Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(215)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_network_transaction.cc

Issue 280853002: Preserve transport errors for OpenSSL sockets. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: USE_NSS -> USE_OPENSSL for Windows and Mac Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/socket/openssl_ssl_util.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_network_transaction.h" 5 #include "net/http/http_network_transaction.h"
6 6
7 #include <set> 7 #include <set>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 1361 matching lines...) Expand 10 before | Expand all | Expand 10 after
1372 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 && 1372 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
1373 version_max > server_ssl_config_.version_min) { 1373 version_max > server_ssl_config_.version_min) {
1374 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or 1374 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or
1375 // 1.2 ClientHello, but then return a bad_record_mac alert. See 1375 // 1.2 ClientHello, but then return a bad_record_mac alert. See
1376 // crbug.com/260358. In order to make the fallback as minimal as 1376 // crbug.com/260358. In order to make the fallback as minimal as
1377 // possible, this fallback is only triggered for >= TLS 1.1. 1377 // possible, this fallback is only triggered for >= TLS 1.1.
1378 version_max--; 1378 version_max--;
1379 should_fallback = true; 1379 should_fallback = true;
1380 } 1380 }
1381 break; 1381 break;
1382 case ERR_CONNECTION_RESET:
1383 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
1384 version_max > server_ssl_config_.version_min) {
1385 // Some network devices that inspect application-layer packets seem to
1386 // inject TCP reset packets to break the connections when they see TLS
1387 // 1.1 in ClientHello or ServerHello. See http://crbug.com/130293.
1388 //
1389 // Only allow ERR_CONNECTION_RESET to trigger a fallback from TLS 1.1 or
1390 // 1.2. We don't lose much in this fallback because the explicit IV for
1391 // CBC mode in TLS 1.1 is approximated by record splitting in TLS
1392 // 1.0. The fallback will be more painful for TLS 1.2 when we have GCM
1393 // support.
1394 //
1395 // ERR_CONNECTION_RESET is a common network error, so we don't want it
1396 // to trigger a version fallback in general, especially the TLS 1.0 ->
1397 // SSL 3.0 fallback, which would drop TLS extensions.
1398 version_max--;
1399 should_fallback = true;
1400 }
1401 break;
1382 case ERR_SSL_INAPPROPRIATE_FALLBACK: 1402 case ERR_SSL_INAPPROPRIATE_FALLBACK:
1383 // The server told us that we should not have fallen back. A buggy server 1403 // The server told us that we should not have fallen back. A buggy server
1384 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial 1404 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial
1385 // connection. |fallback_error_code_| is initialised to 1405 // connection. |fallback_error_code_| is initialised to
1386 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case. 1406 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case.
1387 error = fallback_error_code_; 1407 error = fallback_error_code_;
1388 break; 1408 break;
1389 } 1409 }
1390 1410
1391 if (should_fallback) { 1411 if (should_fallback) {
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after
1599 description = base::StringPrintf("Unknown state 0x%08X (%u)", state, 1619 description = base::StringPrintf("Unknown state 0x%08X (%u)", state,
1600 state); 1620 state);
1601 break; 1621 break;
1602 } 1622 }
1603 return description; 1623 return description;
1604 } 1624 }
1605 1625
1606 #undef STATE_CASE 1626 #undef STATE_CASE
1607 1627
1608 } // namespace net 1628 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/socket/openssl_ssl_util.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698