| OLD | NEW |
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include "base/compiler_specific.h" | 7 #include "base/compiler_specific.h" |
| 8 #include "base/field_trial.h" | 8 #include "base/field_trial.h" |
| 9 #include "base/format_macros.h" | 9 #include "base/format_macros.h" |
| 10 #include "base/histogram.h" | 10 #include "base/histogram.h" |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 54 // off to SSLv3 for. | 54 // off to SSLv3 for. |
| 55 std::set<std::string>* g_tls_intolerant_servers = NULL; | 55 std::set<std::string>* g_tls_intolerant_servers = NULL; |
| 56 | 56 |
| 57 void BuildRequestHeaders(const HttpRequestInfo* request_info, | 57 void BuildRequestHeaders(const HttpRequestInfo* request_info, |
| 58 const HttpRequestHeaders& authorization_headers, | 58 const HttpRequestHeaders& authorization_headers, |
| 59 const UploadDataStream* upload_data_stream, | 59 const UploadDataStream* upload_data_stream, |
| 60 bool using_proxy, | 60 bool using_proxy, |
| 61 std::string* request_line, | 61 std::string* request_line, |
| 62 HttpRequestHeaders* request_headers) { | 62 HttpRequestHeaders* request_headers) { |
| 63 const std::string path = using_proxy ? | 63 const std::string path = using_proxy ? |
| 64 HttpUtil::SpecForRequest(request_info->url) : | 64 HttpUtil::SpecForRequest(request_info->url) : |
| 65 HttpUtil::PathForRequest(request_info->url); | 65 HttpUtil::PathForRequest(request_info->url); |
| 66 *request_line = StringPrintf( | 66 *request_line = StringPrintf( |
| 67 "%s %s HTTP/1.1\r\n", request_info->method.c_str(), path.c_str()); | 67 "%s %s HTTP/1.1\r\n", request_info->method.c_str(), path.c_str()); |
| 68 request_headers->SetHeader(HttpRequestHeaders::kHost, | 68 request_headers->SetHeader(HttpRequestHeaders::kHost, |
| 69 GetHostAndOptionalPort(request_info->url)); | 69 GetHostAndOptionalPort(request_info->url)); |
| 70 | 70 |
| 71 // For compat with HTTP/1.0 servers and proxies: | 71 // For compat with HTTP/1.0 servers and proxies: |
| 72 if (using_proxy) { | 72 if (using_proxy) { |
| 73 request_headers->SetHeader(HttpRequestHeaders::kProxyConnection, | 73 request_headers->SetHeader(HttpRequestHeaders::kProxyConnection, |
| 74 "keep-alive"); | 74 "keep-alive"); |
| 75 } else { | 75 } else { |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 111 // e.g., plugins from overriding headers that are controlled using other | 111 // e.g., plugins from overriding headers that are controlled using other |
| 112 // means. Otherwise a plugin could set a referrer although sending the | 112 // means. Otherwise a plugin could set a referrer although sending the |
| 113 // referrer is inhibited. | 113 // referrer is inhibited. |
| 114 // TODO(jochen): check whether also other headers should be stripped. | 114 // TODO(jochen): check whether also other headers should be stripped. |
| 115 static const char* const kExtraHeadersToBeStripped[] = { | 115 static const char* const kExtraHeadersToBeStripped[] = { |
| 116 "Referer" | 116 "Referer" |
| 117 }; | 117 }; |
| 118 | 118 |
| 119 HttpRequestHeaders stripped_extra_headers; | 119 HttpRequestHeaders stripped_extra_headers; |
| 120 stripped_extra_headers.CopyFrom(request_info->extra_headers); | 120 stripped_extra_headers.CopyFrom(request_info->extra_headers); |
