Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(777)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/http/http_stream_factory_impl_job.cc

Issue 291093002: Fail the SPDY transaction if it does not meet TLS base requirements. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/net.gypi » ('j') | net/spdy/spdy_network_transaction_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/http/http_stream_factory_impl_job.cc
diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc
index 5f12baaf8cdf2ecbbf755cf950322c073e833338..fe4ae66a19cbe0ad523f21a84ed620185f2fec2d 100644
--- a/net/http/http_stream_factory_impl_job.cc
+++ b/net/http/http_stream_factory_impl_job.cc
@@ -41,6 +41,7 @@
#include "net/spdy/spdy_session.h"
#include "net/spdy/spdy_session_pool.h"
#include "net/ssl/ssl_cert_request_info.h"
+#include "net/ssl/ssl_connection_status_flags.h"
namespace net {
@@ -1119,18 +1120,38 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() {
SpdySessionPool* spdy_pool = session_->spdy_session_pool();
spdy_session = spdy_pool->FindAvailableSession(spdy_session_key, net_log_);
if (!spdy_session) {
- new_spdy_session_ =
+ SSLInfo ssl_info;
+ if (using_ssl_) {
+ SSLClientSocket* ssl_socket =
+ static_cast<SSLClientSocket*>(connection_->socket());
+ ssl_socket->GetSSLInfo(&ssl_info);
+ }
+
+ base::WeakPtr<SpdySession> new_spdy_session =
spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key,
connection_.Pass(),
net_log_,
spdy_certificate_error_,
using_ssl_);
+ if (using_ssl_) {
+ if (SSLConnectionStatusToVersion(ssl_info.connection_status) <
+ SSL_CONNECTION_VERSION_TLS1_2) {
+ new_spdy_session->CloseSessionOnError(
+ ERR_SPDY_PROTOCOL_ERROR,
+ base::StringPrintf(
+ "TLS Version[%d] too old",
+ SSLConnectionStatusToVersion(ssl_info.connection_status)));
+ return ERR_SPDY_PROTOCOL_ERROR;
+ }
+ }
+
+ new_spdy_session_ = new_spdy_session;
+ spdy_session_direct_ = direct;
const HostPortPair& host_port_pair = spdy_session_key.host_port_pair();
base::WeakPtr<HttpServerProperties> http_server_properties =
session_->http_server_properties();
if (http_server_properties)
http_server_properties->SetSupportsSpdy(host_port_pair, true);
- spdy_session_direct_ = direct;
// Create a SpdyHttpStream attached to the session;
// OnNewSpdySessionReadyCallback is not called until an event loop
« no previous file with comments | « no previous file | net/net.gypi » ('j') | net/spdy/spdy_network_transaction_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698