net/http/http_stream_request.cc - Issue 6120002: Disable False Start and clear the SSL client auth cache for HTTPS proxies on failure

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/http_stream_request.cc

Issue 6120002: Disable False Start and clear the SSL client auth cache for HTTPS proxies on failure (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: restructure test/comments to match the non-proxy Created 9 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/http_stream_request.cc

diff --git a/net/http/http_stream_request.cc b/net/http/http_stream_request.cc

index ea0b588ec4388b2fe5244bfe289a3e5f2c5bd8ad..777deadb7be1e39fddc37eed8d236c58f7d71bbb 100644

--- a/net/http/http_stream_request.cc

+++ b/net/http/http_stream_request.cc

@@ -909,6 +909,18 @@ scoped_refptr<SSLSocketParams> HttpStreamRequest::GenerateSSLParams(

ssl_config()->tls1_enabled = false;

}

+ if (proxy_info()->is_https() && ssl_config()->send_client_cert) {

+ // When connecting through an HTTPS proxy, disable TLS False Start so

+ // that client authentication errors can be distinguished between those

+ // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and

+ // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR /

+ // ERR_BAD_SSL_CLIENT_AUTH_CERT).

+ // TODO(rch): This assumes that the HTTPS proxy will only request a

+ // client certificate during the initial handshake.

+ // http://crbug.com/FIXME

wtc 2011/01/11 23:31:36 Please replace "FIXME" with the bug number. Is ss

+ ssl_config()->false_start_enabled = false;

+ }

UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLv3Fallback",

static_cast<int>(ssl_config()->ssl3_fallback), 2);

@@ -997,6 +1009,11 @@ int HttpStreamRequest::ReconsiderProxyAfterError(int error) {

return error;

}

+ if (proxy_info()->is_https() && ssl_config_->send_client_cert) {

wtc 2011/01/11 23:31:36 Why don't you test for ERR_PROXY_CONNECTION_FAILED

+ session_->ssl_client_auth_cache()->Remove(

+ proxy_info()->proxy_server().host_port_pair().ToString());

+ }

int rv = session_->proxy_service()->ReconsiderProxyAfterError(

request_info().url, proxy_info(), &io_callback_, &pac_request_,

net_log_);

« no previous file with comments | « net/http/http_network_transaction_unittest.cc ('k') | no next file » | no next file with comments »