| 121 for (size_t i = 0; i < arraysize(kExtraHeadersToBeStripped); ++i) | 121 for (size_t i = 0; i < arraysize(kExtraHeadersToBeStripped); ++i) |
| 122 stripped_extra_headers.RemoveHeader(kExtraHeadersToBeStripped[i]); | 122 stripped_extra_headers.RemoveHeader(kExtraHeadersToBeStripped[i]); |
| 123 request_headers->MergeFrom(stripped_extra_headers); | 123 request_headers->MergeFrom(stripped_extra_headers); |
| 124 } | 124 } |
| 125 | 125 |
| 126 // The HTTP CONNECT method for establishing a tunnel connection is documented | 126 // The HTTP CONNECT method for establishing a tunnel connection is documented |
| 127 // in draft-luotonen-web-proxy-tunneling-01.txt and RFC 2817, Sections 5.2 and | 127 // in draft-luotonen-web-proxy-tunneling-01.txt and RFC 2817, Sections 5.2 and |
| 128 // 5.3. | 128 // 5.3. |
| 129 void BuildTunnelRequest(const HttpRequestInfo* request_info, | 129 void BuildTunnelRequest(const HttpRequestInfo* request_info, |
| 130 const HttpRequestHeaders& authorization_headers, | 130 const HttpRequestHeaders& authorization_headers, |
| 131 const HostPortPair& endpoint, | 131 const HostPortPair& endpoint, |
| 132 std::string* request_line, | 132 std::string* request_line, |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 178 if (!StringToInt(port_protocol_vector[0], &port) || | 178 if (!StringToInt(port_protocol_vector[0], &port) || |
| 179 port <= 0 || port >= 1 << 16) { | 179 port <= 0 || port >= 1 << 16) { |
| 180 DLOG(WARNING) << HttpAlternateProtocols::kHeader | 180 DLOG(WARNING) << HttpAlternateProtocols::kHeader |
| 181 << " header has unrecognizable port: " | 181 << " header has unrecognizable port: " |
| 182 << port_protocol_vector[0]; | 182 << port_protocol_vector[0]; |
| 183 return; | 183 return; |
| 184 } | 184 } |
| 185 | 185 |
| 186 if (port_protocol_vector[1] != | 186 if (port_protocol_vector[1] != |
| 187 HttpAlternateProtocols::kProtocolStrings[ | 187 HttpAlternateProtocols::kProtocolStrings[ |
| 188 HttpAlternateProtocols::NPN_SPDY_1]) { | 188 HttpAlternateProtocols::NPN_SPDY_1]) { |
| 189 // Currently, we only recognize the npn-spdy protocol. | 189 // Currently, we only recognize the npn-spdy protocol. |
| 190 DLOG(WARNING) << HttpAlternateProtocols::kHeader | 190 DLOG(WARNING) << HttpAlternateProtocols::kHeader |
| 191 << " header has unrecognized protocol: " | 191 << " header has unrecognized protocol: " |
| 192 << port_protocol_vector[1]; | 192 << port_protocol_vector[1]; |
| 193 return; | 193 return; |
| 194 } | 194 } |
| 195 | 195 |
| 196 if (alternate_protocols->HasAlternateProtocolFor(http_host_port_pair)) { | 196 if (alternate_protocols->HasAlternateProtocolFor(http_host_port_pair)) { |
| 197 const HttpAlternateProtocols::PortProtocolPair existing_alternate = | 197 const HttpAlternateProtocols::PortProtocolPair existing_alternate = |
| 198 alternate_protocols->GetAlternateProtocolFor(http_host_port_pair); | 198 alternate_protocols->GetAlternateProtocolFor(http_host_port_pair); |
| (...skipping 551 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 750 if (session_->spdy_session_pool()->HasSession(endpoint_)) { | 750 if (session_->spdy_session_pool()->HasSession(endpoint_)) { |
| 751 using_spdy_ = true; | 751 using_spdy_ = true; |
| 752 return OK; | 752 return OK; |
| 753 } | 753 } |
| 754 | 754 |
