificateError(result)) { // We encountered an SSL certificate error. Ask our delegate to decide // what we should do. - // TODO(wtc): also pass ssl_info.cert_status, or just pass the whole - // ssl_info. - NotifySSLCertificateError( - result, transaction_->GetResponseInfo()->ssl_info.cert); + + TransportSecurityState::DomainState domain_state; + const bool is_hsts_host = + context_->transport_security_state() && + context_->transport_security_state()->IsEnabledForHost( + &domain_state, request_info_.url.host(), + SSLConfigService::IsSNIAvailable(context_->ssl_config_service())); + NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, + is_hsts_host); } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { NotifyCertificateRequested( transaction_->GetResponseInfo()->cert_request_info); @@ -719,27 +724,6 @@ void URLRequestHttpJob::OnReadCompleted(int result) { NotifyReadComplete(result); } -bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) { - if (!IsCertificateError(result)) - return false; - - // Revocation check failures are always certificate errors, even if the host - // is using Strict-Transport-Security. - if (result == ERR_CERT_UNABLE_TO_CHECK_REVOCATION) - return true; - - // Check whether our context is using Strict-Transport-Security. - if (!context_->transport_security_state()) - return true; - - TransportSecurityState::DomainState domain_state; - const bool r = context_->transport_security_state()->IsEnabledForHost( - &domain_state, request_info_.url.host(), - SSLConfigService::IsSNIAvailable(context_->ssl_config_service())); - - return !r; -} - void URLRequestHttpJob::RestartTransactionWithAuth( const string16& username, const string16& password) { diff --git a/net/url_request/url_request_http_job.h b/net/url_request/url_request_http_job.h index 8293c1333aa60b..883948dd97db04 100644 --- a/net/url_request/url_request_http_job.h +++ b/net/url_request/url_request_http_job.h @@ -59,8 +59,6 @@ class URLRequestHttpJob : public URLRequestJob { void OnReadCompleted(int result); void NotifyBeforeSendHeadersCallback(int result); - bool ShouldTreatAsCertificateError(int result); - void RestartTransactionWithAuth(const string16& username, const string16& password); diff --git a/net/url_request/url_request_job.cc b/net/url_request/url_request_job.cc index 47e38e96d91083..2a23d61a5141ee 100644 --- a/net/url_request/url_request_job.cc +++ b/net/url_request/url_request_job.cc @@ -228,12 +228,12 @@ void URLRequestJob::NotifyCertificateRequested( request_->NotifyCertificateRequested(cert_request_info); } -void URLRequestJob::NotifySSLCertificateError(int cert_error, - X509Certificate* cert) { +void URLRequestJob::NotifySSLCertificateError(const SSLInfo& ssl_info, + bool is_hsts_host) { if (!request_) return; // The request was destroyed, so there is no more work to do. - request_->NotifySSLCertificateError(cert_error, cert); + request_->NotifySSLCertificateError(ssl_info, is_hsts_host); } bool URLRequestJob::CanGetCookies(const CookieList& cookie_list) const { diff --git a/net/url_request/url_request_job.h b/net/url_request/url_request_job.h index 01547ccae50e6c..4231ddd0deacbc 100644 --- a/net/url_request/url_request_job.h +++ b/net/url_request/url_request_job.h @@ -30,6 +30,7 @@ class HttpRequestHeaders; class HttpResponseInfo; class IOBuffer; class SSLCertRequestInfo; +class SSLInfo; class URLRequest; class UploadData; class URLRequestStatus; @@ -197,7 +198,8 @@ class NET_EXPORT URLRequestJob : public base::RefCounted, void NotifyCertificateRequested(SSLCertRequestInfo* cert_request_info); // Notifies the job about an SSL certificate error. - void NotifySSLCertificateError(int cert_error, X509Certificate* cert); + void NotifySSLCertificateError(const SSLInfo& ssl_info, + bool is_hsts_host); // Delegates to URLRequest::Delegate. bool CanGetCookies(const CookieList& cookie_list) const; diff --git a/net/url_request/url_request_test_util.cc b/net/url_request/url_request_test_util.cc index f49d0c4da21082..bffad74dda686b 100644 --- a/net/url_request/url_request_test_util.cc +++ b/net/url_request/url_request_test_util.cc @@ -193,8 +193,8 @@ void TestDelegate::OnAuthRequired(net::URLRequest* request, } void TestDelegate::OnSSLCertificateError(net::URLRequest* request, - int cert_error, - net::X509Certificate* cert) { + const net::SSLInfo& ssl_info, + bool is_hsts_host) { // The caller can control whether it needs all SSL requests to go through, // independent of any possible