| Index: trunk/src/net/spdy/spdy_session.cc
|
| ===================================================================
|
| --- trunk/src/net/spdy/spdy_session.cc (revision 290385)
|
| +++ trunk/src/net/spdy/spdy_session.cc (working copy)
|
| @@ -29,12 +29,10 @@
|
| #include "net/base/net_log.h"
|
| #include "net/base/net_util.h"
|
| #include "net/cert/asn1_util.h"
|
| -#include "net/cert/cert_verify_result.h"
|
| #include "net/http/http_log_util.h"
|
| #include "net/http/http_network_session.h"
|
| #include "net/http/http_server_properties.h"
|
| #include "net/http/http_util.h"
|
| -#include "net/http/transport_security_state.h"
|
| #include "net/spdy/spdy_buffer_producer.h"
|
| #include "net/spdy/spdy_frame_builder.h"
|
| #include "net/spdy/spdy_http_utils.h"
|
| @@ -531,47 +529,9 @@
|
|
|
| SpdySession::PushedStreamInfo::~PushedStreamInfo() {}
|
|
|
| -// static
|
| -bool SpdySession::CanPool(TransportSecurityState* transport_security_state,
|
| - const SSLInfo& ssl_info,
|
| - const std::string& old_hostname,
|
| - const std::string& new_hostname) {
|
| - // Pooling is prohibited if the server cert is not valid for the new domain,
|
| - // and for connections on which client certs were sent. It is also prohibited
|
| - // when channel ID was sent if the hosts are from different eTLDs+1.
|
| - if (IsCertStatusError(ssl_info.cert_status))
|
| - return false;
|
| -
|
| - if (ssl_info.client_cert_sent)
|
| - return false;
|
| -
|
| - if (ssl_info.channel_id_sent &&
|
| - ChannelIDService::GetDomainForHost(new_hostname) !=
|
| - ChannelIDService::GetDomainForHost(old_hostname)) {
|
| - return false;
|
| - }
|
| -
|
| - bool unused = false;
|
| - if (!ssl_info.cert->VerifyNameMatch(new_hostname, &unused))
|
| - return false;
|
| -
|
| - std::string pinning_failure_log;
|
| - if (!transport_security_state->CheckPublicKeyPins(
|
| - new_hostname,
|
| - true, /* sni_available */
|
| - ssl_info.is_issued_by_known_root,
|
| - ssl_info.public_key_hashes,
|
| - &pinning_failure_log)) {
|
| - return false;
|
| - }
|
| -
|
| - return true;
|
| -}
|
| -
|
| SpdySession::SpdySession(
|
| const SpdySessionKey& spdy_session_key,
|
| const base::WeakPtr<HttpServerProperties>& http_server_properties,
|
| - TransportSecurityState* transport_security_state,
|
| bool verify_domain_authentication,
|
| bool enable_sending_initial_data,
|
| bool enable_compression,
|
| @@ -587,7 +547,6 @@
|
| spdy_session_key_(spdy_session_key),
|
| pool_(NULL),
|
| http_server_properties_(http_server_properties),
|
| - transport_security_state_(transport_security_state),
|
| read_buffer_(new IOBuffer(kReadBufferSize)),
|
| stream_hi_water_mark_(kFirstStreamId),
|
| num_pushed_streams_(0u),
|
| @@ -755,8 +714,18 @@
|
| if (!GetSSLInfo(&ssl_info, &was_npn_negotiated, &protocol_negotiated))
|
| return true; // This is not a secure session, so all domains are okay.
|
|
|
| - return CanPool(transport_security_state_, ssl_info,
|
| - host_port_pair().host(), domain);
|
| + // Disable pooling for secure sessions.
|
| + // TODO(rch): re-enable this.
|
| + return false;
|
| +#if 0
|
| + bool unused = false;
|
| + return
|
| + !ssl_info.client_cert_sent &&
|
| + (!ssl_info.channel_id_sent ||
|
| + (ChannelIDService::GetDomainForHost(domain) ==
|
| + ChannelIDService::GetDomainForHost(host_port_pair().host()))) &&
|
| + ssl_info.cert->VerifyNameMatch(domain, &unused);
|
| +#endif
|
| }
|
|
|
| int SpdySession::GetPushStream(
|
|
|
Chromium Code Reviews
Issue 485943004:
Revert 290320 "Refactor pooling logic into a helper method" (Closed)
Base URL: svn://svn.chromium.org/chrome/