| 755 connection_group = endpoint_.ToString(); | 755 connection_group = endpoint_.ToString(); |
| 756 DCHECK(!connection_group.empty()); | 756 DCHECK(!connection_group.empty()); |
| 757 | 757 |
| 758 // If the user is refreshing the page, bypass the host cache. | 758 // If the user is refreshing the page, bypass the host cache. |
| 759 bool disable_resolver_cache = request_->load_flags & LOAD_BYPASS_CACHE || | 759 bool disable_resolver_cache = request_->load_flags & LOAD_BYPASS_CACHE || |
| 760 request_->load_flags & LOAD_DISABLE_CACHE; | 760 request_->load_flags & LOAD_DISABLE_CACHE; |
| 761 | 761 |
| 762 int rv; | 762 int rv; |
| 763 if (!proxy_info_.is_direct()) { | 763 if (!proxy_info_.is_direct()) { |
| 764 ProxyServer proxy_server = proxy_info_.proxy_server(); | 764 ProxyServer proxy_server = proxy_info_.proxy_server(); |
| 765 HostPortPair proxy_host_port_pair(proxy_server.HostNoBrackets(), | 765 HostPortPair proxy_host_port_pair(proxy_server.HostNoBrackets(), |
| 766 proxy_server.port()); | 766 proxy_server.port()); |
| 767 | 767 |
| 768 TCPSocketParams tcp_params(proxy_host_port_pair, request_->priority, | 768 TCPSocketParams tcp_params(proxy_host_port_pair, request_->priority, |
| 769 request_->referrer, disable_resolver_cache); | 769 request_->referrer, disable_resolver_cache); |
| 770 | 770 |
| (...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 906 } | 906 } |
| 907 } | 907 } |
| 908 | 908 |
| 909 if (result == OK) { | 909 if (result == OK) { |
| 910 DCHECK(ssl_connect_start_time_ != base::TimeTicks()); | 910 DCHECK(ssl_connect_start_time_ != base::TimeTicks()); |
| 911 base::TimeDelta connect_duration = | 911 base::TimeDelta connect_duration = |
| 912 base::TimeTicks::Now() - ssl_connect_start_time_; | 912 base::TimeTicks::Now() - ssl_connect_start_time_; |
| 913 | 913 |
| 914 if (using_spdy_) { | 914 if (using_spdy_) { |
| 915 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SpdyConnectionLatency", | 915 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SpdyConnectionLatency", |
| 916 connect_duration, | 916 connect_duration, |
| 917 base::TimeDelta::FromMilliseconds(1), | 917 base::TimeDelta::FromMilliseconds(1), |
| 918 base::TimeDelta::FromMinutes(10), | 918 base::TimeDelta::FromMinutes(10), |
| 919 100); | 919 100); |
| 920 | 920 |
| 921 UpdateConnectionTypeHistograms(CONNECTION_SPDY); | 921 UpdateConnectionTypeHistograms(CONNECTION_SPDY); |
| 922 next_state_ = STATE_SPDY_SEND_REQUEST; | 922 next_state_ = STATE_SPDY_SEND_REQUEST; |
| 923 } else { | 923 } else { |
| 924 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency", | 924 UMA_HISTOGRAM_CUSTOM_TIMES("Net.SSL_Connection_Latency", |
| 925 connect_duration, | 925 connect_duration, |
| 926 base::TimeDelta::FromMilliseconds(1), | 926 base::TimeDelta::FromMilliseconds(1), |
| 927 base::TimeDelta::FromMinutes(10), | 927 base::TimeDelta::FromMinutes(10), |
| 928 100); | 928 100); |
| 929 | 929 |
| 930 next_state_ = STATE_SEND_REQUEST; | 930 next_state_ = STATE_SEND_REQUEST; |
| 931 } | 931 } |
| 932 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { | 932 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
| 933 result = HandleCertificateRequest(result); | 933 result = HandleCertificateRequest(result); |
| 934 } else { | 934 } else { |
