Google Git
Sign in
chromium / chromium / src.git / eb5f8ef3d692e2a9fb6ad6837426da2b9e2c0ee9^! / . / chrome / browser / io_thread.cc
commiteb5f8ef3d692e2a9fb6ad6837426da2b9e2c0ee9[log] [tgz]
authordavidben <[email protected]>Thu Sep 04 14:14:32 2014
committerCommit bot <[email protected]>Thu Sep 04 14:16:03 2014
treea8dde0e4478262bea990516c0d1c3f52446a6710
parent9520d408282a2a498ef6fc20f9abacfb899abbe7 [diff] [blame]
Enable Certificate Transparency in the OpenSSL port.

Also add tests that assert OCSP responses and SCT extensions are returned in
the expected format.

BUG=408687
TEST=open https://embed.ct.digicert.com/ in Chrome for Android and
     tap the lock icon. Popup should say "The identity of this
     [...] and is publicly auditable."

Review URL: https://codereview.chromium.org/517083002

Cr-Commit-Position: refs/heads/master@{#293295}

diff --git a/chrome/browser/io_thread.cc b/chrome/browser/io_thread.cc
index e32efc28..595c01b 100644
--- a/chrome/browser/io_thread.cc
+++ b/chrome/browser/io_thread.cc

@@ -49,7 +49,9 @@
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_proc.h"
 #include "net/cert/ct_known_logs.h"
+#include "net/cert/ct_log_verifier.h"
 #include "net/cert/ct_verifier.h"
+#include "net/cert/multi_log_ct_verifier.h"
 #include "net/cert/multi_threaded_cert_verifier.h"
 #include "net/cookies/cookie_store.h"
 #include "net/dns/host_cache.h"
@@ -88,11 +90,6 @@
 #include "chrome/browser/extensions/event_router_forwarder.h"
 #endif
 
-#if !defined(USE_OPENSSL)
-#include "net/cert/ct_log_verifier.h"
-#include "net/cert/multi_log_ct_verifier.h"
-#endif
-
 #if defined(USE_NSS) || defined(OS_IOS)
 #include "net/ocsp/nss_ocsp.h"
 #endif
@@ -593,10 +590,8 @@
       net::CertVerifyProc::CreateDefault()));
 #endif
 
-    globals_->transport_security_state.reset(new net::TransportSecurityState());
-#if !defined(USE_OPENSSL)
-  // For now, Certificate Transparency is only implemented for platforms
-  // that use NSS.
+  globals_->transport_security_state.reset(new net::TransportSecurityState());
+
   net::MultiLogCTVerifier* ct_verifier = new net::MultiLogCTVerifier();
   globals_->cert_transparency_verifier.reset(ct_verifier);
 
@@ -628,12 +623,7 @@
       ct_verifier->AddLog(external_log_verifier.Pass());
     }
   }
-#else
-  if (command_line.HasSwitch(switches::kCertificateTransparencyLog)) {
-    LOG(DFATAL) << "Certificate Transparency is not yet supported in Chrome "
-                   "builds using OpenSSL.";
-  }
-#endif
+
   globals_->ssl_config_service = GetSSLConfigService();
 
 #if defined(SPDY_PROXY_AUTH_ORIGIN)