diff options
| author | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-03-30 21:09:30 +0000 |
|---|---|---|
| committer | markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-03-30 21:09:30 +0000 |
| commit | 3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b (patch) | |
| tree | ee0a2b866a939e678bedf426e858871706c41bff /net/base/ssl_client_socket_win.cc | |
| parent | f463787972e54c126d23d263613634d5fd777789 (diff) | |
| download | chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.zip chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.tar.gz chromium_src-3fd49f9bdbe56a9648cddc015bdb8bac02fe1a7b.tar.bz2 | |
Change the bad-certificate handler for SSL (using NSS) to return an
error.
This requires a few additional changes in the rest of the code. In
particular, we now have to teach HttpNetworkTransaction about how to
restart connections with bad certificates. This was originally
intended to be done by ReconnectIgnoringLastError(), but that API
turns out be very difficult to implement in the SSLClientSocket. So,
instead, we just create a completely new SSLClientSocket.
We also have to be careful to store a copy of the certificate from
within the bad-certificate handler, as it won't be available by the
time GetSSLInfo() is called.
And we fix a bug that would cause us to erroneously talk SSL on
reconnected TCP sockets, even though we were still supposed to
negotiate a proxy tunnel first.
Review URL: http://codereview.chromium.org/43115
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12809 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/ssl_client_socket_win.cc')
| -rw-r--r-- | net/base/ssl_client_socket_win.cc | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/net/base/ssl_client_socket_win.cc b/net/base/ssl_client_socket_win.cc index 832186f..1935bd9 100644 --- a/net/base/ssl_client_socket_win.cc +++ b/net/base/ssl_client_socket_win.cc @@ -280,12 +280,6 @@ int SSLClientSocketWin::Connect(CompletionCallback* callback) { return rv; } -int SSLClientSocketWin::ReconnectIgnoringLastError( - CompletionCallback* callback) { - // TODO(darin): implement me! - return ERR_FAILED; -} - void SSLClientSocketWin::Disconnect() { // TODO(wtc): Send SSL close_notify alert. completed_handshake_ = false; @@ -450,7 +444,13 @@ int SSLClientSocketWin::DoLoop(int last_io_result) { int SSLClientSocketWin::DoConnect() { next_state_ = STATE_CONNECT_COMPLETE; - return transport_->Connect(&io_callback_); + + // The caller has to make sure that the transport socket is connected. If + // it isn't, we will eventually fail when trying to negotiate an SSL session. + // But we cannot call transport_->Connect(), as we do not know if there is + // any proxy negotiation that needs to be performed prior to establishing + // the SSL session. + return OK; } int SSLClientSocketWin::DoConnectComplete(int result) { |