crash-reporter: use HTTPS when sending crashes
Change-Id: Ibca5616ba449dd1f96ae418a46b372d1a2f55412
BUG=9352
TEST=manual update and User/CrashSender
Review URL: http://codereview.chromium.org/5092009
diff --git a/crash_reporter/crash_sender b/crash_reporter/crash_sender
index 2e56dec..71792a9 100644
--- a/crash_reporter/crash_sender
+++ b/crash_reporter/crash_sender
@@ -46,7 +46,7 @@
PAUSE_CRASH_SENDING="/var/lib/crash_sender_paused"
# URL to send official build crash reports to.
-REPORT_UPLOAD_PROD_URL="http://clients2.google.com/cr/report"
+REPORT_UPLOAD_PROD_URL="https://clients2.google.com/cr/report"
# File whose existence implies we're running and not to start again.
RUN_FILE="/var/run/crash_sender.pid"
@@ -61,6 +61,10 @@
# hours.
TIMESTAMPS_DIR="/var/lib/crash_sender"
+# Path to a directory of restricted certificates which includes
+# a certificate for ${REPORT_UPLOAD_PROD_URL}.
+RESTRICTED_CERTIFICATES_PATH="/usr/share/chromeos-ca-certificates"
+
# Temp directory for this process.
TMP_DIR=""
@@ -254,6 +258,7 @@
set +e
curl "${url}" \
+ --capath "${RESTRICTED_CERTIFICATES_PATH}" --ciphers HIGH \
-F "prod=${CHROMEOS_PRODUCT}" \
-F "ver=${chromeos_version}" \
-F "upload_file_${kind}=@${report_payload}" \
@@ -382,7 +387,8 @@
check_not_already_running
- for dependency in "${FIND}" "${METRICS_CLIENT}"; do
+ for dependency in "${FIND}" "${METRICS_CLIENT}" \
+ "${RESTRICTED_CERTIFICATES_PATH}"; do
if [ ! -x "${dependency}" ]; then
lecho "Fatal: Crash sending disabled: ${dependency} not found."
exit 1