Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(214)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_stream_factory_impl.cc

Issue 1074193003: Verify alternative server certificate validity for origin. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Nit. Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/http/http_network_transaction_unittest.cc ('k') | net/http/http_stream_factory_impl_job.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_stream_factory_impl.h" 5 #include "net/http/http_stream_factory_impl.h"
6 6
7 #include <string> 7 #include <string>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after
152 return kNoAlternativeService; 152 return kNoAlternativeService;
153 153
154 HostPortPair origin = HostPortPair::FromURL(original_url); 154 HostPortPair origin = HostPortPair::FromURL(original_url);
155 HttpServerProperties& http_server_properties = 155 HttpServerProperties& http_server_properties =
156 *session_->http_server_properties(); 156 *session_->http_server_properties();
157 const AlternativeService alternative_service = 157 const AlternativeService alternative_service =
158 http_server_properties.GetAlternativeService(origin); 158 http_server_properties.GetAlternativeService(origin);
159 159
160 if (alternative_service.protocol == UNINITIALIZED_ALTERNATE_PROTOCOL) 160 if (alternative_service.protocol == UNINITIALIZED_ALTERNATE_PROTOCOL)
161 return kNoAlternativeService; 161 return kNoAlternativeService;
162 // TODO(bnc): Make sure that callers connect to the specified host, and that
163 // certificate requirements are enforced. Then remove the following two
164 // lines.
165 if (alternative_service.host != origin.host())
166 return kNoAlternativeService;
167 if (http_server_properties.IsAlternativeServiceBroken(alternative_service)) { 162 if (http_server_properties.IsAlternativeServiceBroken(alternative_service)) {
168 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_BROKEN); 163 HistogramAlternateProtocolUsage(ALTERNATE_PROTOCOL_USAGE_BROKEN);
169 return kNoAlternativeService; 164 return kNoAlternativeService;
170 } 165 }
171 if (!IsAlternateProtocolValid(alternative_service.protocol)) { 166 if (!IsAlternateProtocolValid(alternative_service.protocol)) {
172 NOTREACHED(); 167 NOTREACHED();
173 return kNoAlternativeService; 168 return kNoAlternativeService;
174 } 169 }
175 170
176 // Some shared unix systems may have user home directories (like 171 // Some shared unix systems may have user home directories (like
(...skipping 14 matching lines...) Expand all
191 if (!HttpStreamFactory::spdy_enabled()) 186 if (!HttpStreamFactory::spdy_enabled())
192 return kNoAlternativeService; 187 return kNoAlternativeService;
193 188
194 if (session_->HasSpdyExclusion(origin)) 189 if (session_->HasSpdyExclusion(origin))
195 return kNoAlternativeService; 190 return kNoAlternativeService;
196 191
197 return alternative_service; 192 return alternative_service;
198 } 193 }
199 194
200 DCHECK_EQ(QUIC, alternative_service.protocol); 195 DCHECK_EQ(QUIC, alternative_service.protocol);
196 // TODO(bnc): Make sure that certificate requirements are enforced when using
197 // QUIC, then remove the following two lines.
198 if (alternative_service.host != origin.host())
199 return kNoAlternativeService;
201 if (!session_->params().enable_quic) 200 if (!session_->params().enable_quic)
202 return kNoAlternativeService; 201 return kNoAlternativeService;
203 202
204 if (session_->quic_stream_factory()->IsQuicDisabled(origin.port())) 203 if (session_->quic_stream_factory()->IsQuicDisabled(origin.port()))
205 return kNoAlternativeService; 204 return kNoAlternativeService;
206 205
207 return alternative_service; 206 return alternative_service;
208 } 207 }
209 208
210 void HttpStreamFactoryImpl::OrphanJob(Job* job, const Request* request) { 209 void HttpStreamFactoryImpl::OrphanJob(Job* job, const Request* request) {
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after
266 delete job; 265 delete job;
267 } 266 }
268 267
269 void HttpStreamFactoryImpl::OnPreconnectsComplete(const Job* job) { 268 void HttpStreamFactoryImpl::OnPreconnectsComplete(const Job* job) {
270 preconnect_job_set_.erase(job); 269 preconnect_job_set_.erase(job);
271 delete job; 270 delete job;
272 OnPreconnectsCompleteInternal(); 271 OnPreconnectsCompleteInternal();
273 } 272 }
274 273
275 } // namespace net 274 } // namespace net
OLDNEW
« no previous file with comments | « net/http/http_network_transaction_unittest.cc ('k') | net/http/http_stream_factory_impl_job.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698