Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(743)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 10218007: net: don't remember TLS intolerant servers. (Closed)

Created:
8 years, 8 months ago by agl
Modified:
8 years, 8 months ago
Reviewers:
wtc, Ryan Sleevi
CC:
chromium-reviews
Visibility:
Public.

Description

net: don't remember TLS intolerant servers. I've seen a couple of reports recently where is was clear that an SNI-only hostname had ended up in the list of TLS-intolerant servers. The result is that the user sees the non-SNI certificate for that IP address, which doesn't match the requested hostname. The only way to clear this is to restart Chrome. This change partly reverts r45088 so that we will no longer remember TLS-intolerant servers. This means that we'll perform SSLv3 fallback for every connection, if needed. That's unfortunate for truly TLS-intolerant servers, but it also means that we'll get back to TLS much faster in the event of a transient network error trigger fallback. BUG=none TEST=net_unittests Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=134129

Patch Set 1 #

Total comments: 6

Patch Set 2 : Addressing wtc's comments #

Unified diffs Side-by-side diffs Delta from patch set Stats (+120 lines, -35 lines) Patch
M net/http/http_network_transaction.cc View 1 1 chunk +4 lines, -2 lines 0 comments Download
M net/http/http_stream_factory.h View 1 chunk +0 lines, -3 lines 0 comments Download
M net/http/http_stream_factory_impl.h View 2 chunks +0 lines, -4 lines 0 comments Download
M net/http/http_stream_factory_impl.cc View 1 chunk +0 lines, -9 lines 0 comments Download
M net/http/http_stream_factory_impl_job.cc View 1 chunk +0 lines, -7 lines 0 comments Download
M net/test/base_test_server.h View 1 1 chunk +4 lines, -0 lines 0 comments Download
M net/test/base_test_server.cc View 2 chunks +6 lines, -2 lines 0 comments Download
M net/tools/testserver/testserver.py View 1 4 chunks +11 lines, -3 lines 0 comments Download
M net/url_request/url_request_unittest.cc View 1 1 chunk +23 lines, -0 lines 0 comments Download
M third_party/tlslite/README.chromium View 1 1 chunk +1 line, -0 lines 0 comments Download
A third_party/tlslite/patches/tls_intolerant.patch View 1 chunk +60 lines, -0 lines 0 comments Download
M third_party/tlslite/tlslite/TLSConnection.py View 4 chunks +11 lines, -5 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
agl
8 years, 8 months ago (2012-04-24 23:01:05 UTC) #1
wtc
Patch set 1 LGTM. https://chromiumcodereview.appspot.com/10218007/diff/1/net/http/http_stream_factory_impl_job.cc File net/http/http_stream_factory_impl_job.cc (left): https://chromiumcodereview.appspot.com/10218007/diff/1/net/http/http_stream_factory_impl_job.cc#oldcode1056 net/http/http_stream_factory_impl_job.cc:1056: << origin_server.ToString(); Move this warning ...
8 years, 8 months ago (2012-04-26 00:49:14 UTC) #2
agl
https://chromiumcodereview.appspot.com/10218007/diff/1/net/http/http_stream_factory_impl_job.cc File net/http/http_stream_factory_impl_job.cc (left): https://chromiumcodereview.appspot.com/10218007/diff/1/net/http/http_stream_factory_impl_job.cc#oldcode1056 net/http/http_stream_factory_impl_job.cc:1056: << origin_server.ToString(); On 2012/04/26 00:49:14, wtc wrote: > > ...
8 years, 8 months ago (2012-04-26 17:03:29 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/agl@chromium.org/10218007/6001
8 years, 8 months ago (2012-04-26 17:03:43 UTC) #4
commit-bot: I haz the power
8 years, 8 months ago (2012-04-26 18:45:35 UTC) #5 
Change committed as 134129

Powered by Google App Engine
This is Rietveld 408576698