Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_stream_factory_impl.cc

Issue 1074193003: Verify alternative server certificate validity for origin. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Verify certificate validity. Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/base/net_error_list.h ('K') | « net/http/http_network_transaction_unittest.cc ('k') | net/http/http_stream_factory_impl_job.h » ('j') | net/http/http_stream_factory_impl_job.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_stream_factory_impl.h" 5 #include "net/http/http_stream_factory_impl.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after
155 return kNoAlternativeService; 155 return kNoAlternativeService;
156 156
157 HostPortPair origin = HostPortPair::FromURL(original_url); 157 HostPortPair origin = HostPortPair::FromURL(original_url);
158 HttpServerProperties& http_server_properties = 158 HttpServerProperties& http_server_properties =
159 *session_->http_server_properties(); 159 *session_->http_server_properties();
160 const AlternativeService alternative_service = 160 const AlternativeService alternative_service =
161 http_server_properties.GetAlternativeService(origin); 161 http_server_properties.GetAlternativeService(origin);
162 162
163 if (alternative_service.protocol == UNINITIALIZED_ALTERNATE_PROTOCOL) 163 if (alternative_service.protocol == UNINITIALIZED_ALTERNATE_PROTOCOL)
164 return kNoAlternativeService; 164 return kNoAlternativeService;
165 // TODO(bnc): Make sure that callers connect to the specified host, and that
166 // certificate requirements are enforced. Then remove the following two
167 // lines.
168 if (alternative_service.host != origin.host())
169 return kNoAlternativeService;
170 if (http_server_properties.IsAlternativeServiceBroken(alternative_service)) { 165 if (http_server_properties.IsAlternativeServiceBroken(alternative_service)) {
171 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_BROKEN); 166 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_BROKEN);
172 return kNoAlternativeService; 167 return kNoAlternativeService;
173 } 168 }
174 if (!IsAlternateProtocolValid(alternative_service.protocol)) { 169 if (!IsAlternateProtocolValid(alternative_service.protocol)) {
175 NOTREACHED(); 170 NOTREACHED();
176 return kNoAlternativeService; 171 return kNoAlternativeService;
177 } 172 }
178 173
179 // Some shared unix systems may have user home directories (like 174 // Some shared unix systems may have user home directories (like
(...skipping 14 matching lines...) Expand all
194 if (!HttpStreamFactory::spdy_enabled()) 189 if (!HttpStreamFactory::spdy_enabled())
195 return kNoAlternativeService; 190 return kNoAlternativeService;
196 191
197 if (session_->HasSpdyExclusion(origin)) 192 if (session_->HasSpdyExclusion(origin))
198 return kNoAlternativeService; 193 return kNoAlternativeService;
199 194
200 return alternative_service; 195 return alternative_service;
201 } 196 }
202 197
203 DCHECK_EQ(QUIC, alternative_service.protocol); 198 DCHECK_EQ(QUIC, alternative_service.protocol);
199 // TODO(bnc): Make sure that certificate requirements are enforced when using
200 // QUIC, then remove the following two lines.
201 if (alternative_service.host != origin.host())
202 return kNoAlternativeService;
Ryan Hamilton 2015/04/10 18:37:36 We actually intend to make use of this feature fir
Bence 2015/04/10 19:55:16 Okay. I started with HTTP/2 tests because there a
204 if (!session_->params().enable_quic) 203 if (!session_->params().enable_quic)
205 return kNoAlternativeService; 204 return kNoAlternativeService;
206 205
207 if (session_->quic_stream_factory()->IsQuicDisabled(origin.port())) 206 if (session_->quic_stream_factory()->IsQuicDisabled(origin.port()))
208 return kNoAlternativeService; 207 return kNoAlternativeService;
209 208
210 return alternative_service; 209 return alternative_service;
211 } 210 }
212 211
213 void HttpStreamFactoryImpl::OrphanJob(Job* job, const Request* request) { 212 void HttpStreamFactoryImpl::OrphanJob(Job* job, const Request* request) {
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
269 delete job; 268 delete job;
270 } 269 }
271 270
272 void HttpStreamFactoryImpl::OnPreconnectsComplete(const Job* job) { 271 void HttpStreamFactoryImpl::OnPreconnectsComplete(const Job* job) {
273 preconnect_job_set_.erase(job); 272 preconnect_job_set_.erase(job);
274 delete job; 273 delete job;
275 OnPreconnectsCompleteInternal(); 274 OnPreconnectsCompleteInternal();
276 } 275 }
277 276
278 } // namespace net 277 } // namespace net
OLDNEW
« net/base/net_error_list.h ('K') | « net/http/http_network_transaction_unittest.cc ('k') | net/http/http_stream_factory_impl_job.h » ('j') | net/http/http_stream_factory_impl_job.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698