Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(640)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_http_job.cc

Issue 23908005: Handle all non-overridable SSL errors in the same place (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Accidentally removed whitespace, added back in Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/cert/cert_status_flags.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index dd11a1b6ef257cb3a35f580a18facc5e8acfebd0..a472d68a9f3159e4c3feae1fe01db3fbf10aaba3 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -890,18 +890,28 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
SaveCookiesAndNotifyHeadersComplete(net::OK);
} else if (IsCertificateError(result)) {
- // We encountered an SSL certificate error. Ask our delegate to decide
- // what we should do.
-
- TransportSecurityState::DomainState domain_state;
- const URLRequestContext* context = request_->context();
- const bool fatal = context->transport_security_state() &&
- context->transport_security_state()->GetDomainState(
- request_info_.url.host(),
- SSLConfigService::IsSNIAvailable(context->ssl_config_service()),
- &domain_state) &&
- domain_state.ShouldSSLErrorsBeFatal();
- NotifySSLCertificateError(transaction_->GetResponseInfo()->ssl_info, fatal);
+ // We encountered an SSL certificate error.
+ if (result == ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY ||
+ result == ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN) {
+ // These are hard failures. They're handled separately and don't have
+ // the correct cert status, so we set it here.
Ryan Sleevi 2013/09/10 20:51:27 comment nit: Can you drop the "we", leaving the co
felt 2013/09/10 21:03:21 Done.
+ SSLInfo info(transaction_->GetResponseInfo()->ssl_info);
+ info.cert_status = MapNetErrorToCertStatus(result);
+ NotifySSLCertificateError(info, true);
+ } else {
+ // Maybe overridable, maybe not.
+ // Ask our delegate to decide what we should do.
Ryan Sleevi 2013/09/10 20:51:27 comment nit: // The error may be overridable. Ask
felt 2013/09/10 21:03:21 Done.
+ TransportSecurityState::DomainState domain_state;
+ const URLRequestContext* context = request_->context();
+ const bool fatal = context->transport_security_state() &&
+ context->transport_security_state()->GetDomainState(
+ request_info_.url.host(),
+ SSLConfigService::IsSNIAvailable(context->ssl_config_service()),
+ &domain_state) &&
+ domain_state.ShouldSSLErrorsBeFatal();
+ NotifySSLCertificateError(
+ transaction_->GetResponseInfo()->ssl_info, fatal);
+ }
} else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
NotifyCertificateRequested(
transaction_->GetResponseInfo()->cert_request_info.get());
« no previous file with comments | « net/cert/cert_status_flags.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698