Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(325)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_pool.cc

Issue 4339001: Correctly handle SSL Client Authentication requests when connecting... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Rebase... Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/socket/client_socket_factory.h ('K') | « net/socket/ssl_client_socket_pool.h ('k') | net/socket/ssl_client_socket_pool_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_pool.h" 5 #include "net/socket/ssl_client_socket_pool.h"
6 6
7 #include "base/metrics/histogram.h" 7 #include "base/metrics/histogram.h"
8 #include "base/values.h" 8 #include "base/values.h"
9 #include "net/base/net_errors.h" 9 #include "net/base/net_errors.h"
10 #include "net/base/ssl_cert_request_info.h" 10 #include "net/base/ssl_cert_request_info.h"
11 #include "net/http/http_proxy_client_socket.h" 11 #include "net/http/http_proxy_client_socket.h"
12 #include "net/http/http_proxy_client_socket_pool.h" 12 #include "net/http/http_proxy_client_socket_pool.h"
13 #include "net/socket/client_socket_factory.h" 13 #include "net/socket/client_socket_factory.h"
14 #include "net/socket/client_socket_handle.h" 14 #include "net/socket/client_socket_handle.h"
15 #include "net/socket/socks_client_socket_pool.h" 15 #include "net/socket/socks_client_socket_pool.h"
16 #include "net/socket/ssl_client_socket.h" 16 #include "net/socket/ssl_client_socket.h"
17 #include "net/socket/ssl_host_info.h" 17 #include "net/socket/ssl_host_info.h"
18 #include "net/socket/tcp_client_socket_pool.h" 18 #include "net/socket/tcp_client_socket_pool.h"
19 19
20 namespace net { 20 namespace net {
21 21
22 SSLSocketParams::SSLSocketParams( 22 SSLSocketParams::SSLSocketParams(
23 const scoped_refptr<TCPSocketParams>& tcp_params, 23 const scoped_refptr<TCPSocketParams>& tcp_params,
24 const scoped_refptr<SOCKSSocketParams>& socks_params, 24 const scoped_refptr<SOCKSSocketParams>& socks_params,
25 const scoped_refptr<HttpProxySocketParams>& http_proxy_params, 25 const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
26 ProxyServer::Scheme proxy, 26 ProxyServer::Scheme proxy,
27 const std::string& hostname, 27 const std::string& hostname,
28 uint16 port,
28 const SSLConfig& ssl_config, 29 const SSLConfig& ssl_config,
29 int load_flags, 30 int load_flags,
30 bool force_spdy_over_ssl, 31 bool force_spdy_over_ssl,
31 bool want_spdy_over_npn) 32 bool want_spdy_over_npn)
32 : tcp_params_(tcp_params), 33 : tcp_params_(tcp_params),
33 http_proxy_params_(http_proxy_params), 34 http_proxy_params_(http_proxy_params),
34 socks_params_(socks_params), 35 socks_params_(socks_params),
35 proxy_(proxy), 36 proxy_(proxy),
36 hostname_(hostname), 37 hostname_(hostname),
38 port_(port),
37 ssl_config_(ssl_config), 39 ssl_config_(ssl_config),
38 load_flags_(load_flags), 40 load_flags_(load_flags),
39 force_spdy_over_ssl_(force_spdy_over_ssl), 41 force_spdy_over_ssl_(force_spdy_over_ssl),
40 want_spdy_over_npn_(want_spdy_over_npn) { 42 want_spdy_over_npn_(want_spdy_over_npn) {
41 switch (proxy_) { 43 switch (proxy_) {
42 case ProxyServer::SCHEME_DIRECT: 44 case ProxyServer::SCHEME_DIRECT:
43 DCHECK(tcp_params_.get() != NULL); 45 DCHECK(tcp_params_.get() != NULL);
44 DCHECK(http_proxy_params_.get() == NULL); 46 DCHECK(http_proxy_params_.get() == NULL);
45 DCHECK(socks_params_.get() == NULL); 47 DCHECK(socks_params_.get() == NULL);
46 break; 48 break;
(...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after
241 transport_socket_handle_.reset(new ClientSocketHandle()); 243 transport_socket_handle_.reset(new ClientSocketHandle());
242 scoped_refptr<HttpProxySocketParams> http_proxy_params = 244 scoped_refptr<HttpProxySocketParams> http_proxy_params =
243 params_->http_proxy_params(); 245 params_->http_proxy_params();
244 return transport_socket_handle_->Init( 246 return transport_socket_handle_->Init(
245 group_name(), http_proxy_params, 247 group_name(), http_proxy_params,
246 http_proxy_params->destination().priority(), &callback_, 248 http_proxy_params->destination().priority(), &callback_,
247 http_proxy_pool_, net_log()); 249 http_proxy_pool_, net_log());
248 } 250 }
249 251
250 int SSLConnectJob::DoTunnelConnectComplete(int result) { 252 int SSLConnectJob::DoTunnelConnectComplete(int result) {
251 ClientSocket* socket = transport_socket_handle_->socket(); 253 // Extract the information needed to prompt for appropriate proxy
252 HttpProxyClientSocket* tunnel_socket = 254 // authentication so that when ClientSocketPoolBaseHelper calls
253 static_cast<HttpProxyClientSocket*>(socket); 255 // |GetAdditionalErrorState|, we can easily set the state.
