Merge 255850 "Fail QUIC requests for secure resources over insec..."

> Fail QUIC requests for secure resources over insecure connections.
> 
> BUG=350533
> 
> Review URL: https://codereview.chromium.org/189513006

TBR=rch@chromium.org

Review URL: https://codereview.chromium.org/190133004

git-svn-id: svn://svn.chromium.org/chrome/branches/1847/src@255868 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 10 insertions, 0 deletions

diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h
index 5ceaf44..b2ddd4a 100644
--- a/net/base/net_error_list.h
+++ b/net/base/net_error_list.h
@@ -572,6 +572,9 @@ NET_ERROR(RESPONSE_HEADERS_TRUNCATED, -357)
 // to read any requests sent, so they may be resent.
 NET_ERROR(QUIC_HANDSHAKE_FAILED, -358)
 
+// An https resource was requested over an insecure QUIC connection.
+NET_ERROR(REQUEST_FOR_SECURE_RESOURCE_OVER_INSECURE_QUIC, -359)
+
 // The cache does not have the requested entry.
 NET_ERROR(CACHE_MISS, -400)
 
diff --git a/net/quic/quic_http_stream.cc b/net/quic/quic_http_stream.cc
index 992f254..8b70d0b 100644
--- a/net/quic/quic_http_stream.cc
+++ b/net/quic/quic_http_stream.cc
@@ -59,6 +59,13 @@ int QuicHttpStream::InitializeStream(const HttpRequestInfo* request_info,
     return was_handshake_confirmed_ ? ERR_CONNECTION_CLOSED :
         ERR_QUIC_HANDSHAKE_FAILED;
 
+  if (request_info->url.SchemeIsSecure()) {
+    SSLInfo ssl_info;
+    if (!session_->GetSSLInfo(&ssl_info) || !ssl_info.cert) {
+      return ERR_REQUEST_FOR_SECURE_RESOURCE_OVER_INSECURE_QUIC;
+    }
+  }
+
   stream_net_log_ = stream_net_log;
   request_info_ = request_info;
   priority_ = priority;