| 935 result = HandleSSLHandshakeError(result); | 935 result = HandleSSLHandshakeError(result); |
| 936 } | 936 } |
| 937 return result; | 937 return result; |
| 938 } | 938 } |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1102 next_state_ = STATE_SSL_CONNECT; | 1102 next_state_ = STATE_SSL_CONNECT; |
| 1103 // Reset for the real request and response headers. | 1103 // Reset for the real request and response headers. |
| 1104 request_headers_.clear(); | 1104 request_headers_.clear(); |
| 1105 http_stream_.reset(new HttpBasicStream(connection_.get(), net_log_)); | 1105 http_stream_.reset(new HttpBasicStream(connection_.get(), net_log_)); |
| 1106 headers_valid_ = false; | 1106 headers_valid_ = false; |
| 1107 establishing_tunnel_ = false; | 1107 establishing_tunnel_ = false; |
| 1108 // TODO(mbelshe): We should put in a test case to trip this code path. | 1108 // TODO(mbelshe): We should put in a test case to trip this code path. |
| 1109 response_ = HttpResponseInfo(); | 1109 response_ = HttpResponseInfo(); |
| 1110 return OK; | 1110 return OK; |
| 1111 | 1111 |
| 1112 // We aren't able to CONNECT to the remote host through the proxy. We | 1112 // We aren't able to CONNECT to the remote host through the proxy. We |
| 1113 // need to be very suspicious about the response because an active network | 1113 // need to be very suspicious about the response because an active |
| 1114 // attacker can force us into this state by masquerading as the proxy. | 1114 // network attacker can force us into this state by masquerading as the |
| 1115 // The only safe thing to do here is to fail the connection because our | 1115 // proxy. The only safe thing to do here is to fail the connection |
| 1116 // client is expecting an SSL protected response. | 1116 // because our client is expecting an SSL protected response. |
| 1117 // See http://crbug.com/7338. | 1117 // See http://crbug.com/7338. |
| 1118 case 407: // Proxy Authentication Required | 1118 case 407: // Proxy Authentication Required |
| 1119 // We need this status code to allow proxy authentication. Our | 1119 // We need this status code to allow proxy authentication. Our |
| 1120 // authentication code is smart enough to avoid being tricked by an | 1120 // authentication code is smart enough to avoid being tricked by an |
| 1121 // active network attacker. | 1121 // active network attacker. |
| 1122 break; | 1122 break; |
| 1123 default: | 1123 default: |
| 1124 // For all other status codes, we conservatively fail the CONNECT | 1124 // For all other status codes, we conservatively fail the CONNECT |
| 1125 // request. | 1125 // request. |
| 1126 // We lose something by doing this. We have seen proxy 403, 404, and | 1126 // We lose something by doing this. We have seen proxy 403, 404, and |
| 1127 // 501 response bodies that contain a useful error message. For | 1127 // 501 response bodies that contain a useful error message. For |
| (...skipping 200 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1328 | 1328 |
| 1329 if (result <= 0) | 1329 if (result <= 0) |
| 1330 spdy_stream_ = NULL; | 1330 spdy_stream_ = NULL; |
| 1331 | 1331 |
| 1332 return result; | 1332 return result; |
| 1333 } | 1333 } |
| 1334 | 1334 |
| 1335 void HttpNetworkTransaction::LogHttpConnectedMetrics( | 1335 void HttpNetworkTransaction::LogHttpConnectedMetrics( |
