Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(596)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_network_transaction.cc

Issue 4339001: Correctly handle SSL Client Authentication requests when connecting... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Addressing eroman's feedback Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « jingle/notifier/base/xmpp_client_socket_factory.cc ('k') | net/http/http_network_transaction_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_network_transaction.h" 5 #include "net/http/http_network_transaction.h"
6 6
7 #include <set> 7 #include <set>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after
165 X509Certificate* client_cert, 165 X509Certificate* client_cert,
166 CompletionCallback* callback) { 166 CompletionCallback* callback) {
167 // In HandleCertificateRequest(), we always tear down existing stream 167 // In HandleCertificateRequest(), we always tear down existing stream
168 // requests to force a new connection. So we shouldn't have one here. 168 // requests to force a new connection. So we shouldn't have one here.
169 DCHECK(!stream_request_.get()); 169 DCHECK(!stream_request_.get());
170 DCHECK(!stream_.get()); 170 DCHECK(!stream_.get());
171 DCHECK_EQ(STATE_NONE, next_state_); 171 DCHECK_EQ(STATE_NONE, next_state_);
172 172
173 ssl_config_.client_cert = client_cert; 173 ssl_config_.client_cert = client_cert;
174 if (client_cert) { 174 if (client_cert) {
175 session_->ssl_client_auth_cache()->Add(GetHostAndPort(request_->url), 175 session_->ssl_client_auth_cache()->Add(
176 client_cert); 176 response_.cert_request_info->host_and_port, client_cert);
177 } 177 }
178 ssl_config_.send_client_cert = true; 178 ssl_config_.send_client_cert = true;
179 // Reset the other member variables. 179 // Reset the other member variables.
180 // Note: this is necessary only with SSL renegotiation. 180 // Note: this is necessary only with SSL renegotiation.
181 ResetStateForRestart(); 181 ResetStateForRestart();
182 next_state_ = STATE_CREATE_STREAM; 182 next_state_ = STATE_CREATE_STREAM;
183 int rv = DoLoop(OK); 183 int rv = DoLoop(OK);
184 if (rv == ERR_IO_PENDING) 184 if (rv == ERR_IO_PENDING)
185 user_callback_ = callback; 185 user_callback_ = callback;
186 return rv; 186 return rv;
(...skipping 779 matching lines...) Expand 10 before | Expand all | Expand 10 after
966 stream_->Close(true); 966 stream_->Close(true);
967 stream_.reset(); 967 stream_.reset();
968 } 968 }
969 969
970 // The server is asking for a client certificate during the initial 970 // The server is asking for a client certificate during the initial
971 // handshake. 971 // handshake.
972 stream_request_.reset(); 972 stream_request_.reset();
973 973
974 // If the user selected one of the certificate in client_certs for this 974 // If the user selected one of the certificate in client_certs for this
975 // server before, use it automatically. 975 // server before, use it automatically.
976 X509Certificate* client_cert = session_->ssl_client_auth_cache()-> 976 X509Certificate* client_cert = session_->ssl_client_auth_cache()->Lookup(
977 Lookup(GetHostAndPort(request_->url)); 977 response_.cert_request_info->host_and_port);
978 if (client_cert) { 978 if (client_cert) {
979 const std::vector<scoped_refptr<X509Certificate> >& client_certs = 979 const std::vector<scoped_refptr<X509Certificate> >& client_certs =
980 response_.cert_request_info->client_certs; 980 response_.cert_request_info->client_certs;
981 for (size_t i = 0; i < client_certs.size(); ++i) { 981 for (size_t i = 0; i < client_certs.size(); ++i) {
982 if (client_cert->fingerprint().Equals(client_certs[i]->fingerprint())) { 982 if (client_cert->fingerprint().Equals(client_certs[i]->fingerprint())) {
983 // TODO(davidben): Add a unit test which covers this path; we need to be 983 // TODO(davidben): Add a unit test which covers this path; we need to be
984 // able to send a legitimate certificate and also bypass/clear the 984 // able to send a legitimate certificate and also bypass/clear the
985 // SSL session cache. 985 // SSL session cache.
986 ssl_config_.client_cert = client_cert; 986 ssl_config_.client_cert = client_cert;
987 ssl_config_.send_client_cert = true; 987 ssl_config_.send_client_cert = true;
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after
1165 default: 1165 default:
1166 return priority; 1166 return priority;
1167 } 1167 }
1168 } 1168 }
1169 1169
1170 1170
1171 1171
1172 #undef STATE_CASE 1172 #undef STATE_CASE
1173 1173
1174 } // namespace net 1174 } // namespace net
OLDNEW
« no previous file with comments | « jingle/notifier/base/xmpp_client_socket_factory.cc ('k') | net/http/http_network_transaction_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698