Reverting, as this changelist broke unittests on Windows.

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12816 0039d316-1c4b-4281-b951-d872f2087c98
author: markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-03-30 22:23:51 +0000
committer: markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2009-03-30 22:23:51 +0000
commit: b9a9188da43a172c6b299e27075c1486fe4458e2 (patch)
tree: 6185d007f076e0487ec98e2d5f48e4f539bdc102 /net/base
parent: cfbbe386c810b373b198525c0d2dab5e4103ada7 (diff)
download: chromium_src-b9a9188da43a172c6b299e27075c1486fe4458e2.zip
chromium_src-b9a9188da43a172c6b299e27075c1486fe4458e2.tar.gz
chromium_src-b9a9188da43a172c6b299e27075c1486fe4458e2.tar.bz2
14 files changed, 74 insertions, 193 deletions
diff --git a/net/base/client_socket.h b/net/base/client_socket.h
index 3553d52..4d25b38 100644
--- a/net/base/client_socket.h
+++ b/net/base/client_socket.h
@@ -33,6 +33,11 @@ class ClientSocket : public Socket {
   //
   virtual int Connect(CompletionCallback* callback) = 0;
 
+  // If a non-fatal error occurs during Connect, the consumer can call this
+  // method to re-Connect ignoring the error that occured.  This call is only
+  // valid for certain errors.
+  virtual int ReconnectIgnoringLastError(CompletionCallback* callback) = 0;
+
   // Called to disconnect a connected socket.  Does nothing if the socket is
   // already disconnected.  After calling Disconnect it is possible to call
   // Connect again to establish a new connection.
diff --git a/net/base/client_socket_pool_unittest.cc b/net/base/client_socket_pool_unittest.cc
index dd51819..8849781 100644
--- a/net/base/client_socket_pool_unittest.cc
+++ b/net/base/client_socket_pool_unittest.cc
@@ -32,6 +32,9 @@ class MockClientSocket : public net::ClientSocket {
     connected_ = true;
     return net::OK;
   }
+  virtual int ReconnectIgnoringLastError(net::CompletionCallback* callback) {
+    return net::ERR_FAILED;
+  }
   virtual void Disconnect() {
     connected_ = false;
   }
diff --git a/net/base/ssl_client_socket.h b/net/base/ssl_client_socket.h
index 8c9f05b..21b120b 100644
--- a/net/base/ssl_client_socket.h
+++ b/net/base/ssl_client_socket.h
@@ -15,7 +15,8 @@ class SSLInfo;
 //
 // NOTE: The SSL handshake occurs within the Connect method after a TCP
 // connection is established.  If a SSL error occurs during the handshake,
-// Connect will fail.
+// Connect will fail.  The consumer may choose to ignore certain SSL errors,
+// such as a name mismatch, by calling ReconnectIgnoringLastError.
 //
 class SSLClientSocket : public ClientSocket {
  public:
diff --git a/net/base/ssl_client_socket_mac.cc b/net/base/ssl_client_socket_mac.cc
index c43a4d1..5ed6c67 100644
--- a/net/base/ssl_client_socket_mac.cc
+++ b/net/base/ssl_client_socket_mac.cc
@@ -279,6 +279,12 @@ int SSLClientSocketMac::Connect(CompletionCallback* callback) {
   return rv;
 }
 
+int SSLClientSocketMac::ReconnectIgnoringLastError(
+    CompletionCallback* callback) {
+  // TODO(darin): implement me!
+  return ERR_FAILED;
+}
+
 void SSLClientSocketMac::Disconnect() {
   completed_handshake_ = false;
 
