OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_stream_factory_impl_job.h" | 5 #include "net/http/http_stream_factory_impl_job.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 1239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1250 } | 1250 } |
1251 | 1251 |
1252 bool HttpStreamFactoryImpl::Job::IsSpdyAlternate() const { | 1252 bool HttpStreamFactoryImpl::Job::IsSpdyAlternate() const { |
1253 return alternative_service_.protocol >= NPN_SPDY_MINIMUM_VERSION && | 1253 return alternative_service_.protocol >= NPN_SPDY_MINIMUM_VERSION && |
1254 alternative_service_.protocol <= NPN_SPDY_MAXIMUM_VERSION; | 1254 alternative_service_.protocol <= NPN_SPDY_MAXIMUM_VERSION; |
1255 } | 1255 } |
1256 | 1256 |
1257 void HttpStreamFactoryImpl::Job::InitSSLConfig(const HostPortPair& server, | 1257 void HttpStreamFactoryImpl::Job::InitSSLConfig(const HostPortPair& server, |
1258 SSLConfig* ssl_config, | 1258 SSLConfig* ssl_config, |
1259 bool is_proxy) const { | 1259 bool is_proxy) const { |
| 1260 if (!is_proxy) { |
| 1261 // Prior to HTTP/2 and SPDY, some servers use TLS renegotiation to request |
| 1262 // TLS client authentication after the HTTP request was sent. Allow |
| 1263 // renegotiation for only those connections. |
| 1264 // |
| 1265 // Note that this does NOT implement the provision in |
| 1266 // https://http2.github.io/http2-spec/#rfc.section.9.2.1 which allows the |
| 1267 // server to request a renegotiation immediately before sending the |
| 1268 // connection preface as waiting for the preface would cost the round trip |
| 1269 // that False Start otherwise saves. |
| 1270 ssl_config->renego_allowed_default = true; |
| 1271 ssl_config->renego_allowed_for_protos.push_back(kProtoHTTP11); |
| 1272 } |
| 1273 |
1260 if (proxy_info_.is_https() && ssl_config->send_client_cert) { | 1274 if (proxy_info_.is_https() && ssl_config->send_client_cert) { |
1261 // When connecting through an HTTPS proxy, disable TLS False Start so | 1275 // When connecting through an HTTPS proxy, disable TLS False Start so |
1262 // that client authentication errors can be distinguished between those | 1276 // that client authentication errors can be distinguished between those |
1263 // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and | 1277 // originating from the proxy server (ERR_PROXY_CONNECTION_FAILED) and |
1264 // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR / | 1278 // those originating from the endpoint (ERR_SSL_PROTOCOL_ERROR / |
1265 // ERR_BAD_SSL_CLIENT_AUTH_CERT). | 1279 // ERR_BAD_SSL_CLIENT_AUTH_CERT). |
1266 // TODO(rch): This assumes that the HTTPS proxy will only request a | 1280 // |
1267 // client certificate during the initial handshake. | 1281 // This assumes the proxy will only request certificates on the initial |
1268 // http://crbug.com/59292 | 1282 // handshake; renegotiation on the proxy connection is unsupported. |
1269 ssl_config->false_start_enabled = false; | 1283 ssl_config->false_start_enabled = false; |
1270 } | 1284 } |
1271 | 1285 |
1272 if (request_info_.load_flags & LOAD_VERIFY_EV_CERT) | 1286 if (request_info_.load_flags & LOAD_VERIFY_EV_CERT) |
1273 ssl_config->verify_ev_cert = true; | 1287 ssl_config->verify_ev_cert = true; |
1274 | 1288 |
1275 // Disable Channel ID if privacy mode is enabled. | 1289 // Disable Channel ID if privacy mode is enabled. |
1276 if (request_info_.privacy_mode == PRIVACY_MODE_ENABLED) | 1290 if (request_info_.privacy_mode == PRIVACY_MODE_ENABLED) |
1277 ssl_config->channel_id_enabled = false; | 1291 ssl_config->channel_id_enabled = false; |
1278 } | 1292 } |
(...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1505 | 1519 |
1506 void HttpStreamFactoryImpl::Job:: | 1520 void HttpStreamFactoryImpl::Job:: |
1507 MaybeCopyConnectionAttemptsFromClientSocketHandleToRequest() { | 1521 MaybeCopyConnectionAttemptsFromClientSocketHandleToRequest() { |
1508 if (IsOrphaned() || !connection_) | 1522 if (IsOrphaned() || !connection_) |
1509 return; | 1523 return; |
1510 | 1524 |
1511 request_->AddConnectionAttempts(connection_->connection_attempts()); | 1525 request_->AddConnectionAttempts(connection_->connection_attempts()); |
1512 } | 1526 } |
1513 | 1527 |
1514 } // namespace net | 1528 } // namespace net |
OLD | NEW |