diff options
| author | toyoshim@chromium.org <toyoshim@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-14 04:36:55 +0000 |
|---|---|---|
| committer | toyoshim@chromium.org <toyoshim@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-14 04:36:55 +0000 |
| commit | bf1cd90d7193513172622e17eac4a02cbd9b6d78 (patch) | |
| tree | 1062947a5a925329c33a8bba14927bf7268fb219 | |
| parent | cdc894b735a6421780a8ad7ced4da2fb0a17439a (diff) | |
| download | chromium_src-bf1cd90d7193513172622e17eac4a02cbd9b6d78.zip chromium_src-bf1cd90d7193513172622e17eac4a02cbd9b6d78.tar.gz chromium_src-bf1cd90d7193513172622e17eac4a02cbd9b6d78.tar.bz2 | |
Merge 140978 - WebSocket: Client certificate authentication support for secure servers.
Currently, WebSocket supports client certificate authentication only for secure
proxies. This change enables it not only for proxies but also secure servers.
BUG=63158
TEST=only manual test with dev version of pywebsocket
Review URL: https://chromiumcodereview.appspot.com/10540026
TBR=toyoshim@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10545171
git-svn-id: svn://svn.chromium.org/chrome/branches/1132/src@142093 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | net/socket_stream/socket_stream.cc | 16 | ||||
| -rw-r--r-- | net/socket_stream/socket_stream.h | 2 |
2 files changed, 7 insertions, 11 deletions
diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc index fb191d6..f9d3eba 100644 --- a/net/socket_stream/socket_stream.cc +++ b/net/socket_stream/socket_stream.cc @@ -933,7 +933,7 @@ int SocketStream::DoSecureProxyHandleCertErrorComplete(int result) { DCHECK_EQ(STATE_NONE, next_state_); // Reconnect with client authentication. if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) - return HandleCertificateRequest(result); + return HandleCertificateRequest(result, &proxy_ssl_config_); if (result == OK) { if (!socket_->IsConnectedAndIdle()) @@ -991,7 +991,7 @@ int SocketStream::DoSSLHandleCertErrorComplete(int result) { // Reconnect with client authentication. if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) - return HandleCertificateRequest(result); + return HandleCertificateRequest(result, &server_ssl_config_); if (result == OK) { if (!socket_->IsConnectedAndIdle()) return AllowCertErrorForReconnection(&server_ssl_config_); @@ -1129,8 +1129,8 @@ int SocketStream::HandleAuthChallenge(const HttpResponseHeaders* headers) { return ERR_TUNNEL_CONNECTION_FAILED; } -int SocketStream::HandleCertificateRequest(int result) { - if (proxy_ssl_config_.send_client_cert) +int SocketStream::HandleCertificateRequest(int result, SSLConfig* ssl_config) { + if (ssl_config->send_client_cert) // We already have performed SSL client authentication once and failed. return result; @@ -1167,12 +1167,8 @@ int SocketStream::HandleCertificateRequest(int result) { if (!cert_still_valid) return result; - // TODO(toyoshim): To support SSL client authentication for not only secure - // proxy but also secure server, we must modify this function to take a - // SSLConfig* argument. - // http://crbug.com/63158 . - proxy_ssl_config_.send_client_cert = true; - proxy_ssl_config_.client_cert = client_cert; + ssl_config->send_client_cert = true; + ssl_config->client_cert = client_cert; next_state_ = STATE_TCP_CONNECT; return OK; } diff --git a/net/socket_stream/socket_stream.h b/net/socket_stream/socket_stream.h index 8942bed..dba36ca 100644 --- a/net/socket_stream/socket_stream.h +++ b/net/socket_stream/socket_stream.h @@ -316,7 +316,7 @@ class NET_EXPORT SocketStream GURL ProxyAuthOrigin() const; int HandleAuthChallenge(const HttpResponseHeaders* headers); - int HandleCertificateRequest(int result); + int HandleCertificateRequest(int result, SSLConfig* ssl_config); void DoAuthRequired(); void DoRestartWithAuth(); |