net: make pinning enforcement timeout after ten weeks.

Some users fall off the update train. We don't want to build up a non-trival population of people who have pins that we might want to change. BUG=103283 TEST=Check that https://pinningtest.appspot.com fails in official builds. http://codereview.chromium.org/8467031/ git-svn-id: svn://svn.chromium.org/chrome/trunk/src@110491 0039d316-1c4b-4281-b951-d872f2087c98

net: make pinning enforcement timeout after ten weeks.
Some users fall off the update train. We don't want to build up a non-trival population of people who have pins that we might want to change. BUG=103283 TEST=Check that https://pinningtest.appspot.com fails in official builds. http://codereview.chromium.org/8467031/ git-svn-id: svn://svn.chromium.org/chrome/trunk/src@110491 0039d316-1c4b-4281-b951-d872f2087c98
4f9e5c83 · agl@chromium.org · f9dfa2a0 · 4f9e5c83
Commit 4f9e5c83 authored Nov 17, 2011 by agl@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 20 additions and 10 deletions

net/url_request/url_request_http_job.cc net/url_request/url_request_http_job.cc +20 -10

No files found.
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -4,8 +4,9 @@
 #include "net/url_request/url_request_http_job.h"
-#include "base/bind.h"
 #include "base/base_switches.h"
+#include "base/bind.h"
+#include "base/build_time.h"
 #include "base/command_line.h"
 #include "base/compiler_specific.h"
 #include "base/file_util.h"
@@ -660,7 +661,8 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
  // Clear the IO_PENDING status
  SetStatus(URLRequestStatus());
-#if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID)
+// TODO(agl): reenable guards once the builders have checked the code within.
+//#if defined(OFFICIAL_BUILD) && !defined(OS_ANDROID)
  // Take care of any mandates for public key pinning.
  //
  // Pinning is only enabled for official builds to make sure that others don't
@@ -685,20 +687,28 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
              &domain_state, host, sni_available)) {
        if (!domain_state.IsChainOfPublicKeysPermitted(
                ssl_info.public_key_hashes)) {
-          result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
+          const base::Time build_time = base::GetBuildTime();
-          UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false);
+          // Pins are not enforced if the build is sufficiently old. Chrome
-          TransportSecurityState::ReportUMAOnPinFailure(host);
+          // users should get updates every six weeks or so, but it's possible
-          FraudulentCertificateReporter* reporter =
+          // that some users will stop getting updates for some reason. We
-              context_->fraudulent_certificate_reporter();
+          // don't want those users building up as a pool of people with bad
-          if (reporter != NULL)
+          // pins.
-            reporter->SendReport(host, ssl_info, sni_available);
+          if ((base::Time::Now() - build_time).InDays() < 70 /* 10 weeks */) {
+            result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
+            UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", false);
+            TransportSecurityState::ReportUMAOnPinFailure(host);
+            FraudulentCertificateReporter* reporter =
+                context_->fraudulent_certificate_reporter();
+            if (reporter != NULL)
+              reporter->SendReport(host, ssl_info, sni_available);
+          }
        } else {
          UMA_HISTOGRAM_BOOLEAN("Net.PublicKeyPinSuccess", true);
        }
      }
    }
  }
-#endif
+//#endif
  if (result == OK) {
    scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders();