Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_stream_request.cc

Issue 6017010: Ensure that when using False Start + client auth, bad client certificates are not cached (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Added more comments and rename tests Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/http/http_network_transaction_unittest.cc ('K') | « net/http/http_stream_request.h ('k') | net/socket/socket_test_util.h » ('j') | net/socket/socket_test_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_stream_request.h" 5 #include "net/http/http_stream_request.h"
6 6
7 #include "base/stl_util-inl.h" 7 #include "base/stl_util-inl.h"
8 #include "base/string_number_conversions.h" 8 #include "base/string_number_conversions.h"
9 #include "base/string_util.h" 9 #include "base/string_util.h"
10 #include "base/stringprintf.h" 10 #include "base/stringprintf.h"
(...skipping 721 matching lines...) Expand 10 before | Expand all | Expand 10 after
732 result = HandleCertificateError(result); 732 result = HandleCertificateError(result);
733 if (result == OK && !connection_->socket()->IsConnectedAndIdle()) { 733 if (result == OK && !connection_->socket()->IsConnectedAndIdle()) {
734 connection_->socket()->Disconnect(); 734 connection_->socket()->Disconnect();
735 connection_->Reset(); 735 connection_->Reset();
736 next_state_ = STATE_INIT_CONNECTION; 736 next_state_ = STATE_INIT_CONNECTION;
737 return result; 737 return result;
738 } 738 }
739 } 739 }
740 } 740 }
741 if (result < 0) 741 if (result < 0)
742 return HandleSSLHandshakeError(result); 742 return result;
743 } 743 }
744 744
745 next_state_ = STATE_CREATE_STREAM; 745 next_state_ = STATE_CREATE_STREAM;
746 return OK; 746 return OK;
747 } 747 }
748 748
749 int HttpStreamRequest::DoWaitingUserAction(int result) { 749 int HttpStreamRequest::DoWaitingUserAction(int result) {
750 // This state indicates that the stream request is in a partially 750 // This state indicates that the stream request is in a partially
751 // completed state, and we've called back to the delegate for more 751 // completed state, and we've called back to the delegate for more
752 // information. 752 // information.
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
1014 ssl_config()->allowed_bad_certs.push_back(bad_cert); 1014 ssl_config()->allowed_bad_certs.push_back(bad_cert);
1015 1015
1016 int load_flags = request_info().load_flags; 1016 int load_flags = request_info().load_flags;
1017 if (HttpStreamFactory::ignore_certificate_errors()) 1017 if (HttpStreamFactory::ignore_certificate_errors())
1018 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; 1018 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
1019 if (ssl_socket->IgnoreCertError(error, load_flags)) 1019 if (ssl_socket->IgnoreCertError(error, load_flags))
1020 return OK; 1020 return OK;
1021 return error; 1021 return error;
1022 } 1022 }
1023 1023
1024 int HttpStreamRequest::HandleSSLHandshakeError(int error) {
1025 if (ssl_config()->send_client_cert &&
1026 (error == ERR_SSL_PROTOCOL_ERROR ||
1027 error == ERR_BAD_SSL_CLIENT_AUTH_CERT)) {
1028 session_->ssl_client_auth_cache()->Remove(
1029 GetHostAndPort(request_info().url));
1030 }
1031
1032 switch (error) {
1033 case ERR_SSL_PROTOCOL_ERROR:
1034 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
1035 case ERR_SSL_DECOMPRESSION_FAILURE_ALERT:
1036 case ERR_SSL_BAD_RECORD_MAC_ALERT:
1037 if (ssl_config()->tls1_enabled &&
1038 !SSLConfigService::IsKnownStrictTLSServer(
1039 request_info().url.host())) {
1040 // This could be a TLS-intolerant server, an SSL 3.0 server that
1041 // chose a TLS-only cipher suite or a server with buggy DEFLATE
1042 // support. Turn off TLS 1.0, DEFLATE support and retry.
1043 factory_->AddTLSIntolerantServer(request_info().url);
1044 next_state_ = STATE_INIT_CONNECTION;
1045 DCHECK(!connection_.get() || !connection_->socket());
1046 error = OK;
1047 }
1048 break;
1049 }
1050 return error;
1051 }
1052
1053 void HttpStreamRequest::SwitchToSpdyMode() { 1024 void HttpStreamRequest::SwitchToSpdyMode() {
1054 if (HttpStreamFactory::spdy_enabled()) 1025 if (HttpStreamFactory::spdy_enabled())
1055 using_spdy_ = true; 1026 using_spdy_ = true;
1056 } 1027 }
1057 1028
1058 // static 1029 // static
1059 void HttpStreamRequest::LogHttpConnectedMetrics( 1030 void HttpStreamRequest::LogHttpConnectedMetrics(
1060 const ClientSocketHandle& handle) { 1031 const ClientSocketHandle& handle) {
1061 UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(), 1032 UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(),
1062 ClientSocketHandle::NUM_TYPES); 1033 ClientSocketHandle::NUM_TYPES);
(...skipping 20 matching lines...) Expand all
1083 base::TimeDelta::FromMinutes(6), 1054 base::TimeDelta::FromMinutes(6),
1084 100); 1055 100);
1085 break; 1056 break;
1086 default: 1057 default:
1087 NOTREACHED(); 1058 NOTREACHED();
1088 break; 1059 break;
1089 } 1060 }
1090 } 1061 }
1091 1062
1092 } // namespace net 1063 } // namespace net
OLDNEW
« net/http/http_network_transaction_unittest.cc ('K') | « net/http/http_stream_request.h ('k') | net/socket/socket_test_util.h » ('j') | net/socket/socket_test_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698