Correctly handle SSL Client Authentication requests when connecting...

net/http/http_stream_request.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_stream_request.h"
 
 #include "base/stl_util-inl.h"
 #include "base/string_number_conversions.h"
 #include "base/string_util.h"
 #include "base/stringprintf.h"
@@ skipping 487 matching lines @@
         // changed.
         authentication_url = UpgradeUrlToHttps(authentication_url);
       }
       establishing_tunnel_ = using_ssl_;
       std::string user_agent;
       request_info().extra_headers.GetHeader(HttpRequestHeaders::kUserAgent,
                                              &user_agent);
       scoped_refptr<SSLSocketParams> ssl_params;
       if (proxy_info()->is_https()) {
         // Set ssl_params, and unset proxy_tcp_params
-        ssl_params = GenerateSslParams(proxy_tcp_params, NULL, NULL,
+        ssl_params = GenerateSSLParams(proxy_tcp_params, NULL, NULL,
                                        ProxyServer::SCHEME_DIRECT,
-                                       proxy_host_port->host(),
+                                       *proxy_host_port.get(),
                                        want_spdy_over_npn);
         proxy_tcp_params = NULL;
       }
 
       http_proxy_params =
           new HttpProxySocketParams(proxy_tcp_params,
                                     ssl_params,
                                     authentication_url,
                                     user_agent,
                                     endpoint_,
@@ skipping 16 matching lines @@
                                            socks_version == '5',
                                            endpoint_,
                                            request_info().priority,
                                            request_info().referrer);
     }
   }
 
   // Deal with SSL - which layers on top of any given proxy.
   if (using_ssl_) {
     scoped_refptr<SSLSocketParams> ssl_params =
-        GenerateSslParams(tcp_params, http_proxy_params, socks_params,
+        GenerateSSLParams(tcp_params, http_proxy_params, socks_params,
                           proxy_info()->proxy_server().scheme(),
-                          request_info().url.HostNoBrackets(),
+                          HostPortPair(request_info().url.HostNoBrackets(),

[eroman, 2010/11/12 01:12:56]

How about:
HostPortPair::FromURL(request_info().url)

[Ryan Hamilton, 2010/11/12 16:47:26]

Done.  Awesome!

+                                       request_info().url.EffectiveIntPort()),
                           want_spdy_over_npn);
     SSLClientSocketPool* ssl_pool = NULL;
     if (proxy_info()->is_direct())
       ssl_pool = session_->ssl_socket_pool();
     else
       ssl_pool = session_->GetSocketPoolForSSLWithProxy(*proxy_host_port);
 
     if (preconnect_delegate_) {
       RequestSocketsForPool(ssl_pool, connection_group, ssl_params,
                             num_streams_, net_log_);
@@ skipping 261 matching lines @@
     connection_->socket()->SetOmniboxSpeculation();
   // TODO(mbelshe): Add other motivations (like EARLY_LOAD_MOTIVATED).
 }
 
 bool HttpStreamRequest::IsHttpsProxyAndHttpUrl() {
   return proxy_info()->is_https() && request_info().url.SchemeIs("http");
 }
 
 // Returns a newly create SSLSocketParams, and sets several
 // fields of ssl_config_.
-scoped_refptr<SSLSocketParams> HttpStreamRequest::GenerateSslParams(
+scoped_refptr<SSLSocketParams> HttpStreamRequest::GenerateSSLParams(
     scoped_refptr<TCPSocketParams> tcp_params,
     scoped_refptr<HttpProxySocketParams> http_proxy_params,
     scoped_refptr<SOCKSSocketParams> socks_params,
     ProxyServer::Scheme proxy_scheme,
-    std::string hostname,
+    const HostPortPair& host_and_port,
     bool want_spdy_over_npn) {
 
   if (factory_->IsTLSIntolerantServer(request_info().url)) {
     LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: "
         << GetHostAndPort(request_info().url);
     ssl_config()->ssl3_fallback = true;
     ssl_config()->tls1_enabled = false;
   }
 
   UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback",
                             static_cast<int>(ssl_config()->ssl3_fallback), 2);
 
   int load_flags = request_info().load_flags;
   if (HttpStreamFactory::ignore_certificate_errors())
     load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
   if (request_info().load_flags & LOAD_VERIFY_EV_CERT)
     ssl_config()->verify_ev_cert = true;
 
   if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP ||
       proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTPS) {
     ssl_config()->mitm_proxies_allowed = true;
   }
 
   scoped_refptr<SSLSocketParams> ssl_params(
       new SSLSocketParams(tcp_params, socks_params, http_proxy_params,
-                          proxy_scheme, hostname,
+                          proxy_scheme, host_and_port,
                           *ssl_config(), load_flags,
                           force_spdy_always_ && force_spdy_over_ssl_,
                           want_spdy_over_npn));
 
   return ssl_params;
 }
 
 
 void HttpStreamRequest::MarkBrokenAlternateProtocolAndFallback() {
   // We have to:
@@ skipping 166 matching lines @@
                                  base::TimeDelta::FromMinutes(6),
                                  100);
       break;
     default:
       NOTREACHED();
       break;
   }
 }
 
 }  // namespace net