Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(66)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_stream_factory_impl_job.cc

Issue 291093002: Fail the SPDY transaction if it does not meet TLS base requirements. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Sync and rebase Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/net.gypi » ('j') | net/spdy/spdy_network_transaction_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_stream_factory_impl_job.h" 5 #include "net/http/http_stream_factory_impl_job.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 1102 matching lines...) Expand 10 before | Expand all | Expand 10 after
1113 if (existing_spdy_session_.get()) { 1113 if (existing_spdy_session_.get()) {
1114 // We picked up an existing session, so we don't need our socket. 1114 // We picked up an existing session, so we don't need our socket.
1115 if (connection_->socket()) 1115 if (connection_->socket())
1116 connection_->socket()->Disconnect(); 1116 connection_->socket()->Disconnect();
1117 connection_->Reset(); 1117 connection_->Reset();
1118 std::swap(spdy_session, existing_spdy_session_); 1118 std::swap(spdy_session, existing_spdy_session_);
1119 } else { 1119 } else {
1120 SpdySessionPool* spdy_pool = session_->spdy_session_pool(); 1120 SpdySessionPool* spdy_pool = session_->spdy_session_pool();
1121 spdy_session = spdy_pool->FindAvailableSession(spdy_session_key, net_log_); 1121 spdy_session = spdy_pool->FindAvailableSession(spdy_session_key, net_log_);
1122 if (!spdy_session) { 1122 if (!spdy_session) {
1123 new_spdy_session_ = 1123 base::WeakPtr<SpdySession> new_spdy_session =
1124 spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key, 1124 spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key,
1125 connection_.Pass(), 1125 connection_.Pass(),
1126 net_log_, 1126 net_log_,
1127 spdy_certificate_error_, 1127 spdy_certificate_error_,
1128 using_ssl_); 1128 using_ssl_);
1129 if (!new_spdy_session->HasAcceptableTransportSecurity()) {
1130 new_spdy_session->CloseSessionOnError(ERR_SPDY_PROTOCOL_ERROR,
1131 "TLS security too low");
Johnny 2014/05/21 16:27:04 Create an ERR mapping for INADEQUATE_SECURITY [1]
willchan no longer on Chromium 2014/05/21 17:47:15 Done.
1132 return ERR_SPDY_PROTOCOL_ERROR;
1133 }
1134
1135 new_spdy_session_ = new_spdy_session;
1136 spdy_session_direct_ = direct;
1129 const HostPortPair& host_port_pair = spdy_session_key.host_port_pair(); 1137 const HostPortPair& host_port_pair = spdy_session_key.host_port_pair();
1130 base::WeakPtr<HttpServerProperties> http_server_properties = 1138 base::WeakPtr<HttpServerProperties> http_server_properties =
1131 session_->http_server_properties(); 1139 session_->http_server_properties();
1132 if (http_server_properties) 1140 if (http_server_properties)
1133 http_server_properties->SetSupportsSpdy(host_port_pair, true); 1141 http_server_properties->SetSupportsSpdy(host_port_pair, true);
1134 spdy_session_direct_ = direct;
1135 1142
1136 // Create a SpdyHttpStream attached to the session; 1143 // Create a SpdyHttpStream attached to the session;
1137 // OnNewSpdySessionReadyCallback is not called until an event loop 1144 // OnNewSpdySessionReadyCallback is not called until an event loop
1138 // iteration later, so if the SpdySession is closed between then, allow 1145 // iteration later, so if the SpdySession is closed between then, allow
1139 // reuse state from the underlying socket, sampled by SpdyHttpStream, 1146 // reuse state from the underlying socket, sampled by SpdyHttpStream,
1140 // bubble up to the request. 1147 // bubble up to the request.
1141 bool use_relative_url = direct || request_info_.url.SchemeIs("https"); 1148 bool use_relative_url = direct || request_info_.url.SchemeIs("https");
1142 stream_.reset(new SpdyHttpStream(new_spdy_session_, use_relative_url)); 1149 stream_.reset(new SpdyHttpStream(new_spdy_session_, use_relative_url));
1143 1150
1144 return OK; 1151 return OK;
(...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after
1493 (net::LOAD_MAIN_FRAME | net::LOAD_SUB_FRAME | net::LOAD_PREFETCH | 1500 (net::LOAD_MAIN_FRAME | net::LOAD_SUB_FRAME | net::LOAD_PREFETCH |
1494 net::LOAD_IS_DOWNLOAD)) { 1501 net::LOAD_IS_DOWNLOAD)) {
1495 // Avoid pipelining resources that may be streamed for a long time. 1502 // Avoid pipelining resources that may be streamed for a long time.
1496 return false; 1503 return false;
1497 } 1504 }
1498 return stream_factory_->http_pipelined_host_pool_.IsKeyEligibleForPipelining( 1505 return stream_factory_->http_pipelined_host_pool_.IsKeyEligibleForPipelining(
1499 *http_pipelining_key_.get()); 1506 *http_pipelining_key_.get());
1500 } 1507 }
1501 1508
1502 } // namespace net 1509 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/net.gypi » ('j') | net/spdy/spdy_network_transaction_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698