| 1336 const ClientSocketHandle& handle) { | 1336 const ClientSocketHandle& handle) { |
| 1337 UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(), | 1337 UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(), |
| 1338 ClientSocketHandle::NUM_TYPES); | 1338 ClientSocketHandle::NUM_TYPES); |
| 1339 | 1339 |
| 1340 switch (handle.reuse_type()) { | 1340 switch (handle.reuse_type()) { |
| 1341 case ClientSocketHandle::UNUSED: | 1341 case ClientSocketHandle::UNUSED: |
| 1342 UMA_HISTOGRAM_CUSTOM_TIMES("Net.HttpConnectionLatency", | 1342 UMA_HISTOGRAM_CUSTOM_TIMES("Net.HttpConnectionLatency", |
| 1343 handle.setup_time(), | 1343 handle.setup_time(), |
| 1344 base::TimeDelta::FromMilliseconds(1), | 1344 base::TimeDelta::FromMilliseconds(1), |
| 1345 base::TimeDelta::FromMinutes(10), | 1345 base::TimeDelta::FromMinutes(10), |
| 1346 100); | 1346 100); |
| 1347 break; | 1347 break; |
| 1348 case ClientSocketHandle::UNUSED_IDLE: | 1348 case ClientSocketHandle::UNUSED_IDLE: |
| (...skipping 12 matching lines...) Expand all Loading... |
| 1361 break; | 1361 break; |
| 1362 default: | 1362 default: |
| 1363 NOTREACHED(); | 1363 NOTREACHED(); |
| 1364 break; | 1364 break; |
| 1365 } | 1365 } |
| 1366 } | 1366 } |
| 1367 | 1367 |
| 1368 void HttpNetworkTransaction::LogIOErrorMetrics( | 1368 void HttpNetworkTransaction::LogIOErrorMetrics( |
| 1369 const ClientSocketHandle& handle) { | 1369 const ClientSocketHandle& handle) { |
| 1370 UMA_HISTOGRAM_ENUMERATION("Net.IOError_SocketReuseType", | 1370 UMA_HISTOGRAM_ENUMERATION("Net.IOError_SocketReuseType", |
| 1371 handle.reuse_type(), ClientSocketHandle::NUM_TYPES); | 1371 handle.reuse_type(), ClientSocketHandle::NUM_TYPES); |
| 1372 | 1372 |
| 1373 switch (handle.reuse_type()) { | 1373 switch (handle.reuse_type()) { |
| 1374 case ClientSocketHandle::UNUSED: | 1374 case ClientSocketHandle::UNUSED: |
| 1375 break; | 1375 break; |
| 1376 case ClientSocketHandle::UNUSED_IDLE: | 1376 case ClientSocketHandle::UNUSED_IDLE: |
| 1377 UMA_HISTOGRAM_CUSTOM_TIMES( | 1377 UMA_HISTOGRAM_CUSTOM_TIMES( |
| 1378 "Net.SocketIdleTimeOnIOError2_UnusedSocket", | 1378 "Net.SocketIdleTimeOnIOError2_UnusedSocket", |
| 1379 handle.idle_time(), base::TimeDelta::FromMilliseconds(1), | 1379 handle.idle_time(), base::TimeDelta::FromMilliseconds(1), |
| 1380 base::TimeDelta::FromMinutes(6), 100); | 1380 base::TimeDelta::FromMinutes(6), 100); |
| 1381 break; | 1381 break; |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1421 UMA_HISTOGRAM_CLIPPED_TIMES( | 1421 UMA_HISTOGRAM_CLIPPED_TIMES( |
| 1422 "Net.Priority_Low_Latency", | 1422 "Net.Priority_Low_Latency", |
| 1423 total_duration, | 1423 total_duration, |
| 1424 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), | 1424 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), |
| 1425 100); | 1425 100); |
| 1426 } | 1426 } |
| 1427 } | 1427 } |
| 1428 | 1428 |
| 1429 void HttpNetworkTransaction::LogTransactionMetrics() const { | 1429 void HttpNetworkTransaction::LogTransactionMetrics() const { |
| 1430 base::TimeDelta duration = base::Time::Now() - | 1430 base::TimeDelta duration = base::Time::Now() - |
| 1431 response_.request_time; | 1431 response_.request_time; |
| 1432 if (60 < duration.InMinutes()) | 1432 if (60 < duration.InMinutes()) |
| 1433 return; | 1433 return; |