errors, or whether it wants SSL errors to // cancel the request. diff --git a/net/url_request/url_request_test_util.h b/net/url_request/url_request_test_util.h index cac7a72179a685..f8ef867e4d1e3a 100644 --- a/net/url_request/url_request_test_util.h +++ b/net/url_request/url_request_test_util.h @@ -129,8 +129,8 @@ class TestDelegate : public net::URLRequest::Delegate { virtual void OnAuthRequired(net::URLRequest* request, net::AuthChallengeInfo* auth_info) OVERRIDE; virtual void OnSSLCertificateError(net::URLRequest* request, - int cert_error, - net::X509Certificate* cert) OVERRIDE; + const net::SSLInfo& ssl_info, + bool is_hsts_host) OVERRIDE; virtual bool CanGetCookies(const net::URLRequest* request, const net::CookieList& cookie_list) const OVERRIDE; virtual bool CanSetCookie(const net::URLRequest* request, diff --git a/webkit/fileapi/file_writer_delegate.cc b/webkit/fileapi/file_writer_delegate.cc index db28a22e21d783..34339a584f33cb 100644 --- a/webkit/fileapi/file_writer_delegate.cc +++ b/webkit/fileapi/file_writer_delegate.cc @@ -137,26 +137,29 @@ void FileWriterDelegate::Start(base::PlatformFile file, relay->Start(proxy_, FROM_HERE); } -void FileWriterDelegate::OnReceivedRedirect( - net::URLRequest* request, const GURL& new_url, bool* defer_redirect) { +void FileWriterDelegate::OnReceivedRedirect(net::URLRequest* request, + const GURL& new_url, + bool* defer_redirect) { NOTREACHED(); OnError(base::PLATFORM_FILE_ERROR_SECURITY); } -void FileWriterDelegate::OnAuthRequired( - net::URLRequest* request, net::AuthChallengeInfo* auth_info) { +void FileWriterDelegate::OnAuthRequired(net::URLRequest* request, + net::AuthChallengeInfo* auth_info) { NOTREACHED(); OnError(base::PLATFORM_FILE_ERROR_SECURITY); } void FileWriterDelegate::OnCertificateRequested( - net::URLRequest* request, net::SSLCertRequestInfo* cert_request_info) { + net::URLRequest* request, + net::SSLCertRequestInfo* cert_request_info) { NOTREACHED(); OnError(base::PLATFORM_FILE_ERROR_SECURITY); } -void FileWriterDelegate::OnSSLCertificateError( - net::URLRequest* request, int cert_error, net::X509Certificate* cert) { +void FileWriterDelegate::OnSSLCertificateError(net::URLRequest* request, + const net::SSLInfo& ssl_info, + bool is_hsts_host) { NOTREACHED(); OnError(base::PLATFORM_FILE_ERROR_SECURITY); } diff --git a/webkit/fileapi/file_writer_delegate.h b/webkit/fileapi/file_writer_delegate.h index 6d94e6e1667c0d..7f2521216f5e01 100644 --- a/webkit/fileapi/file_writer_delegate.h +++ b/webkit/fileapi/file_writer_delegate.h @@ -38,16 +38,20 @@ class FileWriterDelegate : public net::URLRequest::Delegate { return file_; } - virtual void OnReceivedRedirect( - net::URLRequest* request, const GURL& new_url, bool* defer_redirect); - virtual void OnAuthRequired( - net::URLRequest* request, net::AuthChallengeInfo* auth_info); + virtual void OnReceivedRedirect(net::URLRequest* request, + const GURL& new_url, + bool* defer_redirect) OVERRIDE; + virtual void OnAuthRequired(net::URLRequest* request, + net::AuthChallengeInfo* auth_info) OVERRIDE; virtual void OnCertificateRequested( - net::URLRequest* request, net::SSLCertRequestInfo* cert_request_info); - virtual void OnSSLCertificateError( - net::URLRequest* request, int cert_error, net::X509Certificate* cert); - virtual void OnResponseStarted(net::URLRequest* request); - virtual void OnReadCompleted(net::URLRequest* request, int bytes_read); + net::URLRequest* request, + net::SSLCertRequestInfo* cert_request_info) OVERRIDE; + virtual void OnSSLCertificateError(net::URLRequest* request, + const net::SSLInfo& ssl_info, + bool is_hsts_host) OVERRIDE; + virtual void OnResponseStarted(net::URLRequest* request) OVERRIDE; + virtual void OnReadCompleted(net::URLRequest* request, + int bytes_read) OVERRIDE; private: void OnGetFileInfoAndCallStartUpdate( diff --git a/webkit/tools/test_shell/simple_resource_loader_bridge.cc b/webkit/tools/test_shell/simple_resource_loader_bridge.cc index 6498e758790bc7..73fd0cb883ffc9 100644 --- a/webkit/tools/test_shell/simple_resource_loader_bridge.cc +++ b/webkit/tools/test_shell/simple_resource_loader_bridge.cc @@ -458,8 +458,8 @@ class RequestProxy : public net::URLRequest::Delegate, } virtual void OnSSLCertificateError(net::URLRequest* request, - int cert_error, - net::X509Certificate* cert) OVERRIDE { + const net::SSLInfo& ssl_info, + bool is_hsts_host) OVERRIDE { // Allow all certificate errors. request->ContinueDespiteLastError(); }