net/http/http_proxy_client_socket_pool.cc - Issue 9600022: net: Disconnect proxy sockets that have a certificate error.

Side by Side Diff: net/http/http_proxy_client_socket_pool.cc

Issue 9600022: net: Disconnect proxy sockets that have a certificate error. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 8 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/http/http_proxy_client_socket_pool.h"	5 #include "net/http/http_proxy_client_socket_pool.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8	8

9 #include "base/time.h"	9 #include "base/time.h"

10 #include "base/values.h"	10 #include "base/values.h"

(...skipping 199 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
210 group_name(), params_->ssl_params(),	210 group_name(), params_->ssl_params(),

211 params_->ssl_params()->transport_params()->destination().priority(),	211 params_->ssl_params()->transport_params()->destination().priority(),

212 callback_, ssl_pool_, net_log());	212 callback_, ssl_pool_, net_log());

213 }	213 }

214	214

215 int HttpProxyConnectJob::DoSSLConnectComplete(int result) {	215 int HttpProxyConnectJob::DoSSLConnectComplete(int result) {

216 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {	216 if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {

217 error_response_info_ = transport_socket_handle_->ssl_error_response_info();	217 error_response_info_ = transport_socket_handle_->ssl_error_response_info();

218 DCHECK(error_response_info_.cert_request_info.get());	218 DCHECK(error_response_info_.cert_request_info.get());

219 error_response_info_.cert_request_info->is_proxy = true;	219 error_response_info_.cert_request_info->is_proxy = true;

220 return result;	220 return result;
	wtc 2012/03/05 21:08:14 rch: do we also need to disconnect the socket here rch: do we also need to disconnect the socket here? agl 2012/03/05 21:16:15 I thought about this when writing the patch but de Show quoted text On 2012/03/05 21:08:14, wtc wrote: > rch: do we also need to disconnect the socket here? I thought about this when writing the patch but decided that the socket, in this case, was unusable. So even if we do need to call Disconnect here, it's not a security issue because writing to the socket wouldn't work (or so I expect). Therefore, since this patch was scheduled for merging, it was best to keep it minimal.
221 }	221 }

222 if (IsCertificateError(result)) {	222 if (IsCertificateError(result)) {

223 if (params_->ssl_params()->load_flags() & LOAD_IGNORE_ALL_CERT_ERRORS) {	223 if (params_->ssl_params()->load_flags() & LOAD_IGNORE_ALL_CERT_ERRORS) {

224 result = OK;	224 result = OK;

225 } else {	225 } else {

226 // TODO(rch): allow the user to deal with proxy cert errors in the	226 // TODO(rch): allow the user to deal with proxy cert errors in the

227 // same way as server cert errors.	227 // same way as server cert errors.

	228 transport_socket_handle_->socket()->Disconnect();
	wtc 2012/03/05 21:08:14 rch: the code on lines 233-234 below has a null po rch: the code on lines 233-234 below has a null pointer check. I guess the null pointer check is not necessary here because if the socket is null, we cannot possibly get a certificate error?
228 return ERR_PROXY_CERTIFICATE_INVALID;	229 return ERR_PROXY_CERTIFICATE_INVALID;

229 }	230 }

230 }	231 }

231 if (result < 0) {	232 if (result < 0) {

232 if (transport_socket_handle_->socket())	233 if (transport_socket_handle_->socket())

233 transport_socket_handle_->socket()->Disconnect();	234 transport_socket_handle_->socket()->Disconnect();

234 return ERR_PROXY_CONNECTION_FAILED;	235 return ERR_PROXY_CONNECTION_FAILED;

235 }	236 }

236	237

237 SSLClientSocket* ssl =	238 SSLClientSocket* ssl =

(...skipping 241 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
479	480

480 base::TimeDelta HttpProxyClientSocketPool::ConnectionTimeout() const {	481 base::TimeDelta HttpProxyClientSocketPool::ConnectionTimeout() const {

481 return base_.ConnectionTimeout();	482 return base_.ConnectionTimeout();

482 }	483 }

483	484

484 ClientSocketPoolHistograms* HttpProxyClientSocketPool::histograms() const {	485 ClientSocketPoolHistograms* HttpProxyClientSocketPool::histograms() const {

485 return base_.histograms();	486 return base_.histograms();

486 }	487 }

487	488

488 } // namespace net	489 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »