Chromium Code Reviews Chromium Code Reviews
Issue 4935001:
Allow a non-200 (or non-407) response for a CONNECT request from an HTTPS pro... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
| 6 | 6 |
| 7 #include <set> | 7 #include <set> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 276 } | 276 } |
| 277 | 277 |
| 278 int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len, | 278 int HttpNetworkTransaction::Read(IOBuffer* buf, int buf_len, |
| 279 CompletionCallback* callback) { | 279 CompletionCallback* callback) { |
| 280 DCHECK(buf); | 280 DCHECK(buf); |
| 281 DCHECK_LT(0, buf_len); | 281 DCHECK_LT(0, buf_len); |
| 282 | 282 |
| 283 State next_state = STATE_NONE; | 283 State next_state = STATE_NONE; |
| 284 | 284 |
| 285 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders()); | 285 scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders()); |
| 286 if (headers_valid_ && headers.get() && stream_request_.get()) { | 286 if (headers_valid_ && headers.get() && stream_request_.get() && |
| 287 !stream_.get()) { | |
| 287 // We're trying to read the body of the response but we're still trying | 288 // We're trying to read the body of the response but we're still trying |
| 288 // to establish an SSL tunnel through the proxy. We can't read these | 289 // to establish an SSL tunnel through an HTTP proxy. We can't read these |
| 289 // bytes when establishing a tunnel because they might be controlled by | 290 // bytes when establishing a tunnel because they might be controlled by |
| 290 // an active network attacker. We don't worry about this for HTTP | 291 // an active network attacker. We don't worry about this for HTTP |
| 291 // because an active network attacker can already control HTTP sessions. | 292 // because an active network attacker can already control HTTP sessions. |
| 292 // We reach this case when the user cancels a 407 proxy auth prompt. | 293 // We reach this case when the user cancels a 407 proxy auth prompt. We |
| 294 // also don't worry about this for an HTTPS Proxy, because an the | |
|
vandebo (ex-Chrome)
2010/12/04 00:30:37
because the
Ryan Hamilton
2010/12/09 21:19:35
Done.
| |
| 295 // communication with the proxy is secure. | |
| 293 // See http://crbug.com/8473. | 296 // See http://crbug.com/8473. |
| 294 DCHECK(proxy_info_.is_http() || proxy_info_.is_https()); | 297 DCHECK(proxy_info_.is_http() || proxy_info_.is_https()); |
| 295 DCHECK_EQ(headers->response_code(), 407); | 298 DCHECK_EQ(headers->response_code(), 407); |
| 296 LOG(WARNING) << "Blocked proxy response with status " | 299 LOG(WARNING) << "Blocked proxy response with status " |
| 297 << headers->response_code() << " to CONNECT request for " | 300 << headers->response_code() << " to CONNECT request for " |
| 298 << GetHostAndPort(request_->url) << "."; | 301 << GetHostAndPort(request_->url) << "."; |
| 299 return ERR_TUNNEL_CONNECTION_FAILED; | 302 return ERR_TUNNEL_CONNECTION_FAILED; |
| 300 } | 303 } |
| 301 | 304 |
| 302 // Are we using SPDY or HTTP? | 305 // Are we using SPDY or HTTP? |
| 303 next_state = STATE_READ_BODY; | 306 next_state = STATE_READ_BODY; |
| 304 DCHECK(stream_->GetResponseInfo()->headers); | |
| 305 | 307 |
| 306 read_buf_ = buf; | 308 read_buf_ = buf; |
| 307 read_buf_len_ = buf_len; | 309 read_buf_len_ = buf_len; |
| 308 | 310 |
| 309 next_state_ = next_state; | 311 next_state_ = next_state; |
| 310 int rv = DoLoop(OK); | 312 int rv = DoLoop(OK); |
| 311 if (rv == ERR_IO_PENDING) | 313 if (rv == ERR_IO_PENDING) |
| 312 user_callback_ = callback; | 314 user_callback_ = callback; |
| 313 return rv; | 315 return rv; |
| 314 } | 316 } |
| (...skipping 88 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 403 } | 405 } |
| 404 | 406 |