@@ -445,13 +451,7 @@ int SSLClientSocketMac::DoLoop(int last_io_result) {
 
 int SSLClientSocketMac::DoConnect() {
   next_state_ = STATE_CONNECT_COMPLETE;
-
-  // The caller has to make sure that the transport socket is connected. If
-  // it isn't, we will eventually fail when trying to negotiate an SSL session.
-  // But we cannot call transport_->Connect(), as we do not know if there is
-  // any proxy negotiation that needs to be performed prior to establishing
-  // the SSL session.
-  return OK;
+  return transport_->Connect(&io_callback_);
 }
 
 int SSLClientSocketMac::DoConnectComplete(int result) {
diff --git a/net/base/ssl_client_socket_mac.h b/net/base/ssl_client_socket_mac.h
index 2efa031c..f195940 100644
--- a/net/base/ssl_client_socket_mac.h
+++ b/net/base/ssl_client_socket_mac.h
@@ -34,6 +34,7 @@ class SSLClientSocketMac : public SSLClientSocket {
 
   // ClientSocket methods:
   virtual int Connect(CompletionCallback* callback);
+  virtual int ReconnectIgnoringLastError(CompletionCallback* callback);
   virtual void Disconnect();
   virtual bool IsConnected() const;
   virtual bool IsConnectedAndIdle() const;
diff --git a/net/base/ssl_client_socket_nss.cc b/net/base/ssl_client_socket_nss.cc
index aeccee3..4777ddc 100644
--- a/net/base/ssl_client_socket_nss.cc
+++ b/net/base/ssl_client_socket_nss.cc
@@ -15,7 +15,6 @@
 #include <pk11pub.h>
 #undef Lock
 
-#include "base/compiler_specific.h"
 #include "base/logging.h"
 #include "base/nss_init.h"
 #include "base/string_util.h"
@@ -130,34 +129,6 @@ int SSLClientSocketNSS::Init() {
   return OK;
 }
 
-// As part of Connect(), the SSLClientSocketNSS object performs an SSL
-// handshake. This requires network IO, which in turn calls
-// BufferRecvComplete() with a non-zero byte count. This byte count eventually
-// winds its way through the state machine and ends up being passed to the
-// callback. For Read() and Write(), that's what we want. But for Connect(),
-// the caller expects OK (i.e. 0) for success.
-//
-// The ConnectCallbackWrapper object changes the argument that gets passed
-// to the callback function. Any positive value gets turned into OK.
-class ConnectCallbackWrapper :
-      public CompletionCallbackImpl<ConnectCallbackWrapper> {
- public:
-  ConnectCallbackWrapper(CompletionCallback* user_callback)
-      : ALLOW_THIS_IN_INITIALIZER_LIST(
-          CompletionCallbackImpl<ConnectCallbackWrapper>(this,
-                                 &ConnectCallbackWrapper::ReturnValueWrapper)),
-        user_callback_(user_callback) {
-  }
-
- private:
-  void ReturnValueWrapper(int rv) {
-    user_callback_->Run(rv > OK ? OK : rv);
-    delete this;
-  }
-
-  CompletionCallback* user_callback_;
-};
-
 int SSLClientSocketNSS::Connect(CompletionCallback* callback) {
   EnterFunction("");
   DCHECK(transport_.get());
@@ -167,38 +138,28 @@ int SSLClientSocketNSS::Connect(CompletionCallback* callback) {
   GotoState(STATE_CONNECT);
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)
-    user_callback_ = new ConnectCallbackWrapper(callback);
+    user_callback_ = callback;
 
   LeaveFunction("");
-  return rv > OK ? OK : rv;
+  return rv;
 }
 
-void SSLClientSocketNSS::InvalidateSessionIfBadCertificate() {
-  if (UpdateServerCert() != NULL &&
-      ssl_config_.allowed_bad_certs_.count(server_cert_)) {
-    SSL_InvalidateSession(nss_fd_);
-  }
+int SSLClientSocketNSS::ReconnectIgnoringLastError(
+        CompletionCallback* callback) {
+  EnterFunction("");
+  // TODO(darin): implement me!
+  LeaveFunction("");
+  return ERR_FAILED;
 }
 
