| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_stream_request.h" | 5 #include "net/http/http_stream_request.h" |
| 6 | 6 |
| 7 #include "base/stl_util-inl.h" | 7 #include "base/stl_util-inl.h" |
| 8 #include "base/string_number_conversions.h" | 8 #include "base/string_number_conversions.h" |
| 9 #include "base/string_util.h" | 9 #include "base/string_util.h" |
| 10 #include "base/stringprintf.h" | 10 #include "base/stringprintf.h" |
| (...skipping 490 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 501 establishing_tunnel_ = using_ssl_; | 501 establishing_tunnel_ = using_ssl_; |
| 502 std::string user_agent; | 502 std::string user_agent; |
| 503 request_info().extra_headers.GetHeader(HttpRequestHeaders::kUserAgent, | 503 request_info().extra_headers.GetHeader(HttpRequestHeaders::kUserAgent, |
| 504 &user_agent); | 504 &user_agent); |
| 505 scoped_refptr<SSLSocketParams> ssl_params; | 505 scoped_refptr<SSLSocketParams> ssl_params; |
| 506 if (proxy_info()->is_https()) { | 506 if (proxy_info()->is_https()) { |
| 507 // Set ssl_params, and unset proxy_tcp_params | 507 // Set ssl_params, and unset proxy_tcp_params |
| 508 ssl_params = GenerateSslParams(proxy_tcp_params, NULL, NULL, | 508 ssl_params = GenerateSslParams(proxy_tcp_params, NULL, NULL, |
| 509 ProxyServer::SCHEME_DIRECT, | 509 ProxyServer::SCHEME_DIRECT, |
| 510 proxy_host_port->host(), | 510 proxy_host_port->host(), |
| 511 proxy_host_port->port(), |
| 511 want_spdy_over_npn); | 512 want_spdy_over_npn); |
| 512 proxy_tcp_params = NULL; | 513 proxy_tcp_params = NULL; |
| 513 } | 514 } |
| 514 | 515 |
| 515 http_proxy_params = | 516 http_proxy_params = |
| 516 new HttpProxySocketParams(proxy_tcp_params, | 517 new HttpProxySocketParams(proxy_tcp_params, |
| 517 ssl_params, | 518 ssl_params, |
| 518 authentication_url, | 519 authentication_url, |
| 519 user_agent, | 520 user_agent, |
| 520 endpoint_, | 521 endpoint_, |
| (...skipping 19 matching lines...) Expand all Loading... |
| 540 request_info().referrer); | 541 request_info().referrer); |
| 541 } | 542 } |
| 542 } | 543 } |
| 543 | 544 |
| 544 // Deal with SSL - which layers on top of any given proxy. | 545 // Deal with SSL - which layers on top of any given proxy. |
| 545 if (using_ssl_) { | 546 if (using_ssl_) { |
| 546 scoped_refptr<SSLSocketParams> ssl_params = | 547 scoped_refptr<SSLSocketParams> ssl_params = |
| 547 GenerateSslParams(tcp_params, http_proxy_params, socks_params, | 548 GenerateSslParams(tcp_params, http_proxy_params, socks_params, |
| 548 proxy_info()->proxy_server().scheme(), | 549 proxy_info()->proxy_server().scheme(), |
| 549 request_info().url.HostNoBrackets(), | 550 request_info().url.HostNoBrackets(), |
| 551 request_info().url.EffectiveIntPort(), |
| 550 want_spdy_over_npn); | 552 want_spdy_over_npn); |
| 551 SSLClientSocketPool* ssl_pool = NULL; | 553 SSLClientSocketPool* ssl_pool = NULL; |
| 552 if (proxy_info()->is_direct()) | 554 if (proxy_info()->is_direct()) |
| 553 ssl_pool = session_->ssl_socket_pool(); | 555 ssl_pool = session_->ssl_socket_pool(); |
| 554 else | 556 else |
| 555 ssl_pool = session_->GetSocketPoolForSSLWithProxy(*proxy_host_port); | 557 ssl_pool = session_->GetSocketPoolForSSLWithProxy(*proxy_host_port); |
| 556 | 558 |
| 557 if (preconnect_delegate_) { | 559 if (preconnect_delegate_) { |
| 558 RequestSocketsForPool(ssl_pool, connection_group, ssl_params, | 560 RequestSocketsForPool(ssl_pool, connection_group, ssl_params, |
| 559 num_streams_, net_log_); | 561 num_streams_, net_log_); |
| (...skipping 267 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 827 } | 829 } |
| 828 | 830 |
| 829 // Returns a newly create SSLSocketParams, and sets several | 831 // Returns a newly create SSLSocketParams, and sets several |
| 830 // fields of ssl_config_. | 832 // fields of ssl_config_. |