| 1434 | 1434 |
| 1435 base::TimeDelta total_duration = base::Time::Now() - start_time_; | 1435 base::TimeDelta total_duration = base::Time::Now() - start_time_; |
| 1436 | 1436 |
| 1437 UMA_HISTOGRAM_LONG_TIMES("Net.Transaction_Latency", duration); | 1437 UMA_HISTOGRAM_LONG_TIMES("Net.Transaction_Latency", duration); |
| 1438 UMA_HISTOGRAM_CLIPPED_TIMES("Net.Transaction_Latency_Under_10", duration, | 1438 UMA_HISTOGRAM_CLIPPED_TIMES("Net.Transaction_Latency_Under_10", duration, |
| 1439 base::TimeDelta::FromMilliseconds(1), base::TimeDelta::FromMinutes(10), | 1439 base::TimeDelta::FromMilliseconds(1), |
| 1440 100); | 1440 base::TimeDelta::FromMinutes(10), |
| 1441 100); |
| 1441 UMA_HISTOGRAM_CLIPPED_TIMES("Net.Transaction_Latency_Total_Under_10", | 1442 UMA_HISTOGRAM_CLIPPED_TIMES("Net.Transaction_Latency_Total_Under_10", |
| 1442 total_duration, base::TimeDelta::FromMilliseconds(1), | 1443 total_duration, |
| 1443 base::TimeDelta::FromMinutes(10), 100); | 1444 base::TimeDelta::FromMilliseconds(1), |
| 1445 base::TimeDelta::FromMinutes(10), 100); |
| 1444 if (!reused_socket_) { | 1446 if (!reused_socket_) { |
| 1445 UMA_HISTOGRAM_CLIPPED_TIMES( | 1447 UMA_HISTOGRAM_CLIPPED_TIMES( |
| 1446 "Net.Transaction_Latency_Total_New_Connection_Under_10", | 1448 "Net.Transaction_Latency_Total_New_Connection_Under_10", |
| 1447 total_duration, base::TimeDelta::FromMilliseconds(1), | 1449 total_duration, base::TimeDelta::FromMilliseconds(1), |
| 1448 base::TimeDelta::FromMinutes(10), 100); | 1450 base::TimeDelta::FromMinutes(10), 100); |
| 1449 } | 1451 } |
| 1450 } | 1452 } |
| 1451 | 1453 |
| 1452 void HttpNetworkTransaction::LogBlockedTunnelResponse( | 1454 void HttpNetworkTransaction::LogBlockedTunnelResponse( |
| 1453 int response_code) const { | 1455 int response_code) const { |
| 1454 LOG(WARNING) << "Blocked proxy response with status " << response_code | 1456 LOG(WARNING) << "Blocked proxy response with status " << response_code |
| 1455 << " to CONNECT request for " | 1457 << " to CONNECT request for " |
| 1456 << GetHostAndPort(request_->url) << "."; | 1458 << GetHostAndPort(request_->url) << "."; |
| 1457 } | 1459 } |
| 1458 | 1460 |
| 1459 int HttpNetworkTransaction::HandleCertificateError(int error) { | 1461 int HttpNetworkTransaction::HandleCertificateError(int error) { |
| 1460 DCHECK(using_ssl_); | 1462 DCHECK(using_ssl_); |
| 1461 DCHECK(IsCertificateError(error)); | 1463 DCHECK(IsCertificateError(error)); |
| 1462 | 1464 |
| 1463 SSLClientSocket* ssl_socket = | 1465 SSLClientSocket* ssl_socket = |
| 1464 reinterpret_cast<SSLClientSocket*>(connection_->socket()); | 1466 reinterpret_cast<SSLClientSocket*>(connection_->socket()); |
| 1465 ssl_socket->GetSSLInfo(&response_.ssl_info); | 1467 ssl_socket->GetSSLInfo(&response_.ssl_info); |
| 1466 | 1468 |
| 1467 // Add the bad certificate to the set of allowed certificates in the | 1469 // Add the bad certificate to the set of allowed certificates in the |
| 1468 // SSL info object. This data structure will be consulted after calling | 1470 // SSL info object. This data structure will be consulted after calling |
| 1469 // RestartIgnoringLastError(). And the user will be asked interactively | 1471 // RestartIgnoringLastError(). And the user will be asked interactively |
