Chromium Code Reviews Chromium Code Reviews
Issue 1131763002:
Reject renegotiations in SSLClientSocket by default. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/http/http_stream_factory_impl_job.h" | 5 #include "net/http/http_stream_factory_impl_job.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/bind.h" | 10 #include "base/bind.h" |
| (...skipping 1100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1111 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) && | 1111 bool using_proxy = (proxy_info_.is_http() || proxy_info_.is_https()) && |
| 1112 (request_info_.url.SchemeIs("http") || | 1112 (request_info_.url.SchemeIs("http") || |
| 1113 request_info_.url.SchemeIs("ftp")); | 1113 request_info_.url.SchemeIs("ftp")); |
| 1114 if (stream_factory_->for_websockets_) { | 1114 if (stream_factory_->for_websockets_) { |
| 1115 DCHECK(request_); | 1115 DCHECK(request_); |
| 1116 DCHECK(request_->websocket_handshake_stream_create_helper()); | 1116 DCHECK(request_->websocket_handshake_stream_create_helper()); |
| 1117 websocket_stream_.reset( | 1117 websocket_stream_.reset( |
| 1118 request_->websocket_handshake_stream_create_helper() | 1118 request_->websocket_handshake_stream_create_helper() |
| 1119 ->CreateBasicStream(connection_.Pass(), using_proxy)); | 1119 ->CreateBasicStream(connection_.Pass(), using_proxy)); |
| 1120 } else { | 1120 } else { |
| 1121 // HTTP/1.1 requires renegotiations enabled to support TLS client | |
| 1122 // authentication coming in during a request. | |
| 1123 connection_->socket()->SetRenegotiationsAllowed(true); | |
|
Ryan Sleevi
2015/05/07 01:41:26
This is also needed for WebSockets, which can and
davidben
2015/05/07 19:12:34
Well, this doesn't break all client certs. Sane de
| |
| 1121 stream_.reset(new HttpBasicStream(connection_.release(), using_proxy)); | 1124 stream_.reset(new HttpBasicStream(connection_.release(), using_proxy)); |
| 1122 } | 1125 } |
| 1123 return OK; | 1126 return OK; |
| 1124 } | 1127 } |
| 1125 | 1128 |
| 1126 CHECK(!stream_.get()); | 1129 CHECK(!stream_.get()); |
| 1127 | 1130 |
| 1128 bool direct = !IsHttpsProxyAndHttpUrl(); | 1131 bool direct = !IsHttpsProxyAndHttpUrl(); |
| 1129 if (existing_spdy_session_.get()) { | 1132 if (existing_spdy_session_.get()) { |
| 1130 // We picked up an existing session, so we don't need our socket. | 1133 // We picked up an existing session, so we don't need our socket. |
| (...skipping 374 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1505 | 1508 |
| 1506 void HttpStreamFactoryImpl::Job:: | 1509 void HttpStreamFactoryImpl::Job:: |
| 1507 MaybeCopyConnectionAttemptsFromClientSocketHandleToRequest() { | 1510 MaybeCopyConnectionAttemptsFromClientSocketHandleToRequest() { |
| 1508 if (IsOrphaned() || !connection_) | 1511 if (IsOrphaned() || !connection_) |
| 1509 return; | 1512 return; |
| 1510 | 1513 |
| 1511 request_->AddConnectionAttempts(connection_->connection_attempts()); | 1514 request_->AddConnectionAttempts(connection_->connection_attempts()); |
| 1512 } | 1515 } |
| 1513 | 1516 |
| 1514 } // namespace net | 1517 } // namespace net |
| OLD | NEW |
