angler-fishThe Vulnerability History Project

Centralize the logic for checking public key pins from ClientSocketNSS

      and ProofVerifierChromium to TransportSecurityState::CheckPublicKeyPins.
This required adding an is_issued_by_known_root argument to this method.

In addition, CheckPublicKeyPins now only checks static pins if the
TransportSecurityState's enable_static_pins_ member is true. This defaults
to true only for official desktop builds. This also means that dynamic
pins are now checked on mobile and on non-official builds.

BUG=398925,391033

Review URL: https://codereview.chromium.org/433123003

Cr-Commit-Position: refs/heads/master@{#288435}
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@288435 0039d316-1c4b-4281-b951-d872f2087c98
by Christy the Zebra 2014-08-08 21:22:45 UTC
commit 8d60aa54abe0517d756c9d625ece75feabed613a
Chromium Fix CVE-2014-3166
net/http/http_security_headers_unittest.cc
+8 -24
net/http/transport_security_state.cc
+36 -88
net/http/transport_security_state.h
+6 -17
net/http/transport_security_state_unittest.cc
+36 -87
net/quic/crypto/proof_verifier_chromium.cc
+46 -8
net/socket/ssl_client_socket_nss.cc
+42 -9
expand_less