 void SSLClientSocketNSS::Disconnect() {
   EnterFunction("");
-
-  // Reset object state
-  transport_send_busy_ = false;
-  transport_recv_busy_ = false;
-  user_buf_            = NULL;
-  user_buf_len_        = 0;
-  server_cert_error_   = OK;
-  completed_handshake_ = false;
-  nss_bufs_            = NULL;
-
   // TODO(wtc): Send SSL close_notify alert.
   if (nss_fd_ != NULL) {
-    InvalidateSessionIfBadCertificate();
     PR_Close(nss_fd_);
     nss_fd_ = NULL;
   }
-
+  completed_handshake_ = false;
   transport_->Disconnect();
   LeaveFunction("");
 }
@@ -268,20 +229,6 @@ int SSLClientSocketNSS::Write(const char* buf, int buf_len,
   return rv;
 }
 
-X509Certificate *SSLClientSocketNSS::UpdateServerCert() {
-  // We set the server_cert_ from OwnAuthCertHandler(), but this handler
-  // does not necessarily get called if we are continuing a cached SSL
-  // session.
-  if (server_cert_ == NULL) {
-    X509Certificate::OSCertHandle nss_cert = SSL_PeerCertificate(nss_fd_);
-    if (nss_cert) {
-      server_cert_ = X509Certificate::CreateFromHandle(
-          nss_cert, X509Certificate::SOURCE_FROM_NETWORK);
-    }
-  }
-  return server_cert_;
-}
-
 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
   EnterFunction("");
   ssl_info->Reset();
@@ -301,12 +248,13 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
       LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError()
                   << " for cipherSuite " << channel_info.cipherSuite;
     }
-    UpdateServerCert();
   }
   if (server_cert_error_ != net::OK)
     ssl_info->SetCertError(server_cert_error_);
-  DCHECK(server_cert_ != NULL);
-  ssl_info->cert = server_cert_;
+  X509Certificate::OSCertHandle nss_cert = SSL_PeerCertificate(nss_fd_);
+  if (nss_cert)
+    ssl_info->cert = X509Certificate::CreateFromHandle(nss_cert,
+                         X509Certificate::SOURCE_FROM_NETWORK);
   LeaveFunction("");
 }
 
@@ -407,6 +355,7 @@ void SSLClientSocketNSS::BufferRecvComplete(int result) {
   LeaveFunction("");
 }
 
+
 int SSLClientSocketNSS::DoLoop(int last_io_result) {
   EnterFunction(last_io_result);
   bool network_moved;
@@ -460,49 +409,20 @@ int SSLClientSocketNSS::DoLoop(int last_io_result) {
 int SSLClientSocketNSS::DoConnect() {
   EnterFunction("");
   GotoState(STATE_CONNECT_COMPLETE);
-
-  // The caller has to make sure that the transport socket is connected. If
-  // it isn't, we will eventually fail when trying to negotiate an SSL session.
-  // But we cannot call transport_->Connect(), as we do not know if there is
-  // any proxy negotiation that needs to be performed prior to establishing
-  // the SSL session.
-  return OK;
-}
-
-// static
-// NSS calls this if an incoming certificate needs to be verified.
-SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg,
-                                                 PRFileDesc* socket,
-                                                 PRBool checksig,
-                                                 PRBool is_server) {
-  SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
-
-  // Remember the certificate as it will no longer be accessible if the
-  // handshake fails.
-  that->UpdateServerCert();
-
-  return SSL_AuthCertificate(CERT_GetDefaultCertDB(), socket, checksig,
-                             is_server);
+  return transport_->Connect(&io_callback_);
 }
 