| 1470 // before RestartIgnoringLastError() is ever called. | 1472 // before RestartIgnoringLastError() is ever called. |
| 1471 SSLConfig::CertAndStatus bad_cert; | 1473 SSLConfig::CertAndStatus bad_cert; |
| 1472 bad_cert.cert = response_.ssl_info.cert; | 1474 bad_cert.cert = response_.ssl_info.cert; |
| 1473 bad_cert.cert_status = response_.ssl_info.cert_status; | 1475 bad_cert.cert_status = response_.ssl_info.cert_status; |
| 1474 ssl_config_.allowed_bad_certs.push_back(bad_cert); | 1476 ssl_config_.allowed_bad_certs.push_back(bad_cert); |
| (...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1516 ssl_socket->GetSSLCertRequestInfo(response_.cert_request_info); | 1518 ssl_socket->GetSSLCertRequestInfo(response_.cert_request_info); |
| 1517 | 1519 |
| 1518 // Close the connection while the user is selecting a certificate to send | 1520 // Close the connection while the user is selecting a certificate to send |
| 1519 // to the server. | 1521 // to the server. |
| 1520 connection_->socket()->Disconnect(); | 1522 connection_->socket()->Disconnect(); |
| 1521 connection_->Reset(); | 1523 connection_->Reset(); |
| 1522 | 1524 |
| 1523 // If the user selected one of the certificate in client_certs for this | 1525 // If the user selected one of the certificate in client_certs for this |
| 1524 // server before, use it automatically. | 1526 // server before, use it automatically. |
| 1525 X509Certificate* client_cert = session_->ssl_client_auth_cache()-> | 1527 X509Certificate* client_cert = session_->ssl_client_auth_cache()-> |
| 1526 Lookup(GetHostAndPort(request_->url)); | 1528 Lookup(GetHostAndPort(request_->url)); |
| 1527 if (client_cert) { | 1529 if (client_cert) { |
| 1528 const std::vector<scoped_refptr<X509Certificate> >& client_certs = | 1530 const std::vector<scoped_refptr<X509Certificate> >& client_certs = |
| 1529 response_.cert_request_info->client_certs; | 1531 response_.cert_request_info->client_certs; |
| 1530 for (size_t i = 0; i < client_certs.size(); ++i) { | 1532 for (size_t i = 0; i < client_certs.size(); ++i) { |
| 1531 if (client_cert->fingerprint().Equals(client_certs[i]->fingerprint())) { | 1533 if (client_cert->fingerprint().Equals(client_certs[i]->fingerprint())) { |
| 1532 ssl_config_.client_cert = client_cert; | 1534 ssl_config_.client_cert = client_cert; |
| 1533 ssl_config_.send_client_cert = true; | 1535 ssl_config_.send_client_cert = true; |
| 1534 next_state_ = STATE_INIT_CONNECTION; | 1536 next_state_ = STATE_INIT_CONNECTION; |
| 1535 // Reset the other member variables. | 1537 // Reset the other member variables. |
| 1536 // Note: this is necessary only with SSL renegotiation. | 1538 // Note: this is necessary only with SSL renegotiation. |
| 1537 ResetStateForRestart(); | 1539 ResetStateForRestart(); |
| 1538 return OK; | 1540 return OK; |
| 1539 } | 1541 } |
| 1540 } | 1542 } |
| 1541 } | 1543 } |
| 1542 return error; | 1544 return error; |
| 1543 } | 1545 } |
| 1544 | 1546 |
| 1545 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { | 1547 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { |
| 1546 if (ssl_config_.send_client_cert && | 1548 if (ssl_config_.send_client_cert && |
| 1547 (error == ERR_SSL_PROTOCOL_ERROR || | 1549 (error == ERR_SSL_PROTOCOL_ERROR || |
