Resubmitted code from revision 12809. The bug in the Windows SSL stack that

this code originally uncovered has been fixed in a separate changelist.


git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12876 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 10 insertions, 2 deletions

diff --git a/chrome/browser/ssl/ssl_policy.cc b/chrome/browser/ssl/ssl_policy.cc
index 9e796fa..5221c04 100644
--- a/chrome/browser/ssl/ssl_policy.cc
+++ b/chrome/browser/ssl/ssl_policy.cc
@@ -318,9 +318,13 @@ SSLErrorInfo SSLPolicy::GetSSLErrorInfo(SSLManager::CertError* error) {
 
 void SSLPolicy::OnDenyCertificate(SSLManager::CertError* error) {
   // Default behavior for rejecting a certificate.
-  error->CancelRequest();
+  //
+  // While DenyCertForHost() executes synchronously on this thread,
+  // CancelRequest() gets posted to a different thread. Calling
+  // DenyCertForHost() first ensures deterministic ordering.
   error->manager()->DenyCertForHost(error->ssl_info().cert,
                                     error->request_url().host());
+  error->CancelRequest();
 }
 
 void SSLPolicy::OnAllowCertificate(SSLManager::CertError* error) {
@@ -330,9 +334,13 @@ void SSLPolicy::OnAllowCertificate(SSLManager::CertError* error) {
   // new NavigationEntry will not be set until DidNavigate.  This is ok,
   // because the new NavigationEntry will have its max security style set
   // within DidNavigate.
-  error->ContinueRequest();
+  //
+  // While AllowCertForHost() executes synchronously on this thread,
+  // ContinueRequest() gets posted to a different thread. Calling
+  // AllowCertForHost() first ensures deterministic ordering.
   error->manager()->AllowCertForHost(error->ssl_info().cert,
                                      error->request_url().host());
+  error->ContinueRequest();
 }
 
 ////////////////////////////////////////////////////////////////////////////////