 // static
 // NSS calls this if an incoming certificate is invalid.
-SECStatus SSLClientSocketNSS::OwnBadCertHandler(void* arg,
-                                                PRFileDesc* socket) {
+SECStatus SSLClientSocketNSS::OwnBadCertHandler(void* arg, PRFileDesc* socket) {
   SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
-
-  if (that->server_cert_ &&
-      that->ssl_config_.allowed_bad_certs_.count(that->server_cert_)) {
-    LOG(INFO) << "accepting bad SSL certificate, as user told us to";
-
-    return SECSuccess;
-  }
   PRErrorCode prerr = PR_GetError();
   that->server_cert_error_ = NetErrorFromNSPRError(prerr);
   LOG(INFO) << "server certificate is invalid; NSS error code " << prerr
             << ", net error " << that->server_cert_error_;
-
-  return SECFailure;
+  // Return SECSuccess to override the problem.
+  // Chromium wants it to succeed here, and may abort the connection later.
+  return SECSuccess;
 }
 
 int SSLClientSocketNSS::DoConnectComplete(int result) {
@@ -583,10 +503,6 @@ int SSLClientSocketNSS::DoConnectComplete(int result) {
   if (rv != SECSuccess)
      return ERR_UNEXPECTED;
 
-  rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this);
-  if (rv != SECSuccess)
-     return ERR_UNEXPECTED;
-
   rv = SSL_BadCertHook(nss_fd_, OwnBadCertHandler, this);
   if (rv != SECSuccess)
      return ERR_UNEXPECTED;
@@ -604,14 +520,11 @@ int SSLClientSocketNSS::DoConnectComplete(int result) {
 
 int SSLClientSocketNSS::DoHandshakeRead() {
   EnterFunction("");
-  int net_error = net::OK;
+  int net_error;
   int rv = SSL_ForceHandshake(nss_fd_);
 
   if (rv == SECSuccess) {
-    DCHECK(server_cert_error_ == net::OK);
-
-    InvalidateSessionIfBadCertificate();
-
+    net_error = server_cert_error_;
     // there's a callback for this, too
     completed_handshake_ = true;
     // Done!
diff --git a/net/base/ssl_client_socket_nss.h b/net/base/ssl_client_socket_nss.h
index 89fe99e..9b77f94 100644
--- a/net/base/ssl_client_socket_nss.h
+++ b/net/base/ssl_client_socket_nss.h
@@ -17,8 +17,6 @@
 
 namespace net {
 
-class X509Certificate;
-
 // An SSL client socket implemented with Mozilla NSS.
 class SSLClientSocketNSS : public SSLClientSocket {
  public:
@@ -36,6 +34,7 @@ class SSLClientSocketNSS : public SSLClientSocket {
 
   // ClientSocket methods:
   virtual int Connect(CompletionCallback* callback);
+  virtual int ReconnectIgnoringLastError(CompletionCallback* callback);
   virtual void Disconnect();
   virtual bool IsConnected() const;
   virtual bool IsConnectedAndIdle() const;
@@ -45,8 +44,6 @@ class SSLClientSocketNSS : public SSLClientSocket {
   virtual int Write(const char* buf, int buf_len, CompletionCallback* callback);
 
  private:
-  void InvalidateSessionIfBadCertificate();
-  X509Certificate* UpdateServerCert();
   void DoCallback(int result);
   void OnIOComplete(int result);
 
@@ -62,12 +59,7 @@ class SSLClientSocketNSS : public SSLClientSocket {
   void BufferSendComplete(int result);
   void BufferRecvComplete(int result);
 
-  // NSS calls this when checking certificates. We pass 'this' as the first
-  // argument.
-  static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket,
-                                      PRBool checksig, PRBool is_server);
-
-  // NSS calls this on error.  We pass 'this' as the first argument.
+  // nss calls this on error.  We pass 'this' as the first argument.
   static SECStatus OwnBadCertHandler(void* arg, PRFileDesc* socket);
 
   CompletionCallbackImpl<SSLClientSocketNSS> buffer_send_callback_;
@@ -89,9 +81,6 @@ class SSLClientSocketNSS : public SSLClientSocket {
   // Set when handshake finishes.  Value is net error code, see net_errors.h
   int server_cert_error_;
 
-  // Set during handshake.
-  scoped_refptr<X509Certificate> server_cert_;
-
   bool completed_handshake_;
 
   enum State {
diff --git a/net/base/ssl_client_socket_unittest.cc b/net/base/ssl_client_socket_unittest.cc
index 7c7b170..7b551fe 100644
--- a/net/base/ssl_client_socket_unittest.cc
+++ b/net/base/ssl_client_socket_unittest.cc
@@ -79,14 +79,8 @@ TEST_F(SSLClientSocketTest, MAYBE_Connect) {
                             &addr, NULL);
   EXPECT_EQ(net::OK, rv);
 
