OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 #include <set> | 8 #include <set> |
9 #include <utility> | 9 #include <utility> |
10 #include <vector> | 10 #include <vector> |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
64 #include "net/ssl/ssl_connection_status_flags.h" | 64 #include "net/ssl/ssl_connection_status_flags.h" |
65 #include "net/ssl/ssl_private_key.h" | 65 #include "net/ssl/ssl_private_key.h" |
66 #include "net/ssl/token_binding.h" | 66 #include "net/ssl/token_binding.h" |
67 #include "url/gurl.h" | 67 #include "url/gurl.h" |
68 #include "url/url_canon.h" | 68 #include "url/url_canon.h" |
69 | 69 |
70 namespace net { | 70 namespace net { |
71 | 71 |
72 namespace { | 72 namespace { |
73 | 73 |
74 std::unique_ptr<base::Value> NetLogSSLVersionFallbackCallback( | |
75 const GURL* url, | |
76 int net_error, | |
77 uint16_t version_before, | |
78 uint16_t version_after, | |
79 NetLogCaptureMode /* capture_mode */) { | |
80 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); | |
81 dict->SetString("host_and_port", GetHostAndPort(*url)); | |
82 dict->SetInteger("net_error", net_error); | |
83 dict->SetInteger("version_before", version_before); | |
84 dict->SetInteger("version_after", version_after); | |
85 return std::move(dict); | |
86 } | |
87 | |
88 std::unique_ptr<base::Value> NetLogSSLCipherFallbackCallback( | 74 std::unique_ptr<base::Value> NetLogSSLCipherFallbackCallback( |
89 const GURL* url, | 75 const GURL* url, |
90 int net_error, | 76 int net_error, |
91 NetLogCaptureMode /* capture_mode */) { | 77 NetLogCaptureMode /* capture_mode */) { |
92 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); | 78 std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
93 dict->SetString("host_and_port", GetHostAndPort(*url)); | 79 dict->SetString("host_and_port", GetHostAndPort(*url)); |
94 dict->SetInteger("net_error", net_error); | 80 dict->SetInteger("net_error", net_error); |
95 return std::move(dict); | 81 return std::move(dict); |
96 } | 82 } |
97 | 83 |
98 } // namespace | 84 } // namespace |
99 | 85 |
100 //----------------------------------------------------------------------------- | 86 //----------------------------------------------------------------------------- |
101 | 87 |
102 HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority, | 88 HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority, |
103 HttpNetworkSession* session) | 89 HttpNetworkSession* session) |
104 : pending_auth_target_(HttpAuth::AUTH_NONE), | 90 : pending_auth_target_(HttpAuth::AUTH_NONE), |
105 io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete, | 91 io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete, |
106 base::Unretained(this))), | 92 base::Unretained(this))), |
107 session_(session), | 93 session_(session), |
108 request_(NULL), | 94 request_(NULL), |
109 priority_(priority), | 95 priority_(priority), |
110 headers_valid_(false), | 96 headers_valid_(false), |
111 fallback_error_code_(ERR_SSL_INAPPROPRIATE_FALLBACK), | |
112 request_headers_(), | 97 request_headers_(), |
113 read_buf_len_(0), | 98 read_buf_len_(0), |
114 total_received_bytes_(0), | 99 total_received_bytes_(0), |
115 total_sent_bytes_(0), | 100 total_sent_bytes_(0), |
116 next_state_(STATE_NONE), | 101 next_state_(STATE_NONE), |
117 establishing_tunnel_(false), | 102 establishing_tunnel_(false), |
118 websocket_handshake_stream_base_create_helper_(NULL), | 103 websocket_handshake_stream_base_create_helper_(NULL), |
119 net_error_details_() { | 104 net_error_details_() { |
120 } | 105 } |
121 | 106 |
(...skipping 1310 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1432 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH || | 1417 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH || |
1433 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) { | 1418 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) { |
1434 net_log_.AddEvent( | 1419 net_log_.AddEvent( |
1435 NetLog::TYPE_SSL_CIPHER_FALLBACK, | 1420 NetLog::TYPE_SSL_CIPHER_FALLBACK, |
1436 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error)); | 1421 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error)); |
1437 server_ssl_config_.deprecated_cipher_suites_enabled = true; | 1422 server_ssl_config_.deprecated_cipher_suites_enabled = true; |
1438 ResetConnectionAndRequestForResend(); | 1423 ResetConnectionAndRequestForResend(); |
1439 return OK; | 1424 return OK; |
1440 } | 1425 } |
1441 | 1426 |
