OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 768 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
779 "424359 HttpNetworkTransaction::DoCreateStreamComplete")); | 779 "424359 HttpNetworkTransaction::DoCreateStreamComplete")); |
780 | 780 |
781 // If |result| is ERR_HTTPS_PROXY_TUNNEL_RESPONSE, then | 781 // If |result| is ERR_HTTPS_PROXY_TUNNEL_RESPONSE, then |
782 // DoCreateStreamComplete is being called from OnHttpsProxyTunnelResponse, | 782 // DoCreateStreamComplete is being called from OnHttpsProxyTunnelResponse, |
783 // which resets the stream request first. Therefore, we have to grab the | 783 // which resets the stream request first. Therefore, we have to grab the |
784 // connection attempts in *that* function instead of here in that case. | 784 // connection attempts in *that* function instead of here in that case. |
785 if (result != ERR_HTTPS_PROXY_TUNNEL_RESPONSE) | 785 if (result != ERR_HTTPS_PROXY_TUNNEL_RESPONSE) |
786 CopyConnectionAttemptsFromStreamRequest(); | 786 CopyConnectionAttemptsFromStreamRequest(); |
787 | 787 |
788 if (result == OK) { | 788 if (result == OK) { |
789 if (request_->url.SchemeIs("https")) | |
Ryan Sleevi
2015/05/01 23:57:55
BUG: Why not WSS? Why not SchemeIsCryptographic?
davidben
2015/05/02 00:22:09
Done.
| |
790 RecordSSLFallbackMetrics(); | |
789 next_state_ = STATE_INIT_STREAM; | 791 next_state_ = STATE_INIT_STREAM; |
790 DCHECK(stream_.get()); | 792 DCHECK(stream_.get()); |
791 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { | 793 } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { |
792 result = HandleCertificateRequest(result); | 794 result = HandleCertificateRequest(result); |
793 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) { | 795 } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) { |
794 // Return OK and let the caller read the proxy's error page | 796 // Return OK and let the caller read the proxy's error page |
795 next_state_ = STATE_NONE; | 797 next_state_ = STATE_NONE; |
796 return OK; | 798 return OK; |
797 } else if (result == ERR_HTTP_1_1_REQUIRED || | 799 } else if (result == ERR_HTTP_1_1_REQUIRED || |
798 result == ERR_PROXY_HTTP_1_1_REQUIRED) { | 800 result == ERR_PROXY_HTTP_1_1_REQUIRED) { |
(...skipping 724 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1523 | 1525 |
1524 pending_auth_target_ = HttpAuth::AUTH_NONE; | 1526 pending_auth_target_ = HttpAuth::AUTH_NONE; |
1525 read_buf_ = NULL; | 1527 read_buf_ = NULL; |
1526 read_buf_len_ = 0; | 1528 read_buf_len_ = 0; |
1527 headers_valid_ = false; | 1529 headers_valid_ = false; |
1528 request_headers_.Clear(); | 1530 request_headers_.Clear(); |
1529 response_ = HttpResponseInfo(); | 1531 response_ = HttpResponseInfo(); |
1530 establishing_tunnel_ = false; | 1532 establishing_tunnel_ = false; |
1531 } | 1533 } |
1532 | 1534 |
1535 void HttpNetworkTransaction::RecordSSLFallbackMetrics() { | |
1536 enum FallbackVersion { | |
1537 FALLBACK_NONE = 0, // SSL version fallback did not occur. | |
1538 FALLBACK_SSL3 = 1, // Fell back to SSL 3.0. | |
1539 FALLBACK_TLS1 = 2, // Fell back to TLS 1.0. | |
1540 FALLBACK_TLS1_1 = 3, // Fell back to TLS 1.1. | |
1541 FALLBACK_MAX, | |
1542 }; | |
Ryan Sleevi
2015/05/01 23:57:55
Do you need to document the (hopefully obvious, bu
davidben
2015/05/02 00:22:09
Done.
| |
1543 | |
1544 FallbackVersion fallback = FALLBACK_NONE; | |
1545 if (server_ssl_config_.version_fallback) { | |
1546 switch (server_ssl_config_.version_max) { | |
1547 case SSL_PROTOCOL_VERSION_SSL3: | |
1548 fallback = FALLBACK_SSL3; | |
1549 break; | |
1550 case SSL_PROTOCOL_VERSION_TLS1: | |
1551 fallback = FALLBACK_TLS1; | |
1552 break; | |
1553 case SSL_PROTOCOL_VERSION_TLS1_1: | |
1554 fallback = FALLBACK_TLS1_1; | |
1555 break; | |
1556 default: | |
1557 NOTREACHED(); | |
1558 } | |
1559 } | |
1560 UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback2", fallback, | |
1561 FALLBACK_MAX); | |
1562 | |
1563 // We also wish to measure the amount of fallback connections for a host that | |
1564 // we know implements TLS up to 1.2. Ideally there would be no fallback here | |
1565 // but high numbers of SSLv3 would suggest that SSLv3 fallback is being | |
1566 // caused by network middleware rather than buggy HTTPS servers. | |
1567 const std::string& host = request_->url.host(); | |
1568 if (EndsWith(host, "google.com", true) && | |
1569 (host.size() == 10 || host[host.size() - 11] == '.')) { | |
1570 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2", | |
1571 fallback, FALLBACK_MAX); | |
1572 } | |
Ryan Sleevi
2015/05/01 23:57:55
Is this even worthwhile with the fallback SCSV? We
davidben
2015/05/02 00:22:08
I'm actually especially interested in a fixed vers
| |
1573 | |
1574 UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2", | |
1575 server_ssl_config_.enable_deprecated_cipher_suites); | |
1576 } | |
1577 | |
1533 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const { | 1578 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const { |
1534 return response_.headers.get(); | 1579 return response_.headers.get(); |
1535 } | 1580 } |
1536 | 1581 |
1537 bool HttpNetworkTransaction::ShouldResendRequest() const { | 1582 bool HttpNetworkTransaction::ShouldResendRequest() const { |
1538 bool connection_is_proven = stream_->IsConnectionReused(); | 1583 bool connection_is_proven = stream_->IsConnectionReused(); |
1539 bool has_received_headers = GetResponseHeaders() != NULL; | 1584 bool has_received_headers = GetResponseHeaders() != NULL; |
1540 | 1585 |
1541 // NOTE: we resend a request only if we reused a keep-alive connection. | 1586 // NOTE: we resend a request only if we reused a keep-alive connection. |
1542 // This automatically prevents an infinite resend loop because we'll run | 1587 // This automatically prevents an infinite resend loop because we'll run |
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1677 DCHECK(stream_request_); | 1722 DCHECK(stream_request_); |
1678 | 1723 |
1679 // Since the transaction can restart with auth credentials, it may create a | 1724 // Since the transaction can restart with auth credentials, it may create a |
1680 // stream more than once. Accumulate all of the connection attempts across | 1725 // stream more than once. Accumulate all of the connection attempts across |
1681 // those streams by appending them to the vector: | 1726 // those streams by appending them to the vector: |
1682 for (const auto& attempt : stream_request_->connection_attempts()) | 1727 for (const auto& attempt : stream_request_->connection_attempts()) |
1683 connection_attempts_.push_back(attempt); | 1728 connection_attempts_.push_back(attempt); |
1684 } | 1729 } |
1685 | 1730 |
1686 } // namespace net | 1731 } // namespace net |
OLD | NEW |