Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(404)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_transaction_winhttp.cc

Issue 7242: The Schannel considers some cipher suites (e.g., the... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 12 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/base/net_error_list.h ('K') | « net/http/http_network_transaction.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_transaction_winhttp.h" 5 #include "net/http/http_transaction_winhttp.h"
6 6
7 #include <winhttp.h> 7 #include <winhttp.h>
8 8
9 #include "base/lock.h" 9 #include "base/lock.h"
10 #include "base/memory_debug.h" 10 #include "base/memory_debug.h"
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
51 case ERROR_WINHTTP_INVALID_URL: 51 case ERROR_WINHTTP_INVALID_URL:
52 return ERR_INVALID_URL; 52 return ERR_INVALID_URL;
53 case ERROR_WINHTTP_NAME_NOT_RESOLVED: 53 case ERROR_WINHTTP_NAME_NOT_RESOLVED:
54 return ERR_NAME_NOT_RESOLVED; 54 return ERR_NAME_NOT_RESOLVED;
55 case ERROR_WINHTTP_OPERATION_CANCELLED: 55 case ERROR_WINHTTP_OPERATION_CANCELLED:
56 return ERR_ABORTED; 56 return ERR_ABORTED;
57 case ERROR_WINHTTP_SECURE_CHANNEL_ERROR: 57 case ERROR_WINHTTP_SECURE_CHANNEL_ERROR:
58 case ERROR_WINHTTP_SECURE_FAILURE: 58 case ERROR_WINHTTP_SECURE_FAILURE:
59 case SEC_E_ILLEGAL_MESSAGE: 59 case SEC_E_ILLEGAL_MESSAGE:
60 return ERR_SSL_PROTOCOL_ERROR; 60 return ERR_SSL_PROTOCOL_ERROR;
61 case SEC_E_ALGORITHM_MISMATCH:
62 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
61 case ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED: 63 case ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED:
62 return ERR_SSL_CLIENT_AUTH_CERT_NEEDED; 64 return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
63 case ERROR_WINHTTP_UNRECOGNIZED_SCHEME: 65 case ERROR_WINHTTP_UNRECOGNIZED_SCHEME:
64 return ERR_UNKNOWN_URL_SCHEME; 66 return ERR_UNKNOWN_URL_SCHEME;
65 case ERROR_WINHTTP_INVALID_SERVER_RESPONSE: 67 case ERROR_WINHTTP_INVALID_SERVER_RESPONSE:
66 return ERR_INVALID_RESPONSE; 68 return ERR_INVALID_RESPONSE;
67 69
68 // SSL certificate errors 70 // SSL certificate errors
69 case ERROR_WINHTTP_SECURE_CERT_CN_INVALID: 71 case ERROR_WINHTTP_SECURE_CERT_CN_INVALID:
70 return ERR_CERT_COMMON_NAME_INVALID; 72 return ERR_CERT_COMMON_NAME_INVALID;
(...skipping 1265 matching lines...) Expand 10 before | Expand all | Expand 10 after
1336 load_flags_); 1338 load_flags_);
1337 // If load_flags_ ignores all the errors in secure_failure, we shouldn't 1339 // If load_flags_ ignores all the errors in secure_failure, we shouldn't
1338 // get the ERROR_WINHTTP_SECURE_FAILURE error. 1340 // get the ERROR_WINHTTP_SECURE_FAILURE error.
1339 DCHECK(filtered_secure_failure || !secure_failure); 1341 DCHECK(filtered_secure_failure || !secure_failure);
1340 error = MapSecureFailureToError(filtered_secure_failure); 1342 error = MapSecureFailureToError(filtered_secure_failure);
1341 } 1343 }
1342 1344
1343 last_error_ = error; 1345 last_error_ = error;
1344 rv = TranslateOSError(error); 1346 rv = TranslateOSError(error);
1345 1347
1346 if (rv == ERR_SSL_PROTOCOL_ERROR && 1348 if ((rv == ERR_SSL_PROTOCOL_ERROR ||
1349 rv == ERR_SSL_VERSION_OR_CIPHER_MISMATCH) &&
1347 !session_callback_->request_was_probably_sent() && 1350 !session_callback_->request_was_probably_sent() &&
1348 session_->tls_enabled() && !is_tls_intolerant_) { 1351 session_->tls_enabled() && !is_tls_intolerant_) {
1349 // The server might be TLS intolerant. Downgrade to SSL 3.0 and retry. 1352 // The server might be TLS intolerant. Or it might be an SSL 3.0 server
1353 // that chose a TLS-only cipher suite, which we handle in the same way.
1354 // Downgrade to SSL 3.0 and retry.
1350 is_tls_intolerant_ = true; 1355 is_tls_intolerant_ = true;
1351 if (!ReopenRequest()) 1356 if (!ReopenRequest())
1352 return TranslateLastOSError(); 1357 return TranslateLastOSError();
1353 CompletionCallback* callback = callback_; 1358 CompletionCallback* callback = callback_;
1354 callback_ = NULL; 1359 callback_ = NULL;
1355 return Restart(callback); 1360 return Restart(callback);
1356 } 1361 }
1357 if (rv == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) { 1362 if (rv == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
1358 // TODO(wtc): Bug 1230409: We don't support SSL client authentication yet. 1363 // TODO(wtc): Bug 1230409: We don't support SSL client authentication yet.
1359 // For now we set a null client certificate, which works on XP SP3, Vista 1364 // For now we set a null client certificate, which works on XP SP3, Vista
(...skipping 425 matching lines...) Expand 10 before | Expand all | Expand 10 after
1785 1790
1786 if (rv == ERR_IO_PENDING) { 1791 if (rv == ERR_IO_PENDING) {
1787 session_callback_->AddRef(); // balanced when callback runs. 1792 session_callback_->AddRef(); // balanced when callback runs.
1788 } else if (callback_) { 1793 } else if (callback_) {
1789 DoCallback(rv); 1794 DoCallback(rv);
1790 } 1795 }
1791 } 1796 }
1792 1797
1793 } // namespace net 1798 } // namespace net
1794 1799
OLDNEW
« net/base/net_error_list.h ('K') | « net/http/http_network_transaction.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698