1442 // TODO(davidben): Remove this code once the dedicated error code is no | |
1443 // longer needed and the flags to re-enable the fallback expire. | |
1444 bool should_fallback = false; | |
1445 uint16_t version_max = server_ssl_config_.version_max; | |
1446 | |
1447 switch (error) { | |
1448 // This could be a TLS-intolerant server or a server that chose a | |
1449 // cipher suite defined only for higher protocol versions (such as | |
1450 // an TLS 1.1 server that chose a TLS-1.2-only cipher suite). Fall | |
1451 // back to the next lower version and retry. | |
1452 case ERR_CONNECTION_CLOSED: | |
1453 case ERR_SSL_PROTOCOL_ERROR: | |
1454 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: | |
1455 // Some servers trigger the TLS 1.1 fallback with ERR_CONNECTION_RESET | |
1456 // (https://crbug.com/433406). | |
1457 case ERR_CONNECTION_RESET: | |
1458 // This was added for the TLS 1.0 fallback (https://crbug.com/260358) which | |
1459 // has since been removed, but other servers may be relying on it for the | |
1460 // TLS 1.1 fallback. It will be removed with the remainder of the fallback. | |
1461 case ERR_SSL_BAD_RECORD_MAC_ALERT: | |
1462 // Fallback down to a TLS 1.1 ClientHello. By default, this is rejected | |
1463 // but surfaces ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION to help diagnose | |
1464 // server bugs. | |
1465 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_2 && | |
1466 version_max > server_ssl_config_.version_min) { | |
1467 version_max--; | |
1468 should_fallback = true; | |
1469 } | |
1470 break; | |
1471 case ERR_SSL_INAPPROPRIATE_FALLBACK: | |
1472 // The server told us that we should not have fallen back. A buggy server | |
1473 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial | |
1474 // connection. |fallback_error_code_| is initialised to | |
1475 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case. | |
1476 error = fallback_error_code_; | |
1477 break; | |
1478 } | |
1479 | |
1480 if (should_fallback) { | |
1481 net_log_.AddEvent( | |
1482 NetLog::TYPE_SSL_VERSION_FALLBACK, | |
1483 base::Bind(&NetLogSSLVersionFallbackCallback, &request_->url, error, | |
1484 server_ssl_config_.version_max, version_max)); | |
1485 fallback_error_code_ = error; | |
1486 server_ssl_config_.version_max = version_max; | |
1487 server_ssl_config_.version_fallback = true; | |
1488 ResetConnectionAndRequestForResend(); | |
1489 error = OK; | |
1490 } | |
1491 | |
1492 return error; | 1427 return error; |
1493 } | 1428 } |
1494 | 1429 |
1495 // This method determines whether it is safe to resend the request after an | 1430 // This method determines whether it is safe to resend the request after an |
1496 // IO error. It can only be called in response to request header or body | 1431 // IO error. It can only be called in response to request header or body |
1497 // write errors or response header read errors. It should not be used in | 1432 // write errors or response header read errors. It should not be used in |
1498 // other cases, such as a Connect error. | 1433 // other cases, such as a Connect error. |
1499 int HttpNetworkTransaction::HandleIOError(int error) { | 1434 int HttpNetworkTransaction::HandleIOError(int error) { |
1500 // Because the peer may request renegotiation with client authentication at | 1435 // Because the peer may request renegotiation with client authentication at |
1501 // any time, check and handle client authentication errors. | 1436 // any time, check and handle client authentication errors. |
(...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1729 DCHECK(stream_request_); | 1664 DCHECK(stream_request_); |
1730 | 1665 |
1731 // Since the transaction can restart with auth credentials, it may create a | 1666 // Since the transaction can restart with auth credentials, it may create a |
1732 // stream more than once. Accumulate all of the connection attempts across | 1667 // stream more than once. Accumulate all of the connection attempts across |
1733 // those streams by appending them to the vector: | 1668 // those streams by appending them to the vector: |
1734 for (const auto& attempt : stream_request_->connection_attempts()) | 1669 for (const auto& attempt : stream_request_->connection_attempts()) |
1735 connection_attempts_.push_back(attempt); | 1670 connection_attempts_.push_back(attempt); |
1736 } | 1671 } |
1737 | 1672 |
1738 } // namespace net | 1673 } // namespace net |
OLD | NEW |