Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(208)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_stream_request.cc

Issue 4339001: Correctly handle SSL Client Authentication requests when connecting... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Rebase... Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/http/http_stream_request.h ('k') | net/socket/client_socket_factory.h » ('j') | net/socket/client_socket_factory.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_stream_request.h" 5 #include "net/http/http_stream_request.h"
6 6
7 #include "base/stl_util-inl.h" 7 #include "base/stl_util-inl.h"
8 #include "base/string_number_conversions.h" 8 #include "base/string_number_conversions.h"
9 #include "base/string_util.h" 9 #include "base/string_util.h"
10 #include "base/stringprintf.h" 10 #include "base/stringprintf.h"
(...skipping 487 matching lines...) Expand 10 before | Expand all | Expand 10 after
498 // changed. 498 // changed.
499 authentication_url = UpgradeUrlToHttps(authentication_url); 499 authentication_url = UpgradeUrlToHttps(authentication_url);
500 } 500 }
501 establishing_tunnel_ = using_ssl_; 501 establishing_tunnel_ = using_ssl_;
502 std::string user_agent; 502 std::string user_agent;
503 request_info().extra_headers.GetHeader(HttpRequestHeaders::kUserAgent, 503 request_info().extra_headers.GetHeader(HttpRequestHeaders::kUserAgent,
504 &user_agent); 504 &user_agent);
505 scoped_refptr<SSLSocketParams> ssl_params; 505 scoped_refptr<SSLSocketParams> ssl_params;
506 if (proxy_info()->is_https()) { 506 if (proxy_info()->is_https()) {
507 // Set ssl_params, and unset proxy_tcp_params 507 // Set ssl_params, and unset proxy_tcp_params
508 ssl_params = GenerateSslParams(proxy_tcp_params, NULL, NULL, 508 ssl_params = GenerateSSLParams(proxy_tcp_params, NULL, NULL,
509 ProxyServer::SCHEME_DIRECT, 509 ProxyServer::SCHEME_DIRECT,
510 proxy_host_port->host(), 510 proxy_host_port->host(),
511 proxy_host_port->port(),
511 want_spdy_over_npn); 512 want_spdy_over_npn);
512 proxy_tcp_params = NULL; 513 proxy_tcp_params = NULL;
513 } 514 }
514 515
515 http_proxy_params = 516 http_proxy_params =
516 new HttpProxySocketParams(proxy_tcp_params, 517 new HttpProxySocketParams(proxy_tcp_params,
517 ssl_params, 518 ssl_params,
518 authentication_url, 519 authentication_url,
519 user_agent, 520 user_agent,
520 endpoint_, 521 endpoint_,
(...skipping 16 matching lines...) Expand all
537 socks_version == '5', 538 socks_version == '5',
538 endpoint_, 539 endpoint_,
539 request_info().priority, 540 request_info().priority,
540 request_info().referrer); 541 request_info().referrer);
541 } 542 }
542 } 543 }
543 544
544 // Deal with SSL - which layers on top of any given proxy. 545 // Deal with SSL - which layers on top of any given proxy.
545 if (using_ssl_) { 546 if (using_ssl_) {
546 scoped_refptr<SSLSocketParams> ssl_params = 547 scoped_refptr<SSLSocketParams> ssl_params =
547 GenerateSslParams(tcp_params, http_proxy_params, socks_params, 548 GenerateSSLParams(tcp_params, http_proxy_params, socks_params,
548 proxy_info()->proxy_server().scheme(), 549 proxy_info()->proxy_server().scheme(),
549 request_info().url.HostNoBrackets(), 550 request_info().url.HostNoBrackets(),
551 request_info().url.EffectiveIntPort(),
550 want_spdy_over_npn); 552 want_spdy_over_npn);
551 SSLClientSocketPool* ssl_pool = NULL; 553 SSLClientSocketPool* ssl_pool = NULL;
552 if (proxy_info()->is_direct()) 554 if (proxy_info()->is_direct())
553 ssl_pool = session_->ssl_socket_pool(); 555 ssl_pool = session_->ssl_socket_pool();
554 else 556 else
555 ssl_pool = session_->GetSocketPoolForSSLWithProxy(*proxy_host_port); 557 ssl_pool = session_->GetSocketPoolForSSLWithProxy(*proxy_host_port);
556 558
557 if (preconnect_delegate_) { 559 if (preconnect_delegate_) {
558 RequestSocketsForPool(ssl_pool, connection_group, ssl_params, 560 RequestSocketsForPool(ssl_pool, connection_group, ssl_params,
559 num_streams_, net_log_); 561 num_streams_, net_log_);
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
821 connection_->socket()->SetOmniboxSpeculation(); 823 connection_->socket()->SetOmniboxSpeculation();
822 // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED). 824 // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED).
