Index: net/http/http_stream_factory_impl_job.cc |
diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc |
index b360beee4418a65b5050f36f2840834f90255a72..b10628556996138afef444120e372c6ee5f6bc5f 100644 |
--- a/net/http/http_stream_factory_impl_job.cc |
+++ b/net/http/http_stream_factory_impl_job.cc |
@@ -1120,18 +1120,25 @@ int HttpStreamFactoryImpl::Job::DoCreateStream() { |
SpdySessionPool* spdy_pool = session_->spdy_session_pool(); |
spdy_session = spdy_pool->FindAvailableSession(spdy_session_key, net_log_); |
if (!spdy_session) { |
- new_spdy_session_ = |
+ base::WeakPtr<SpdySession> new_spdy_session = |
spdy_pool->CreateAvailableSessionFromSocket(spdy_session_key, |
connection_.Pass(), |
net_log_, |
spdy_certificate_error_, |
using_ssl_); |
+ if (!new_spdy_session->HasAcceptableTransportSecurity()) { |
+ new_spdy_session->CloseSessionOnError(ERR_SPDY_PROTOCOL_ERROR, |
+ "TLS security too low"); |
Johnny
2014/05/21 16:27:04
Create an ERR mapping for INADEQUATE_SECURITY [1]
willchan no longer on Chromium
2014/05/21 17:47:15
Done.
|
+ return ERR_SPDY_PROTOCOL_ERROR; |
+ } |
+ |
+ new_spdy_session_ = new_spdy_session; |
+ spdy_session_direct_ = direct; |
const HostPortPair& host_port_pair = spdy_session_key.host_port_pair(); |
base::WeakPtr<HttpServerProperties> http_server_properties = |
session_->http_server_properties(); |
if (http_server_properties) |
http_server_properties->SetSupportsSpdy(host_port_pair, true); |
- spdy_session_direct_ = direct; |
// Create a SpdyHttpStream attached to the session; |
// OnNewSpdySessionReadyCallback is not called until an event loop |