254 256 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
255 // Extract the information needed to prompt for the proxy authentication. 257 error_response_info_ = transport_socket_handle_->ssl_error_response_info();
256 // so that when ClientSocketPoolBaseHelper calls |GetAdditionalErrorState|, 258 } else if (result == ERR_PROXY_AUTH_REQUESTED) {
257 // we can easily set the state. 259 ClientSocket* socket = transport_socket_handle_->socket();
258 if (result == ERR_PROXY_AUTH_REQUESTED) 260 HttpProxyClientSocket* tunnel_socket =
261 static_cast<HttpProxyClientSocket*>(socket);
259 error_response_info_ = *tunnel_socket->GetResponseInfo(); 262 error_response_info_ = *tunnel_socket->GetResponseInfo();
260 263 }
261 if (result < 0) 264 if (result < 0)
262 return result; 265 return result;
263 266
264 next_state_ = STATE_SSL_CONNECT; 267 next_state_ = STATE_SSL_CONNECT;
265 return result; 268 return result;
266 } 269 }
267 270
268 void SSLConnectJob::GetAdditionalErrorState(ClientSocketHandle * handle) { 271 void SSLConnectJob::GetAdditionalErrorState(ClientSocketHandle * handle) {
269 // Headers in |error_response_info_| indicate a proxy tunnel setup 272 // Headers in |error_response_info_| indicate a proxy tunnel setup
270 // problem. See DoTunnelConnectComplete. 273 // problem. See DoTunnelConnectComplete.
271 if (error_response_info_.headers) { 274 if (error_response_info_.headers) {
272 handle->set_pending_http_proxy_connection( 275 handle->set_pending_http_proxy_connection(
273 transport_socket_handle_.release()); 276 transport_socket_handle_.release());
274 } 277 }
275 handle->set_ssl_error_response_info(error_response_info_); 278 handle->set_ssl_error_response_info(error_response_info_);
276 if (!ssl_connect_start_time_.is_null()) 279 if (!ssl_connect_start_time_.is_null())
277 handle->set_is_ssl_error(true); 280 handle->set_is_ssl_error(true);
278 } 281 }
279 282
280 int SSLConnectJob::DoSSLConnect() { 283 int SSLConnectJob::DoSSLConnect() {
281 next_state_ = STATE_SSL_CONNECT_COMPLETE; 284 next_state_ = STATE_SSL_CONNECT_COMPLETE;
282 // Reset the timeout to just the time allowed for the SSL handshake. 285 // Reset the timeout to just the time allowed for the SSL handshake.
283 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds)); 286 ResetTimer(base::TimeDelta::FromSeconds(kSSLHandshakeTimeoutInSeconds));
284 ssl_connect_start_time_ = base::TimeTicks::Now(); 287 ssl_connect_start_time_ = base::TimeTicks::Now();
285 288
286 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket( 289 ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
287 transport_socket_handle_.release(), params_->hostname(), 290 transport_socket_handle_.release(), params_->hostname(),
288 params_->ssl_config(), ssl_host_info_.release(), 291 params_->port(), params_->ssl_config(), ssl_host_info_.release(),
289 dnsrr_resolver_)); 292 dnsrr_resolver_));
290 return ssl_socket_->Connect(&callback_); 293 return ssl_socket_->Connect(&callback_);
291 } 294 }
292 295
293 int SSLConnectJob::DoSSLConnectComplete(int result) { 296 int SSLConnectJob::DoSSLConnectComplete(int result) {
294 SSLClientSocket::NextProtoStatus status = 297 SSLClientSocket::NextProtoStatus status =
295 SSLClientSocket::kNextProtoUnsupported; 298 SSLClientSocket::kNextProtoUnsupported;
296 std::string proto; 299 std::string proto;
297 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket 300 // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket
298 // that hasn't had SSL_ImportFD called on it. If we get a certificate error 301 // that hasn't had SSL_ImportFD called on it. If we get a certificate error
299 // here, then we know that we called SSL_ImportFD. 302 // here, then we know that we called SSL_ImportFD.
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after
507 list->Append(http_proxy_pool_->GetInfoAsValue("http_proxy_pool", 510 list->Append(http_proxy_pool_->GetInfoAsValue("http_proxy_pool",
508 "http_proxy_pool", 511 "http_proxy_pool",
509 true)); 512 true));
510 } 513 }
511 dict->Set("nested_pools", list); 514 dict->Set("nested_pools", list);
512 } 515 }
513 return dict; 516 return dict;
514 } 517 }
515 518
516 } // namespace net 519 } // namespace net
OLDNEW
« net/socket/client_socket_factory.h ('K') | « net/socket/ssl_client_socket_pool.h ('k') | net/socket/ssl_client_socket_pool_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698