823 } 825 }
824 826
825 bool HttpStreamRequest::IsHttpsProxyAndHttpUrl() { 827 bool HttpStreamRequest::IsHttpsProxyAndHttpUrl() {
826 return proxy_info()->is_https() && request_info().url.SchemeIs("http"); 828 return proxy_info()->is_https() && request_info().url.SchemeIs("http");
827 } 829 }
828 830
829 // Returns a newly create SSLSocketParams, and sets several 831 // Returns a newly create SSLSocketParams, and sets several
830 // fields of ssl_config_. 832 // fields of ssl_config_.
831 scoped_refptr<SSLSocketParams> HttpStreamRequest::GenerateSslParams( 833 scoped_refptr<SSLSocketParams> HttpStreamRequest::GenerateSSLParams(
832 scoped_refptr<TCPSocketParams> tcp_params, 834 scoped_refptr<TCPSocketParams> tcp_params,
833 scoped_refptr<HttpProxySocketParams> http_proxy_params, 835 scoped_refptr<HttpProxySocketParams> http_proxy_params,
834 scoped_refptr<SOCKSSocketParams> socks_params, 836 scoped_refptr<SOCKSSocketParams> socks_params,
835 ProxyServer::Scheme proxy_scheme, 837 ProxyServer::Scheme proxy_scheme,
836 std::string hostname, 838 std::string hostname,
839 uint16 port,
837 bool want_spdy_over_npn) { 840 bool want_spdy_over_npn) {
838 841
839 if (factory_->IsTLSIntolerantServer(request_info().url)) { 842 if (factory_->IsTLSIntolerantServer(request_info().url)) {
840 LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: " 843 LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: "
841 << GetHostAndPort(request_info().url); 844 << GetHostAndPort(request_info().url);
842 ssl_config()->ssl3_fallback = true; 845 ssl_config()->ssl3_fallback = true;
843 ssl_config()->tls1_enabled = false; 846 ssl_config()->tls1_enabled = false;
844 } 847 }
845 848
846 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback", 849 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback",
847 static_cast<int>(ssl_config()->ssl3_fallback), 2); 850 static_cast<int>(ssl_config()->ssl3_fallback), 2);
848 851
849 int load_flags = request_info().load_flags; 852 int load_flags = request_info().load_flags;
850 if (HttpStreamFactory::ignore_certificate_errors()) 853 if (HttpStreamFactory::ignore_certificate_errors())
851 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; 854 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
852 if (request_info().load_flags & LOAD_VERIFY_EV_CERT) 855 if (request_info().load_flags & LOAD_VERIFY_EV_CERT)
853 ssl_config()->verify_ev_cert = true; 856 ssl_config()->verify_ev_cert = true;
854 857
855 if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP || 858 if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP ||
856 proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTPS) { 859 proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTPS) {
857 ssl_config()->mitm_proxies_allowed = true; 860 ssl_config()->mitm_proxies_allowed = true;
858 } 861 }
859 862
860 scoped_refptr<SSLSocketParams> ssl_params( 863 scoped_refptr<SSLSocketParams> ssl_params(
861 new SSLSocketParams(tcp_params, socks_params, http_proxy_params, 864 new SSLSocketParams(tcp_params, socks_params, http_proxy_params,
862 proxy_scheme, hostname, 865 proxy_scheme, hostname, port,
863 *ssl_config(), load_flags, 866 *ssl_config(), load_flags,
864 force_spdy_always_ && force_spdy_over_ssl_, 867 force_spdy_always_ && force_spdy_over_ssl_,
865 want_spdy_over_npn)); 868 want_spdy_over_npn));
866 869
867 return ssl_params; 870 return ssl_params;
868 } 871 }
869 872
870 873
871 void HttpStreamRequest::MarkBrokenAlternateProtocolAndFallback() { 874 void HttpStreamRequest::MarkBrokenAlternateProtocolAndFallback() {
872 // We have to: 875 // We have to:
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after
1039 base::TimeDelta::FromMinutes(6), 1042 base::TimeDelta::FromMinutes(6),
1040 100); 1043 100);
1041 break; 1044 break;
1042 default: 1045 default:
1043 NOTREACHED(); 1046 NOTREACHED();
1044 break; 1047 break;
1045 } 1048 }
1046 } 1049 }
1047 1050
1048 } // namespace net 1051 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_stream_request.h ('k') | net/socket/client_socket_factory.h » ('j') | net/socket/client_socket_factory.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698