From 814ef465a4ddf90f20cf796b90ae2264fee67e39 Mon Sep 17 00:00:00 2001
From: Ken Mixter <kmixter@chromium.org>
Date: Thu, 18 Nov 2010 17:29:32 -0800
Subject: [PATCH] crash-reporter: use HTTPS when sending crashes

Change-Id: Ibca5616ba449dd1f96ae418a46b372d1a2f55412

BUG=9352
TEST=manual update and User/CrashSender

Review URL: http://codereview.chromium.org/5092009
---
 crash_reporter/crash_sender | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/crash_reporter/crash_sender b/crash_reporter/crash_sender
index 2e56dec58..71792a952 100644
--- a/crash_reporter/crash_sender
+++ b/crash_reporter/crash_sender
@@ -46,7 +46,7 @@ MOCK_CRASH_SENDING="/tmp/mock-crash-sending"
 PAUSE_CRASH_SENDING="/var/lib/crash_sender_paused"
 
 # URL to send official build crash reports to.
-REPORT_UPLOAD_PROD_URL="http://clients2.google.com/cr/report"
+REPORT_UPLOAD_PROD_URL="https://clients2.google.com/cr/report"
 
 # File whose existence implies we're running and not to start again.
 RUN_FILE="/var/run/crash_sender.pid"
@@ -61,6 +61,10 @@ TAG="$(basename $0)[$$]"
 # hours.
 TIMESTAMPS_DIR="/var/lib/crash_sender"
 
+# Path to a directory of restricted certificates which includes
+# a certificate for ${REPORT_UPLOAD_PROD_URL}.
+RESTRICTED_CERTIFICATES_PATH="/usr/share/chromeos-ca-certificates"
+
 # Temp directory for this process.
 TMP_DIR=""
 
@@ -254,6 +258,7 @@ send_crash() {
 
   set +e
   curl "${url}" \
+    --capath "${RESTRICTED_CERTIFICATES_PATH}" --ciphers HIGH \
     -F "prod=${CHROMEOS_PRODUCT}" \
     -F "ver=${chromeos_version}" \
     -F "upload_file_${kind}=@${report_payload}" \
@@ -382,7 +387,8 @@ main() {
 
   check_not_already_running
 
-  for dependency in "${FIND}" "${METRICS_CLIENT}"; do
+  for dependency in "${FIND}" "${METRICS_CLIENT}" \
+                    "${RESTRICTED_CERTIFICATES_PATH}"; do
     if [ ! -x "${dependency}" ]; then
       lecho "Fatal: Crash sending disabled: ${dependency} not found."
       exit 1