Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(66)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_stream_factory_impl_job.cc

Issue 2300533002: Stop caching DER-encoded certificates unnecessarily (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_impl.cc » ('j') | net/socket/ssl_client_socket_impl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_stream_factory_impl_job.h" 5 #include "net/http/http_stream_factory_impl_job.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <utility> 9 #include <utility>
10 10
(...skipping 1452 matching lines...) Expand 10 before | Expand all | Expand 10 after
1463 } 1463 }
1464 1464
1465 int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) { 1465 int HttpStreamFactoryImpl::Job::HandleCertificateError(int error) {
1466 DCHECK(using_ssl_); 1466 DCHECK(using_ssl_);
1467 DCHECK(IsCertificateError(error)); 1467 DCHECK(IsCertificateError(error));
1468 1468
1469 SSLClientSocket* ssl_socket = 1469 SSLClientSocket* ssl_socket =
1470 static_cast<SSLClientSocket*>(connection_->socket()); 1470 static_cast<SSLClientSocket*>(connection_->socket());
1471 ssl_socket->GetSSLInfo(&ssl_info_); 1471 ssl_socket->GetSSLInfo(&ssl_info_);
1472 1472
1473 if (!ssl_info_.cert) {
1474 // If the server's certificate could not be parsed, there is no way
1475 // to gracefully recover this, so just pass the error up.
1476 return error;
1477 }
1478
1473 // Add the bad certificate to the set of allowed certificates in the 1479 // Add the bad certificate to the set of allowed certificates in the
1474 // SSL config object. This data structure will be consulted after calling 1480 // SSL config object. This data structure will be consulted after calling
1475 // RestartIgnoringLastError(). And the user will be asked interactively 1481 // RestartIgnoringLastError(). And the user will be asked interactively
1476 // before RestartIgnoringLastError() is ever called. 1482 // before RestartIgnoringLastError() is ever called.
1477 SSLConfig::CertAndStatus bad_cert; 1483 SSLConfig::CertAndStatus bad_cert;
1478 1484 bad_cert.cert = ssl_info_.cert;
1479 // |ssl_info_.cert| may be NULL if we failed to create
1480 // X509Certificate for whatever reason, but normally it shouldn't
1481 // happen, unless this code is used inside sandbox.
1482 if (ssl_info_.cert.get() == NULL ||
1483 !X509Certificate::GetDEREncoded(ssl_info_.cert->os_cert_handle(),
1484 &bad_cert.der_cert)) {
1485 return error;
1486 }
1487 bad_cert.cert_status = ssl_info_.cert_status; 1485 bad_cert.cert_status = ssl_info_.cert_status;
1488 server_ssl_config_.allowed_bad_certs.push_back(bad_cert); 1486 server_ssl_config_.allowed_bad_certs.emplace_back(bad_cert);
davidben 2016/08/31 19:20:49 Same comment as Sergey about why emplace_back vs p
1489 1487
1490 int load_flags = request_info_.load_flags; 1488 int load_flags = request_info_.load_flags;
1491 if (session_->params().ignore_certificate_errors) 1489 if (session_->params().ignore_certificate_errors)
1492 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS; 1490 load_flags |= LOAD_IGNORE_ALL_CERT_ERRORS;
1493 if (ssl_socket->IgnoreCertError(error, load_flags)) 1491 if (ssl_socket->IgnoreCertError(error, load_flags))
1494 return OK; 1492 return OK;
1495 return error; 1493 return error;
1496 } 1494 }
1497 1495
1498 void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() { 1496 void HttpStreamFactoryImpl::Job::SwitchToSpdyMode() {
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after
1624 1622
1625 ConnectionAttempts socket_attempts = connection_->connection_attempts(); 1623 ConnectionAttempts socket_attempts = connection_->connection_attempts();
1626 if (connection_->socket()) { 1624 if (connection_->socket()) {
1627 connection_->socket()->GetConnectionAttempts(&socket_attempts); 1625 connection_->socket()->GetConnectionAttempts(&socket_attempts);
1628 } 1626 }
1629 1627
1630 delegate_->AddConnectionAttemptsToRequest(this, socket_attempts); 1628 delegate_->AddConnectionAttemptsToRequest(this, socket_attempts);
1631 } 1629 }
1632 1630
1633 } // namespace net 1631 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_impl.cc » ('j') | net/socket/ssl_client_socket_impl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698