Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(354)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket_stream/socket_stream.cc

Issue 6677022: Code cleanup related to allowed_bad_certs.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Include cert_status_flags.h Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_server_socket_unittest.cc ('k') | remoting/protocol/jingle_session.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 // 4 //
5 // TODO(ukai): code is similar with http_network_transaction.cc. We should 5 // TODO(ukai): code is similar with http_network_transaction.cc. We should
6 // think about ways to share code, if possible. 6 // think about ways to share code, if possible.
7 7
8 #include "net/socket_stream/socket_stream.h" 8 #include "net/socket_stream/socket_stream.h"
9 9
10 #include <set> 10 #include <set>
(...skipping 814 matching lines...) Expand 10 before | Expand all | Expand 10 after
825 // if it returns cert verification error. It didn't perform 825 // if it returns cert verification error. It didn't perform
826 // SSLHandshake yet. 826 // SSLHandshake yet.
827 // So, we should restart establishing connection with the 827 // So, we should restart establishing connection with the
828 // certificate in allowed bad certificates in |ssl_config_|. 828 // certificate in allowed bad certificates in |ssl_config_|.
829 // See also net/http/http_network_transaction.cc 829 // See also net/http/http_network_transaction.cc
830 // HandleCertificateError() and RestartIgnoringLastError(). 830 // HandleCertificateError() and RestartIgnoringLastError().
831 SSLClientSocket* ssl_socket = 831 SSLClientSocket* ssl_socket =
832 reinterpret_cast<SSLClientSocket*>(socket_.get()); 832 reinterpret_cast<SSLClientSocket*>(socket_.get());
833 SSLInfo ssl_info; 833 SSLInfo ssl_info;
834 ssl_socket->GetSSLInfo(&ssl_info); 834 ssl_socket->GetSSLInfo(&ssl_info);
835 SSLConfig::CertAndStatus bad_cert;
836 bad_cert.cert = ssl_info.cert;
837 bad_cert.cert_status = ssl_info.cert_status;
838 if (ssl_config_.IsAllowedBadCert(ssl_info.cert)) { 835 if (ssl_config_.IsAllowedBadCert(ssl_info.cert)) {
839 // If we already have the certificate in the set of allowed bad 836 // If we already have the certificate in the set of allowed bad
840 // certificates, we did try it and failed again, so we should not 837 // certificates, we did try it and failed again, so we should not
841 // retry again: the connection should fail at last. 838 // retry again: the connection should fail at last.
842 next_state_ = STATE_CLOSE; 839 next_state_ = STATE_CLOSE;
843 return result; 840 return result;
844 } 841 }
845 // Add the bad certificate to the set of allowed certificates in the 842 // Add the bad certificate to the set of allowed certificates in the
846 // SSL info object. 843 // SSL config object.
844 SSLConfig::CertAndStatus bad_cert;
845 bad_cert.cert = ssl_info.cert;
846 bad_cert.cert_status = ssl_info.cert_status;
847 ssl_config_.allowed_bad_certs.push_back(bad_cert); 847 ssl_config_.allowed_bad_certs.push_back(bad_cert);
848 // Restart connection ignoring the bad certificate. 848 // Restart connection ignoring the bad certificate.
849 socket_->Disconnect(); 849 socket_->Disconnect();
850 socket_.reset(); 850 socket_.reset();
851 next_state_ = STATE_TCP_CONNECT; 851 next_state_ = STATE_TCP_CONNECT;
852 return OK; 852 return OK;
853 } 853 }
854 } 854 }
855 855
856 if (result == OK) 856 if (result == OK)
(...skipping 172 matching lines...) Expand 10 before | Expand all | Expand 10 after
1029 1029
1030 SSLConfigService* SocketStream::ssl_config_service() const { 1030 SSLConfigService* SocketStream::ssl_config_service() const {
1031 return context_->ssl_config_service(); 1031 return context_->ssl_config_service();
1032 } 1032 }
1033 1033
1034 ProxyService* SocketStream::proxy_service() const { 1034 ProxyService* SocketStream::proxy_service() const {
1035 return context_->proxy_service(); 1035 return context_->proxy_service();
1036 } 1036 }
1037 1037
1038 } // namespace net 1038 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_server_socket_unittest.cc ('k') | remoting/protocol/jingle_session.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698