From 18ebedbcbcb280116c04c189a469c94269c0858b Mon Sep 17 00:00:00 2001
From: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
Date: Thu, 29 Sep 2016 17:27:39 +0200
Subject: [PATCH] Add known logs to certificate transparency
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This is needed to avoid certificate errors when google servers ask us
to enforce certificate transparency.
Change-Id: I0199d29502b94b05c336ef24eac5f3783d171767
Reviewed-by: Michael Brüning <michael.bruning@qt.io>
---
src/core/url_request_context_getter_qt.cpp | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/src/core/url_request_context_getter_qt.cpp b/src/core/url_request_context_getter_qt.cpp
index e5df27135..61f359a87 100644
--- a/src/core/url_request_context_getter_qt.cpp
+++ b/src/core/url_request_context_getter_qt.cpp
@@ -49,6 +49,7 @@
#include "content/public/common/content_switches.h"
#include "net/base/cache_type.h"
#include "net/cert/cert_verifier.h"
+#include "net/cert/ct_known_logs.h"
#include "net/cert/ct_log_verifier.h"
#include "net/cert/ct_policy_enforcer.h"
#include "net/cert/multi_log_ct_verifier.h"
@@ -229,7 +230,9 @@ void URLRequestContextGetterQt::generateStorage()
Q_ASSERT(proxyConfigService);
m_storage->set_cert_verifier(net::CertVerifier::CreateDefault());
- m_storage->set_cert_transparency_verifier(base::WrapUnique(new net::MultiLogCTVerifier()));
+ std::unique_ptr<net::MultiLogCTVerifier> ct_verifier(new net::MultiLogCTVerifier());
+ ct_verifier->AddLogs(net::ct::CreateLogVerifiersForKnownLogs());
+ m_storage->set_cert_transparency_verifier(std::move(ct_verifier));
m_storage->set_ct_policy_enforcer(base::WrapUnique(new net::CTPolicyEnforcer));
std::unique_ptr<net::HostResolver> host_resolver(net::HostResolver::CreateDefaultResolver(NULL));
@@ -422,6 +425,10 @@ static bool doNetworkSessionParamsMatch(const net::HttpNetworkSession::Params &f
return false;
if (first.host_resolver != second.host_resolver)
return false;
+ if (first.cert_transparency_verifier != second.cert_transparency_verifier)
+ return false;
+ if (first.ct_policy_enforcer != second.ct_policy_enforcer)
+ return false;
return true;
}
--
GitLab