net/http/http_network_transaction.cc - Issue 280853002: Preserve transport errors for OpenSSL sockets.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/http_network_transaction.cc

Issue 280853002: Preserve transport errors for OpenSSL sockets. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rephrase a lot of comments. Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/http/http_network_transaction.cc

diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc

index 32af2dd1844a8170be8615aa2701601e24ee0b63..f8962618e8cf3710bb21a42734b570f49a7d5fc3 100644

--- a/net/http/http_network_transaction.cc

+++ b/net/http/http_network_transaction.cc

@@ -1297,6 +1297,7 @@ int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {

uint16 version_max = server_ssl_config_.version_max;

switch (error) {

+ case ERR_CONNECTION_CLOSED:

case ERR_SSL_PROTOCOL_ERROR:

case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:

if (version_max >= SSL_PROTOCOL_VERSION_TLS1 &&

@@ -1331,6 +1332,26 @@ int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {

should_fallback = true;

}

break;

+ case ERR_CONNECTION_RESET:

+ if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&

+ version_max > server_ssl_config_.version_min) {

+ // Some network devices that inspect application-layer packets seem to

+ // inject TCP reset packets to break the connections when they see TLS

+ // 1.1 in ClientHello or ServerHello. See http://crbug.com/130293.

+ //

+ // Only allow ERR_CONNECTION_RESET to trigger a fallback from TLS 1.1 or

+ // 1.2. We don't lose much in this fallback because the explicit IV for

+ // CBC mode in TLS 1.1 is approximated by record splitting in TLS

+ // 1.0. The fallback will be more painful for TLS 1.2 when we have GCM

+ // support.

+ //

+ // ERR_CONNECTION_RESET is a common network error, so we don't want it

+ // to trigger a version fallback in general, especially the TLS 1.0 ->

+ // SSL 3.0 fallback, which would drop TLS extensions.

+ version_max--;

+ should_fallback = true;

+ }

+ break;

case ERR_SSL_INAPPROPRIATE_FALLBACK:

// The server told us that we should not have fallen back. A buggy server

// could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial

« no previous file with comments | « no previous file | net/socket/openssl_ssl_util.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')