OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 // | 4 // |
5 // TODO(ukai): code is similar with http_network_transaction.cc. We should | 5 // TODO(ukai): code is similar with http_network_transaction.cc. We should |
6 // think about ways to share code, if possible. | 6 // think about ways to share code, if possible. |
7 | 7 |
8 #include "net/socket_stream/socket_stream.h" | 8 #include "net/socket_stream/socket_stream.h" |
9 | 9 |
10 #include <set> | 10 #include <set> |
(...skipping 859 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
870 // if it returns cert verification error. It didn't perform | 870 // if it returns cert verification error. It didn't perform |
871 // SSLHandshake yet. | 871 // SSLHandshake yet. |
872 // So, we should restart establishing connection with the | 872 // So, we should restart establishing connection with the |
873 // certificate in allowed bad certificates in |ssl_config_|. | 873 // certificate in allowed bad certificates in |ssl_config_|. |
874 // See also net/http/http_network_transaction.cc | 874 // See also net/http/http_network_transaction.cc |
875 // HandleCertificateError() and RestartIgnoringLastError(). | 875 // HandleCertificateError() and RestartIgnoringLastError(). |
876 SSLClientSocket* ssl_socket = | 876 SSLClientSocket* ssl_socket = |
877 reinterpret_cast<SSLClientSocket*>(socket_.get()); | 877 reinterpret_cast<SSLClientSocket*>(socket_.get()); |
878 SSLInfo ssl_info; | 878 SSLInfo ssl_info; |
879 ssl_socket->GetSSLInfo(&ssl_info); | 879 ssl_socket->GetSSLInfo(&ssl_info); |
880 if (ssl_config_.IsAllowedBadCert(ssl_info.cert, NULL)) { | 880 if (ssl_info.cert == NULL || |
| 881 ssl_config_.IsAllowedBadCert(ssl_info.cert, NULL)) { |
881 // If we already have the certificate in the set of allowed bad | 882 // If we already have the certificate in the set of allowed bad |
882 // certificates, we did try it and failed again, so we should not | 883 // certificates, we did try it and failed again, so we should not |
883 // retry again: the connection should fail at last. | 884 // retry again: the connection should fail at last. |
884 next_state_ = STATE_CLOSE; | 885 next_state_ = STATE_CLOSE; |
885 return result; | 886 return result; |
886 } | 887 } |
887 // Add the bad certificate to the set of allowed certificates in the | 888 // Add the bad certificate to the set of allowed certificates in the |
888 // SSL config object. | 889 // SSL config object. |
889 SSLConfig::CertAndStatus bad_cert; | 890 SSLConfig::CertAndStatus bad_cert; |
890 bad_cert.cert = ssl_info.cert; | 891 if (!ssl_info.cert->GetDEREncoded(&bad_cert.der_cert)) { |
| 892 next_state_ = STATE_CLOSE; |
| 893 return result; |
| 894 } |
891 bad_cert.cert_status = ssl_info.cert_status; | 895 bad_cert.cert_status = ssl_info.cert_status; |
892 ssl_config_.allowed_bad_certs.push_back(bad_cert); | 896 ssl_config_.allowed_bad_certs.push_back(bad_cert); |
893 // Restart connection ignoring the bad certificate. | 897 // Restart connection ignoring the bad certificate. |
894 socket_->Disconnect(); | 898 socket_->Disconnect(); |
895 socket_.reset(); | 899 socket_.reset(); |
896 next_state_ = STATE_TCP_CONNECT; | 900 next_state_ = STATE_TCP_CONNECT; |
897 return OK; | 901 return OK; |
898 } | 902 } |
899 } | 903 } |
900 | 904 |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1078 | 1082 |
1079 SSLConfigService* SocketStream::ssl_config_service() const { | 1083 SSLConfigService* SocketStream::ssl_config_service() const { |
1080 return context_->ssl_config_service(); | 1084 return context_->ssl_config_service(); |
1081 } | 1085 } |
1082 | 1086 |
1083 ProxyService* SocketStream::proxy_service() const { | 1087 ProxyService* SocketStream::proxy_service() const { |
1084 return context_->proxy_service(); | 1088 return context_->proxy_service(); |
1085 } | 1089 } |
1086 | 1090 |
1087 } // namespace net | 1091 } // namespace net |
OLD | NEW |