-  net::ClientSocket *transport = new net::TCPClientSocket(addr);
-  rv = transport->Connect(&callback);
-  if (rv == net::ERR_IO_PENDING)
-    rv = callback.WaitForResult();
-  EXPECT_EQ(net::OK, rv);
-
   scoped_ptr<net::SSLClientSocket> sock(
-      socket_factory_->CreateSSLClientSocket(transport,
+      socket_factory_->CreateSSLClientSocket(new net::TCPClientSocket(addr),
           server_.kHostName, kDefaultSSLConfig));
 
   EXPECT_FALSE(sock->IsConnected());
@@ -117,14 +111,8 @@ TEST_F(SSLClientSocketTest, MAYBE_ConnectExpired) {
                             &addr, NULL);
   EXPECT_EQ(net::OK, rv);
 
-  net::ClientSocket *transport = new net::TCPClientSocket(addr);
-  rv = transport->Connect(&callback);
-  if (rv == net::ERR_IO_PENDING)
-    rv = callback.WaitForResult();
-  EXPECT_EQ(net::OK, rv);
-
   scoped_ptr<net::SSLClientSocket> sock(
-      socket_factory_->CreateSSLClientSocket(transport,
+      socket_factory_->CreateSSLClientSocket(new net::TCPClientSocket(addr),
           server_.kHostName, kDefaultSSLConfig));
 
   EXPECT_FALSE(sock->IsConnected());
@@ -138,9 +126,7 @@ TEST_F(SSLClientSocketTest, MAYBE_ConnectExpired) {
     EXPECT_EQ(net::ERR_CERT_DATE_INVALID, rv);
   }
 
-  // We cannot test sock->IsConnected(), as the NSS implementation disconnects
-  // the socket when it encounters an error, whereas other implementations
-  // leave it connected.
+  EXPECT_TRUE(sock->IsConnected());
 }
 
 TEST_F(SSLClientSocketTest, MAYBE_ConnectMismatched) {
@@ -154,14 +140,8 @@ TEST_F(SSLClientSocketTest, MAYBE_ConnectMismatched) {
                             &addr, NULL);
   EXPECT_EQ(net::OK, rv);
 
-  net::ClientSocket *transport = new net::TCPClientSocket(addr);
-  rv = transport->Connect(&callback);
-  if (rv == net::ERR_IO_PENDING)
-    rv = callback.WaitForResult();
-  EXPECT_EQ(net::OK, rv);
-
   scoped_ptr<net::SSLClientSocket> sock(
-      socket_factory_->CreateSSLClientSocket(transport,
+      socket_factory_->CreateSSLClientSocket(new net::TCPClientSocket(addr),
           server_.kMismatchedHostName, kDefaultSSLConfig));
 
   EXPECT_FALSE(sock->IsConnected());
@@ -175,9 +155,13 @@ TEST_F(SSLClientSocketTest, MAYBE_ConnectMismatched) {
     EXPECT_EQ(net::ERR_CERT_COMMON_NAME_INVALID, rv);
   }
 
-  // We cannot test sock->IsConnected(), as the NSS implementation disconnects
-  // the socket when it encounters an error, whereas other implementations
-  // leave it connected.
+  // The Windows code happens to keep the connection
+  // open now in spite of an error.  The designers of
+  // this API intended to also allow the connection
+  // to be closed on error, in which case the caller
+  // should call ReconnectIgnoringLastError, but
+  // that's currently unimplemented.
+  EXPECT_TRUE(sock->IsConnected());
 }
 
 // TODO(wtc): Add unit tests for IsConnectedAndIdle:
@@ -199,14 +183,8 @@ TEST_F(SSLClientSocketTest, MAYBE_Read) {
   rv = callback.WaitForResult();
   EXPECT_EQ(net::OK, rv);
 