| 831 scoped_refptr<SSLSocketParams> HttpStreamRequest::GenerateSslParams( | 833 scoped_refptr<SSLSocketParams> HttpStreamRequest::GenerateSslParams( |
| 832 scoped_refptr<TCPSocketParams> tcp_params, | 834 scoped_refptr<TCPSocketParams> tcp_params, |
| 833 scoped_refptr<HttpProxySocketParams> http_proxy_params, | 835 scoped_refptr<HttpProxySocketParams> http_proxy_params, |
| 834 scoped_refptr<SOCKSSocketParams> socks_params, | 836 scoped_refptr<SOCKSSocketParams> socks_params, |
| 835 ProxyServer::Scheme proxy_scheme, | 837 ProxyServer::Scheme proxy_scheme, |
| 836 std::string hostname, | 838 std::string hostname, |
| 839 uint16 port, |
| 837 bool want_spdy_over_npn) { | 840 bool want_spdy_over_npn) { |
| 838 | 841 |
| 839 if (factory_->IsTLSIntolerantServer(request_info().url)) { | 842 if (factory_->IsTLSIntolerantServer(request_info().url)) { |
| 840 LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: " | 843 LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: " |
| 841 << GetHostAndPort(request_info().url); | 844 << GetHostAndPort(request_info().url); |
| 842 ssl_config()->ssl3_fallback = true; | 845 ssl_config()->ssl3_fallback = true; |
| 843 ssl_config()->tls1_enabled = false; | 846 ssl_config()->tls1_enabled = false; |
| 844 } | 847 } |
| 845 | 848 |
| 846 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback", | 849 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback", |
| 847 static_cast<int>(ssl_config()->ssl3_fallback), 2); | 850 static_cast<int>(ssl_config()->ssl3_fallback), 2); |
| 848 | 851 |
| 849 int load_flags = request_info().load_flags; | 852 int load_flags = request_info().load_flags; |
| 850 if (HttpStreamFactory::ignore_certificate_errors()) | 853 if (HttpStreamFactory::ignore_certificate_errors()) |
| 851 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; | 854 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; |
| 852 if (request_info().load_flags & LOAD_VERIFY_EV_CERT) | 855 if (request_info().load_flags & LOAD_VERIFY_EV_CERT) |
| 853 ssl_config()->verify_ev_cert = true; | 856 ssl_config()->verify_ev_cert = true; |
| 854 | 857 |
| 855 if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP || | 858 if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP || |
| 856 proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTPS) { | 859 proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTPS) { |
| 857 ssl_config()->mitm_proxies_allowed = true; | 860 ssl_config()->mitm_proxies_allowed = true; |
| 858 } | 861 } |
| 859 | 862 |
| 860 scoped_refptr<SSLSocketParams> ssl_params( | 863 scoped_refptr<SSLSocketParams> ssl_params( |
| 861 new SSLSocketParams(tcp_params, socks_params, http_proxy_params, | 864 new SSLSocketParams(tcp_params, socks_params, http_proxy_params, |
| 862 proxy_scheme, hostname, | 865 proxy_scheme, hostname, port, |
| 863 *ssl_config(), load_flags, | 866 *ssl_config(), load_flags, |
| 864 force_spdy_always_ && force_spdy_over_ssl_, | 867 force_spdy_always_ && force_spdy_over_ssl_, |
| 865 want_spdy_over_npn)); | 868 want_spdy_over_npn)); |
| 866 | 869 |
| 867 return ssl_params; | 870 return ssl_params; |
| 868 } | 871 } |
| 869 | 872 |
| 870 | 873 |
| 871 void HttpStreamRequest::MarkBrokenAlternateProtocolAndFallback() { | 874 void HttpStreamRequest::MarkBrokenAlternateProtocolAndFallback() { |
| 872 // We have to: | 875 // We have to: |
| (...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1039 base::TimeDelta::FromMinutes(6), | 1042 base::TimeDelta::FromMinutes(6), |
| 1040 100); | 1043 100); |
| 1041 break; | 1044 break; |
| 1042 default: | 1045 default: |
| 1043 NOTREACHED(); | 1046 NOTREACHED(); |
| 1044 break; | 1047 break; |
| 1045 } | 1048 } |
| 1046 } | 1049 } |
| 1047 | 1050 |
| 1048 } // namespace net | 1051 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4339001:
Correctly handle SSL Client Authentication requests when connecting... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/