| 1548 error == ERR_BAD_SSL_CLIENT_AUTH_CERT)) { | 1550 error == ERR_BAD_SSL_CLIENT_AUTH_CERT)) { |
| 1549 session_->ssl_client_auth_cache()->Remove(GetHostAndPort(request_->url)); | 1551 session_->ssl_client_auth_cache()->Remove(GetHostAndPort(request_->url)); |
| 1550 } | 1552 } |
| 1551 | 1553 |
| 1552 switch (error) { | 1554 switch (error) { |
| 1553 case ERR_SSL_PROTOCOL_ERROR: | 1555 case ERR_SSL_PROTOCOL_ERROR: |
| 1554 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: | 1556 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: |
| 1555 case ERR_SSL_DECOMPRESSION_FAILURE_ALERT: | 1557 case ERR_SSL_DECOMPRESSION_FAILURE_ALERT: |
| 1556 if (ssl_config_.tls1_enabled) { | 1558 if (ssl_config_.tls1_enabled) { |
| 1557 // This could be a TLS-intolerant server or an SSL 3.0 server that | 1559 // This could be a TLS-intolerant server or an SSL 3.0 server that |
| 1558 // chose a TLS-only cipher suite. Turn off TLS 1.0 and retry. | 1560 // chose a TLS-only cipher suite. Turn off TLS 1.0 and retry. |
| (...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1890 } | 1892 } |
| 1891 | 1893 |
| 1892 int HttpNetworkTransaction::HandleAuthChallenge() { | 1894 int HttpNetworkTransaction::HandleAuthChallenge() { |
| 1893 scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders(); | 1895 scoped_refptr<HttpResponseHeaders> headers = GetResponseHeaders(); |
| 1894 DCHECK(headers); | 1896 DCHECK(headers); |
| 1895 | 1897 |
| 1896 int status = headers->response_code(); | 1898 int status = headers->response_code(); |
| 1897 if (status != 401 && status != 407) | 1899 if (status != 401 && status != 407) |
| 1898 return OK; | 1900 return OK; |
| 1899 HttpAuth::Target target = status == 407 ? | 1901 HttpAuth::Target target = status == 407 ? |
| 1900 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER; | 1902 HttpAuth::AUTH_PROXY : HttpAuth::AUTH_SERVER; |
| 1901 GURL auth_origin = AuthOrigin(target); | 1903 GURL auth_origin = AuthOrigin(target); |
| 1902 | 1904 |
| 1903 LOG(INFO) << "The " << AuthTargetString(target) << " " | 1905 LOG(INFO) << "The " << AuthTargetString(target) << " " |
| 1904 << auth_origin << " requested auth" | 1906 << auth_origin << " requested auth" |
| 1905 << AuthChallengeLogMessage(); | 1907 << AuthChallengeLogMessage(); |
| 1906 | 1908 |
| 1907 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct()) | 1909 if (target == HttpAuth::AUTH_PROXY && proxy_info_.is_direct()) |
| 1908 return ERR_UNEXPECTED_PROXY_AUTH; | 1910 return ERR_UNEXPECTED_PROXY_AUTH; |
| 1909 | 1911 |
| 1910 // The auth we tried just failed, hence it can't be valid. Remove it from | 1912 // The auth we tried just failed, hence it can't be valid. Remove it from |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2007 endpoint_); | 2009 endpoint_); |
| 2008 | 2010 |
| 2009 alternate_protocol_mode_ = kDoNotUseAlternateProtocol; | 2011 alternate_protocol_mode_ = kDoNotUseAlternateProtocol; |
| 2010 if (connection_->socket()) | 2012 if (connection_->socket()) |
| 2011 connection_->socket()->Disconnect(); | 2013 connection_->socket()->Disconnect(); |
| 2012 connection_->Reset(); | 2014 connection_->Reset(); |
| 2013 next_state_ = STATE_INIT_CONNECTION; | 2015 next_state_ = STATE_INIT_CONNECTION; |
| 2014 } | 2016 } |
| 2015 | 2017 |
| 2016 } // namespace net | 2018 } // namespace net |
| OLD | NEW |