| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_stream_request.h" | 5 #include "net/http/http_stream_request.h" |
| 6 | 6 |
| 7 #include "base/stl_util-inl.h" | 7 #include "base/stl_util-inl.h" |
| 8 #include "base/string_number_conversions.h" | 8 #include "base/string_number_conversions.h" |
| 9 #include "base/string_util.h" | 9 #include "base/string_util.h" |
| 10 #include "base/stringprintf.h" | 10 #include "base/stringprintf.h" |
| (...skipping 869 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 880 const HostPortPair& host_and_port, | 880 const HostPortPair& host_and_port, |
| 881 bool want_spdy_over_npn) { | 881 bool want_spdy_over_npn) { |
| 882 | 882 |
| 883 if (factory_->IsTLSIntolerantServer(request_info().url)) { | 883 if (factory_->IsTLSIntolerantServer(request_info().url)) { |
| 884 LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: " | 884 LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: " |
| 885 << GetHostAndPort(request_info().url); | 885 << GetHostAndPort(request_info().url); |
| 886 ssl_config()->ssl3_fallback = true; | 886 ssl_config()->ssl3_fallback = true; |
| 887 ssl_config()->tls1_enabled = false; | 887 ssl_config()->tls1_enabled = false; |
| 888 } | 888 } |
| 889 | 889 |
| 890 if (proxy_info()->is_https() && ssl_config()->send_client_cert) { |
| 891 // When connecting through an HTTPS proxy, disable TLS False Start so |
| 892 // that client authentication errors can be distinguished between those |
| 893 // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and |
| 894 // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR / |
| 895 // ERR_BAD_SSL_CLIENT_AUTH_CERT). |
| 896 // TODO(rch): This assumes that the HTTPS proxy will only request a |
| 897 // client certificate during the initial handshake. |
| 898 // http://crbug.com/FIXME |
| 899 ssl_config()->false_start_enabled = false; |
| 900 } |
| 901 |
| 890 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback", | 902 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback", |
| 891 static_cast<int>(ssl_config()->ssl3_fallback), 2); | 903 static_cast<int>(ssl_config()->ssl3_fallback), 2); |
| 892 | 904 |
| 893 int load_flags = request_info().load_flags; | 905 int load_flags = request_info().load_flags; |
| 894 if (HttpStreamFactory::ignore_certificate_errors()) | 906 if (HttpStreamFactory::ignore_certificate_errors()) |
| 895 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; | 907 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; |
| 896 if (request_info().load_flags & LOAD_VERIFY_EV_CERT) | 908 if (request_info().load_flags & LOAD_VERIFY_EV_CERT) |
| 897 ssl_config()->verify_ev_cert = true; | 909 ssl_config()->verify_ev_cert = true; |
| 898 | 910 |
| 899 if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP || | 911 if (proxy_info()->proxy_server().scheme() == ProxyServer::SCHEME_HTTP || |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 968 // ERR_ADDRESS_UNREACHABLE. | 980 // ERR_ADDRESS_UNREACHABLE. |
| 969 return ERR_ADDRESS_UNREACHABLE; | 981 return ERR_ADDRESS_UNREACHABLE; |
| 970 default: | 982 default: |
| 971 return error; | 983 return error; |
| 972 } | 984 } |
| 973 | 985 |
| 974 if (request_info().load_flags & LOAD_BYPASS_PROXY) { | 986 if (request_info().load_flags & LOAD_BYPASS_PROXY) { |
| 975 return error; | 987 return error; |
| 976 } | 988 } |
| 977 | 989 |
| 990 if (proxy_info()->is_https() && ssl_config_->send_client_cert) { |
| 991 session_->ssl_client_auth_cache()->Remove( |
| 992 proxy_info()->proxy_server().host_port_pair().ToString()); |
| 993 } |
| 994 |
| 978 int rv = session_->proxy_service()->ReconsiderProxyAfterError( | 995 int rv = session_->proxy_service()->ReconsiderProxyAfterError( |
| 979 request_info().url, proxy_info(), &io_callback_, &pac_request_, | 996 request_info().url, proxy_info(), &io_callback_, &pac_request_, |
| 980 net_log_); | 997 net_log_); |
| 981 if (rv == OK || rv == ERR_IO_PENDING) { | 998 if (rv == OK || rv == ERR_IO_PENDING) { |
| 982 // If the error was during connection setup, there is no socket to | 999 // If the error was during connection setup, there is no socket to |
| 983 // disconnect. | 1000 // disconnect. |
| 984 if (connection_->socket()) | 1001 if (connection_->socket()) |
| 985 connection_->socket()->Disconnect(); | 1002 connection_->socket()->Disconnect(); |
| 986 connection_->Reset(); | 1003 connection_->Reset(); |
| 987 next_state_ = STATE_RESOLVE_PROXY_COMPLETE; | 1004 next_state_ = STATE_RESOLVE_PROXY_COMPLETE; |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1054 base::TimeDelta::FromMinutes(6), | 1071 base::TimeDelta::FromMinutes(6), |
| 1055 100); | 1072 100); |
| 1056 break; | 1073 break; |
| 1057 default: | 1074 default: |
| 1058 NOTREACHED(); | 1075 NOTREACHED(); |
| 1059 break; | 1076 break; |
| 1060 } | 1077 } |
| 1061 } | 1078 } |
| 1062 | 1079 |
| 1063 } // namespace net | 1080 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6120002:
Disable False Start and clear the SSL client auth cache for HTTPS proxies on failure (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src