diff options
| author | davidben <davidben@chromium.org> | 2015-05-12 12:56:51 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-05-12 19:57:13 +0000 |
| commit | 421116c22292293f78c6ab15c7a8d6ca2fc1b68b (patch) | |
| tree | b94c456af47dc104a39fbe60d6b0d45066aa94cc /chrome_elf | |
| parent | cfaf5dcfb0371f395a9b8cfb9c835f6690e0ecbd (diff) | |
| download | chromium_src-421116c22292293f78c6ab15c7a8d6ca2fc1b68b.zip chromium_src-421116c22292293f78c6ab15c7a8d6ca2fc1b68b.tar.gz chromium_src-421116c22292293f78c6ab15c7a8d6ca2fc1b68b.tar.bz2 | |
Reject renegotiations in SSLClientSocket by default.
Only HTTP/1.1 (and below) sockets may renegotiate. This fix a
crash because SpdyHttpStream didn't account for this properly.
(And can't as the renego + client auth hack is inherently
incompatible with multiplexing.)
Tested manually against hacked up Go servers:
- HTTP/1.1 server which renegotiates with client auth before
sending a response on a fresh socket.
- Same as above but with a reused socket (the server only
requests renego when fetching /auth).
- HTTP/2 which incorrectly renegotiates with client auth upon
requesting /auth. Verified that we get ERR_SSL_PROTOCOL_ERROR
and not crash.
- HTTP/1.1 server which does two handshakes in a row with Finished
and HelloRequest in the same record. NSS and BoringSSL differ in
their behavior here, but in neither port should we miss the
renego.
BUG=484543,462283
Review URL: https://codereview.chromium.org/1131763002
Cr-Commit-Position: refs/heads/master@{#329466}
Diffstat (limited to 'chrome_elf')
0 files changed, 0 insertions, 0 deletions