Correctly handle SSL Client Authentication requests when connecting...

net/socket/ssl_client_socket_pool.cc

Index: net/socket/ssl_client_socket_pool.cc
===================================================================
--- net/socket/ssl_client_socket_pool.cc	(revision 65205)
+++ net/socket/ssl_client_socket_pool.cc	(working copy)
@@ -25,6 +25,7 @@
     const scoped_refptr<HttpProxySocketParams>& http_proxy_params,
     ProxyServer::Scheme proxy,
     const std::string& hostname,
+    uint16 port,
     const SSLConfig& ssl_config,
     int load_flags,
     bool force_spdy_over_ssl,
@@ -34,6 +35,7 @@
       socks_params_(socks_params),
       proxy_(proxy),
       hostname_(hostname),
+      port_(port),
       ssl_config_(ssl_config),
       load_flags_(load_flags),
       force_spdy_over_ssl_(force_spdy_over_ssl),
@@ -248,16 +250,20 @@
 }
 
 int SSLConnectJob::DoTunnelConnectComplete(int result) {
-  ClientSocket* socket = transport_socket_handle_->socket();
-  HttpProxyClientSocket* tunnel_socket =
-      static_cast<HttpProxyClientSocket*>(socket);
-
+  // Extract the information needed to prompt for the proxy client auth.
+  // so that when ClientSocketPoolBaseHelper calls |GetAdditionalErrorState|,
+  // we can easily set the state.
+  if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED)

[wtc, 2010/11/11 01:11:35]

Add curly braces.  This is required by the Style Guide, if
any branch in an if statement has curly braces.

Please rewrite the first comment block so that it applies to
both branches and delete the second comment block.

[Ryan Hamilton, 2010/11/11 18:57:00]

Done.

+    error_response_info_ = transport_socket_handle_->ssl_error_response_info();
   // Extract the information needed to prompt for the proxy authentication.
   // so that when ClientSocketPoolBaseHelper calls |GetAdditionalErrorState|,
   // we can easily set the state.
-  if (result == ERR_PROXY_AUTH_REQUESTED)
+  else if (result == ERR_PROXY_AUTH_REQUESTED) {
+    ClientSocket* socket = transport_socket_handle_->socket();
+    HttpProxyClientSocket* tunnel_socket =
+        static_cast<HttpProxyClientSocket*>(socket);
     error_response_info_ = *tunnel_socket->GetResponseInfo();
-
+  }
   if (result < 0)
     return result;
 
@@ -285,6 +291,7 @@
 
   ssl_socket_.reset(client_socket_factory_->CreateSSLClientSocket(
         transport_socket_handle_.release(), params_->hostname(),
+        params_->port(),

[wtc, 2010/11/11 01:11:35]

Nit: merge these two lines.

[Ryan Hamilton, 2010/11/11 18:57:00]

Done.

         params_->ssl_config(), ssl_host_info_.release(),
         dnsrr_resolver_));
   return ssl_socket_->Connect(&callback_);
@@ -320,6 +327,9 @@
   bool using_spdy = params_->force_spdy_over_ssl() ||
       params_->want_spdy_over_npn();
 
+  if (ProxyServer::SCHEME_HTTPS)
+    LOG(INFO) << "Connected to host through proxy, over spdy: " << (using_spdy ? "yes" : "no");

[wtc, 2010/11/11 01:11:35]

Is this line longer than 80 characters?

Replace LOG(INFO) by VLOG(1).

[Ryan Hamilton, 2010/11/11 18:57:00]

Sorry, removed the line.

+
   if (result == OK ||
       ssl_socket_->IgnoreCertError(result, params_->load_flags())) {
     DCHECK(ssl_connect_start_time_ != base::TimeTicks());