Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1447)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/http_network_transaction.cc

Issue 4935001: Allow a non-200 (or non-407) response for a CONNECT request from an HTTPS pro... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/http/http_network_transaction.h ('k') | net/http/http_network_transaction_unittest.cc » ('j') | net/http/http_network_transaction_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/http_network_transaction.cc
===================================================================
--- net/http/http_network_transaction.cc (revision 68959)
+++ net/http/http_network_transaction.cc (working copy)
@@ -285,11 +285,13 @@
scoped_refptr<HttpResponseHeaders> headers(GetResponseHeaders());
if (headers_valid_ && headers.get() && stream_request_.get()) {
// We're trying to read the body of the response but we're still trying
- // to establish an SSL tunnel through the proxy. We can't read these
+ // to establish an SSL tunnel through an HTTP proxy. We can't read these
// bytes when establishing a tunnel because they might be controlled by
// an active network attacker. We don't worry about this for HTTP
// because an active network attacker can already control HTTP sessions.
- // We reach this case when the user cancels a 407 proxy auth prompt.
+ // We reach this case when the user cancels a 407 proxy auth prompt. We
+ // also don't worry about this for an HTTPS Proxy, because the
+ // communication with the proxy is secure.
// See http://crbug.com/8473.
DCHECK(proxy_info_.is_http() || proxy_info_.is_https());
DCHECK_EQ(headers->response_code(), 407);
@@ -301,7 +303,6 @@
// Are we using SPDY or HTTP?
next_state = STATE_READ_BODY;
- DCHECK(stream_->GetResponseInfo()->headers);
read_buf_ = buf;
read_buf_len_ = buf_len;
@@ -410,6 +411,18 @@
OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
}
+void HttpNetworkTransaction::OnHttpsProxyTunnelResponse(
+ const HttpResponseInfo& response_info,
+ HttpStream* stream) {
+ DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
+
+ headers_valid_ = true;
+ response_ = response_info;
+ stream_.reset(stream);
+ stream_request_.reset(); // we're done with the stream request
+ OnIOComplete(ERR_HTTPS_PROXY_TUNNEL_RESPONSE);
+}
+
bool HttpNetworkTransaction::is_https_request() const {
return request_->url.SchemeIs("https");
}
@@ -535,6 +548,10 @@
DCHECK(stream_.get());
} else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
result = HandleCertificateRequest(result);
+ } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
+ // Return OK and let the caller read the proxy's error page
+ next_state_ = STATE_NONE;
+ return OK;
}
// At this point we are done with the stream_request_.
« no previous file with comments | « net/http/http_network_transaction.h ('k') | net/http/http_network_transaction_unittest.cc » ('j') | net/http/http_network_transaction_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698