| 405 void HttpNetworkTransaction::OnNeedsClientAuth( | 407 void HttpNetworkTransaction::OnNeedsClientAuth( |
| 406 SSLCertRequestInfo* cert_info) { | 408 SSLCertRequestInfo* cert_info) { |
| 407 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); | 409 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); |
| 408 | 410 |
| 409 response_.cert_request_info = cert_info; | 411 response_.cert_request_info = cert_info; |
| 410 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); | 412 OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED); |
| 411 } | 413 } |
| 412 | 414 |
| 415 void HttpNetworkTransaction::OnHttpsProxyTunnelConnectionResponse( | |
| 416 const HttpResponseInfo& response_info, | |
| 417 HttpStream* stream) { | |
| 418 DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); | |
| 419 | |
| 420 headers_valid_ = true; | |
| 421 response_ = response_info; | |
| 422 stream_.reset(stream); | |
| 423 OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_CONNECTION_RESPONSE); | |
| 424 } | |
| 425 | |
| 413 bool HttpNetworkTransaction::is_https_request() const { | 426 bool HttpNetworkTransaction::is_https_request() const { |
| 414 return request_->url.SchemeIs("https"); | 427 return request_->url.SchemeIs("https"); |
| 415 } | 428 } |
| 416 | 429 |
| 417 void HttpNetworkTransaction::DoCallback(int rv) { | 430 void HttpNetworkTransaction::DoCallback(int rv) { |
| 418 DCHECK_NE(rv, ERR_IO_PENDING); | 431 DCHECK_NE(rv, ERR_IO_PENDING); |
| 419 DCHECK(user_callback_); | 432 DCHECK(user_callback_); |
| 420 | 433 |
| 421 // Since Run may result in Read being called, clear user_callback_ up front. | 434 // Since Run may result in Read being called, clear user_callback_ up front. |
| 422 CompletionCallback* c = user_callback_; | 435 CompletionCallback* c = user_callback_; |
| (...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 528 DCHECK(stream_request_.get()); | 541 DCHECK(stream_request_.get()); |
| 529 return ERR_IO_PENDING; | 542 return ERR_IO_PENDING; |
| 530 } | 543 } |
| 531 | 544 |
| 532 int HttpNetworkTransaction::DoCreateStreamComplete(int result) { | 545 int HttpNetworkTransaction::DoCreateStreamComplete(int result) { |
| 533 if (result == OK) { | 546 if (result == OK) { |
| 534 next_state_ = STATE_INIT_STREAM; | 547 next_state_ = STATE_INIT_STREAM; |
| 535 DCHECK(stream_.get()); | 548 DCHECK(stream_.get()); |
| 536 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { | 549 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
| 537 result = HandleCertificateRequest(result); | 550 result = HandleCertificateRequest(result); |
| 551 } else if (result == ERR_HTTPS_PROXY_TUNNEL_CONNECTION_RESPONSE) { | |
| 552 next_state_ = STATE_NONE; | |
|
vandebo (ex-Chrome)
2010/12/04 00:30:37
A comment here might be helpful:
// Return OK and
Ryan Hamilton
2010/12/09 21:19:35
Done.
| |
| 553 return OK; | |
| 538 } | 554 } |
| 539 | 555 |
| 540 // At this point we are done with the stream_request_. | 556 // At this point we are done with the stream_request_. |
| 541 stream_request_.reset(); | 557 stream_request_.reset(); |
| 542 return result; | 558 return result; |
| 543 } | 559 } |
| 544 | 560 |
| 545 int HttpNetworkTransaction::DoInitStream() { | 561 int HttpNetworkTransaction::DoInitStream() { |
| 546 DCHECK(stream_.get()); | 562 DCHECK(stream_.get()); |
| 547 next_state_ = STATE_INIT_STREAM_COMPLETE; | 563 next_state_ = STATE_INIT_STREAM_COMPLETE; |
| (...skipping 638 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1186 default: | 1202 default: |
| 1187 return priority; | 1203 return priority; |
| 1188 } | 1204 } |
| 1189 } | 1205 } |
| 1190 | 1206 |
| 1191 | 1207 |
| 1192 | 1208 |
| 1193 #undef STATE_CASE | 1209 #undef STATE_CASE |
| 1194 | 1210 |
| 1195 } // namespace net | 1211 } // namespace net |
| OLD | NEW |