-  net::ClientSocket *transport = new net::TCPClientSocket(addr);
-  rv = transport->Connect(&callback);
-  if (rv == net::ERR_IO_PENDING)
-    rv = callback.WaitForResult();
-  EXPECT_EQ(net::OK, rv);
-
   scoped_ptr<net::SSLClientSocket> sock(
-      socket_factory_->CreateSSLClientSocket(transport,
+      socket_factory_->CreateSSLClientSocket(new net::TCPClientSocket(addr),
                                              server_.kHostName,
                                              kDefaultSSLConfig));
 
@@ -253,14 +231,8 @@ TEST_F(SSLClientSocketTest, MAYBE_Read_SmallChunks) {
                             &addr, NULL);
   EXPECT_EQ(net::OK, rv);
 
-  net::ClientSocket *transport = new net::TCPClientSocket(addr);
-  rv = transport->Connect(&callback);
-  if (rv == net::ERR_IO_PENDING)
-    rv = callback.WaitForResult();
-  EXPECT_EQ(net::OK, rv);
-
   scoped_ptr<net::SSLClientSocket> sock(
-      socket_factory_->CreateSSLClientSocket(transport,
+      socket_factory_->CreateSSLClientSocket(new net::TCPClientSocket(addr),
           server_.kHostName, kDefaultSSLConfig));
 
   rv = sock->Connect(&callback);
@@ -305,14 +277,8 @@ TEST_F(SSLClientSocketTest, MAYBE_Read_Interrupted) {
                             &addr, NULL);
   EXPECT_EQ(net::OK, rv);
 
-  net::ClientSocket *transport = new net::TCPClientSocket(addr);
-  rv = transport->Connect(&callback);
-  if (rv == net::ERR_IO_PENDING)
-    rv = callback.WaitForResult();
-  EXPECT_EQ(net::OK, rv);
-
   scoped_ptr<net::SSLClientSocket> sock(
-      socket_factory_->CreateSSLClientSocket(transport,
+      socket_factory_->CreateSSLClientSocket(new net::TCPClientSocket(addr),
           server_.kHostName, kDefaultSSLConfig));
 
   rv = sock->Connect(&callback);
diff --git a/net/base/ssl_client_socket_win.cc b/net/base/ssl_client_socket_win.cc
index 1935bd9..832186f 100644
--- a/net/base/ssl_client_socket_win.cc
+++ b/net/base/ssl_client_socket_win.cc
@@ -280,6 +280,12 @@ int SSLClientSocketWin::Connect(CompletionCallback* callback) {
   return rv;
 }
 
+int SSLClientSocketWin::ReconnectIgnoringLastError(
+    CompletionCallback* callback) {
+  // TODO(darin): implement me!
+  return ERR_FAILED;
+}
+
 void SSLClientSocketWin::Disconnect() {
   // TODO(wtc): Send SSL close_notify alert.
   completed_handshake_ = false;
@@ -444,13 +450,7 @@ int SSLClientSocketWin::DoLoop(int last_io_result) {
 
 int SSLClientSocketWin::DoConnect() {
   next_state_ = STATE_CONNECT_COMPLETE;
-
-  // The caller has to make sure that the transport socket is connected. If
-  // it isn't, we will eventually fail when trying to negotiate an SSL session.
-  // But we cannot call transport_->Connect(), as we do not know if there is
-  // any proxy negotiation that needs to be performed prior to establishing
-  // the SSL session.
-  return OK;
+  return transport_->Connect(&io_callback_);
 }
 
 int SSLClientSocketWin::DoConnectComplete(int result) {
diff --git a/net/base/ssl_client_socket_win.h b/net/base/ssl_client_socket_win.h
index a3935f6..68eb24d 100644
--- a/net/base/ssl_client_socket_win.h
+++ b/net/base/ssl_client_socket_win.h
@@ -39,6 +39,7 @@ class SSLClientSocketWin : public SSLClientSocket {
 
