Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(54)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_stream_request.cc

Issue 6017010: Ensure that when using False Start + client auth, bad client certificates are not cached (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix mac compile Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/http/http_network_transaction.cc ('K') | « net/http/http_stream_request.h ('k') | net/socket/socket_test_util.h » ('j') | net/socket/socket_test_util.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_stream_request.h" 5 #include "net/http/http_stream_request.h"
6 6
7 #include "base/stl_util-inl.h" 7 #include "base/stl_util-inl.h"
8 #include "base/string_number_conversions.h" 8 #include "base/string_number_conversions.h"
9 #include "base/string_util.h" 9 #include "base/string_util.h"
10 #include "base/stringprintf.h" 10 #include "base/stringprintf.h"
(...skipping 743 matching lines...) Expand 10 before | Expand all | Expand 10 after
754 result = HandleCertificateError(result); 754 result = HandleCertificateError(result);
755 if (result == OK && !connection_->socket()->IsConnectedAndIdle()) { 755 if (result == OK && !connection_->socket()->IsConnectedAndIdle()) {
756 connection_->socket()->Disconnect(); 756 connection_->socket()->Disconnect();
757 connection_->Reset(); 757 connection_->Reset();
758 next_state_ = STATE_INIT_CONNECTION; 758 next_state_ = STATE_INIT_CONNECTION;
759 return result; 759 return result;
760 } 760 }
761 } 761 }
762 } 762 }
763 if (result < 0) 763 if (result < 0)
764 return HandleSSLHandshakeError(result); 764 return result;
765 } 765 }
766 766
767 next_state_ = STATE_CREATE_STREAM; 767 next_state_ = STATE_CREATE_STREAM;
768 return OK; 768 return OK;
769 } 769 }
770 770
771 int HttpStreamRequest::DoWaitingUserAction(int result) { 771 int HttpStreamRequest::DoWaitingUserAction(int result) {
772 // This state indicates that the stream request is in a partially 772 // This state indicates that the stream request is in a partially
773 // completed state, and we've called back to the delegate for more 773 // completed state, and we've called back to the delegate for more
774 // information. 774 // information.
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after
1036 ssl_config()->allowed_bad_certs.push_back(bad_cert); 1036 ssl_config()->allowed_bad_certs.push_back(bad_cert);
1037 1037
1038 int load_flags = request_info().load_flags; 1038 int load_flags = request_info().load_flags;
1039 if (HttpStreamFactory::ignore_certificate_errors()) 1039 if (HttpStreamFactory::ignore_certificate_errors())
1040 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; 1040 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
1041 if (ssl_socket->IgnoreCertError(error, load_flags)) 1041 if (ssl_socket->IgnoreCertError(error, load_flags))
1042 return OK; 1042 return OK;
1043 return error; 1043 return error;
1044 } 1044 }
1045 1045
1046 int HttpStreamRequest::HandleSSLHandshakeError(int error) {
1047 if (ssl_config()->send_client_cert &&
1048 (error == ERR_SSL_PROTOCOL_ERROR ||
1049 error == ERR_BAD_SSL_CLIENT_AUTH_CERT)) {
1050 session_->ssl_client_auth_cache()->Remove(
1051 GetHostAndPort(request_info().url));
1052 }
1053
1054 switch (error) {
1055 case ERR_SSL_PROTOCOL_ERROR:
1056 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
1057 case ERR_SSL_DECOMPRESSION_FAILURE_ALERT:
1058 case ERR_SSL_BAD_RECORD_MAC_ALERT:
1059 if (ssl_config()->tls1_enabled &&
1060 !SSLConfigService::IsKnownStrictTLSServer(
1061 request_info().url.host())) {
1062 // This could be a TLS-intolerant server, an SSL 3.0 server that
1063 // chose a TLS-only cipher suite or a server with buggy DEFLATE
1064 // support. Turn off TLS 1.0, DEFLATE support and retry.
1065 factory_->AddTLSIntolerantServer(request_info().url);
1066 next_state_ = STATE_INIT_CONNECTION;
1067 DCHECK(!connection_.get() || !connection_->socket());
1068 error = OK;
1069 }
1070 break;
1071 }
1072 return error;
1073 }
1074
1075 void HttpStreamRequest::SwitchToSpdyMode() { 1046 void HttpStreamRequest::SwitchToSpdyMode() {
1076 if (HttpStreamFactory::spdy_enabled()) 1047 if (HttpStreamFactory::spdy_enabled())
1077 using_spdy_ = true; 1048 using_spdy_ = true;
1078 } 1049 }
1079 1050
1080 // static 1051 // static
1081 void HttpStreamRequest::LogHttpConnectedMetrics( 1052 void HttpStreamRequest::LogHttpConnectedMetrics(
1082 const ClientSocketHandle& handle) { 1053 const ClientSocketHandle& handle) {
1083 UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(), 1054 UMA_HISTOGRAM_ENUMERATION("Net.HttpSocketType", handle.reuse_type(),
1084 ClientSocketHandle::NUM_TYPES); 1055 ClientSocketHandle::NUM_TYPES);
(...skipping 20 matching lines...) Expand all
1105 base::TimeDelta::FromMinutes(6), 1076 base::TimeDelta::FromMinutes(6),
1106 100); 1077 100);
1107 break; 1078 break;
1108 default: 1079 default:
1109 NOTREACHED(); 1080 NOTREACHED();
1110 break; 1081 break;
1111 } 1082 }
1112 } 1083 }
1113 1084
1114 } // namespace net 1085 } // namespace net
OLDNEW
« net/http/http_network_transaction.cc ('K') | « net/http/http_stream_request.h ('k') | net/socket/socket_test_util.h » ('j') | net/socket/socket_test_util.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698