[ServiceWorker] Don't register ServiceWorker with an invalid HTTPS certificate.

content/browser/service_worker/service_worker_write_to_cache_job.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/service_worker/service_worker_write_to_cache_job.h"
 
 #include "base/debug/trace_event.h"
 #include "content/browser/service_worker/service_worker_context_core.h"
 #include "content/browser/service_worker/service_worker_disk_cache.h"
 #include "content/browser/service_worker/service_worker_metrics.h"
@@ skipping 287 matching lines @@
     net::SSLCertRequestInfo* cert_request_info) {
   DCHECK_EQ(net_request_, request);
   TRACE_EVENT0("ServiceWorker",
                "ServiceWorkerWriteToCacheJob::OnCertificateRequested");
   // TODO(michaeln): Pass this thru to our jobs client.
   // see NotifyCertificateRequested.
   AsyncNotifyDoneHelper(net::URLRequestStatus(
       net::URLRequestStatus::FAILED, net::ERR_FAILED));
 }
 
-void ServiceWorkerWriteToCacheJob:: OnSSLCertificateError(
+void ServiceWorkerWriteToCacheJob::OnSSLCertificateError(
     net::URLRequest* request,
     const net::SSLInfo& ssl_info,
     bool fatal) {
   DCHECK_EQ(net_request_, request);
   TRACE_EVENT0("ServiceWorker",
                "ServiceWorkerWriteToCacheJob::OnSSLCertificateError");
   // TODO(michaeln): Pass this thru to our jobs client,
   // see NotifySSLCertificateError.
   AsyncNotifyDoneHelper(net::URLRequestStatus(
-      net::URLRequestStatus::FAILED, net::ERR_FAILED));
+      net::URLRequestStatus::FAILED, net::ERR_INSECURE_RESPONSE));
 }
 
 void ServiceWorkerWriteToCacheJob::OnBeforeNetworkStart(
     net::URLRequest* request,
     bool* defer) {
   DCHECK_EQ(net_request_, request);
   TRACE_EVENT0("ServiceWorker",
                "ServiceWorkerWriteToCacheJob::OnBeforeNetworkStart");
   NotifyBeforeNetworkStart(defer);
 }
 
 void ServiceWorkerWriteToCacheJob::OnResponseStarted(
     net::URLRequest* request) {
   DCHECK_EQ(net_request_, request);
   if (!request->status().is_success()) {
     AsyncNotifyDoneHelper(request->status());
     return;
   }
   if (request->GetResponseCode() / 100 != 2) {
     AsyncNotifyDoneHelper(net::URLRequestStatus(
         net::URLRequestStatus::FAILED, net::ERR_FAILED));
     // TODO(michaeln): Instead of error'ing immediately, send the net
     // response to our consumer, just don't cache it?
     return;
   }
+  // OnSSLCertificateError is not called when the HTTPS connection is reused.
+  // So we check cert_status here.
+  if (net::IsCertStatusError(request->ssl_info().cert_status)) {
+    AsyncNotifyDoneHelper(net::URLRequestStatus(
+        net::URLRequestStatus::FAILED, net::ERR_INSECURE_RESPONSE));
+    return;
+  }
   // To prevent most user-uploaded content from being used as a serviceworker.
   if (version_->script_url() == url_) {
     std::string mime_type;
     request->GetMimeType(&mime_type);
     if (mime_type != "application/x-javascript" &&
         mime_type != "text/javascript" &&
         mime_type != "application/javascript") {
       AsyncNotifyDoneHelper(net::URLRequestStatus(
           net::URLRequestStatus::FAILED, net::ERR_INSECURE_RESPONSE));
       return;
@@ skipping 29 matching lines @@
     const net::URLRequestStatus& status) {
   DCHECK(!status.is_io_pending());
   DCHECK(!did_notify_finished_);
   version_->script_cache_map()->NotifyFinishedCaching(url_, status);
   did_notify_finished_ = true;
   SetStatus(status);
   NotifyDone(status);
 }
 
 }  // namespace content