   // ClientSocket methods:
   virtual int Connect(CompletionCallback* callback);
+  virtual int ReconnectIgnoringLastError(CompletionCallback* callback);
   virtual void Disconnect();
   virtual bool IsConnected() const;
   virtual bool IsConnectedAndIdle() const;
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 8d1edb1..96d42a2 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -5,10 +5,7 @@
 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H__
 #define NET_BASE_SSL_CONFIG_SERVICE_H__
 
-#include <set>
-
 #include "base/time.h"
-#include "net/base/x509_certificate.h"
 
 namespace net {
 
@@ -26,12 +23,6 @@ struct SSLConfig {
   bool ssl2_enabled;  // True if SSL 2.0 is enabled.
   bool ssl3_enabled;  // True if SSL 3.0 is enabled.
   bool tls1_enabled;  // True if TLS 1.0 is enabled.
-
-  // Add any known-bad SSL certificates to allowed_bad_certs_ that should not
-  // trigger a certificate error when calling SSLClientSocket::Connect.
-  // This would normally be done in response to the user explicitly accepting
-  // the bad certificate.
-  std::set<scoped_refptr<X509Certificate> > allowed_bad_certs_;
 };
 
 // This class is responsible for getting and setting the SSL configuration.
diff --git a/net/base/tcp_client_socket.h b/net/base/tcp_client_socket.h
index 729bbbc..b846836 100644
--- a/net/base/tcp_client_socket.h
+++ b/net/base/tcp_client_socket.h
@@ -46,6 +46,7 @@ class TCPClientSocket : public ClientSocket,
 
   // ClientSocket methods:
   virtual int Connect(CompletionCallback* callback);
+  virtual int ReconnectIgnoringLastError(CompletionCallback* callback);
   virtual void Disconnect();
   virtual bool IsConnected() const;
   virtual bool IsConnectedAndIdle() const;
diff --git a/net/base/tcp_client_socket_libevent.cc b/net/base/tcp_client_socket_libevent.cc
index 8d51dbf..204b700 100644
--- a/net/base/tcp_client_socket_libevent.cc
+++ b/net/base/tcp_client_socket_libevent.cc
@@ -126,6 +126,11 @@ int TCPClientSocket::Connect(CompletionCallback* callback) {
   return ERR_IO_PENDING;
 }
 
+int TCPClientSocket::ReconnectIgnoringLastError(CompletionCallback* callback) {
+  // No ignorable errors!
+  return ERR_UNEXPECTED;
+}
+
 void TCPClientSocket::Disconnect() {
   if (socket_ == kInvalidSocket)
     return;
diff --git a/net/base/tcp_client_socket_win.cc b/net/base/tcp_client_socket_win.cc
index 2ed1493..29d560d 100644
--- a/net/base/tcp_client_socket_win.cc
+++ b/net/base/tcp_client_socket_win.cc
@@ -106,6 +106,11 @@ int TCPClientSocket::Connect(CompletionCallback* callback) {
   return ERR_IO_PENDING;
 }
 
+int TCPClientSocket::ReconnectIgnoringLastError(CompletionCallback* callback) {
+  // No ignorable errors!
+  return ERR_UNEXPECTED;
+}
+
 void TCPClientSocket::Disconnect() {
   if (socket_ == INVALID_SOCKET)
     return;
author	markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-03-30 22:23:51 +0000
committer	markus@chromium.org <markus@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2009-03-30 22:23:51 +0000
commit	b9a9188da43a172c6b299e27075c1486fe4458e2 (patch)
tree	6185d007f076e0487ec98e2d5f48e4f539bdc102 /net/base
parent	cfbbe386c810b373b198525c0d2dab5e4103ada7 (diff)
download	chromium_src-b9a9188da43a172c6b299e27075c1486fe4458e2.zip chromium_src-b9a9188da43a172c6b299e27075c1486fe4458e2.tar.gz chromium_src-b9a9188da43a172c6b299e27075c1486fe4458e2.tar.bz2