diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-11 23:07:52 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-11 23:07:52 +0000 |
| commit | 563cbcc6bb0759b23ab67b5074f66de45f7b546a (patch) | |
| tree | e01ca3683194db3aeceae741c74d8d819e752b2b /net/base | |
| parent | 79b1f324791fec657c1f62ec7a4cbef5ab9057cc (diff) | |
| download | chromium_src-563cbcc6bb0759b23ab67b5074f66de45f7b546a.zip chromium_src-563cbcc6bb0759b23ab67b5074f66de45f7b546a.tar.gz chromium_src-563cbcc6bb0759b23ab67b5074f66de45f7b546a.tar.bz2 | |
net: detect and error out with ESET HTTPS interception + False Start
ESET products (anti-virus) and NetNanny can intercept HTTPS connections. However,
they're False Start intolerant. Rather than have connections hang
forever, we detect them by the leaf certificate's issuer common name
and give a helpful error message.
BUG=58152
TEST=Install ESET anti-virus. Configure to intercept HTTPS connections. Goto https://mail.google.com. Confirm that a helpful error page appears.
Review URL: http://codereview.chromium.org/3723001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@62209 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base')
| -rw-r--r-- | net/base/net_error_list.h | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h index 6e4c7b9..bd5e71e 100644 --- a/net/base/net_error_list.h +++ b/net/base/net_error_list.h @@ -180,12 +180,22 @@ NET_ERROR(SSL_WEAK_SERVER_EPHEMERAL_DH_KEY, -129) // of an HTTP proxy. NET_ERROR(PROXY_CONNECTION_FAILED, -130) -// This means that we tried a Snap Start connection and sent a request, -// predicting the server's NPN protocol support. However, after doing the -// actual handshake, our prediction turned out to be incorrect so we sent a -// request in the wrong protocol. +// We tried a Snap Start connection and sent a request, predicting the server's +// NPN protocol support. However, after doing the actual handshake, our +// prediction turned out to be incorrect so we sent a request in the wrong +// protocol. NET_ERROR(SSL_SNAP_START_NPN_MISPREDICTION, -131) +// We detected an ESET product intercepting our HTTPS connections. Since these +// products are False Start intolerant, we return this error so that we can +// give the user a helpful error message rather than have the connection hang. +NET_ERROR(ESET_ANTI_VIRUS_SSL_INTERCEPTION, -132) + +// We detected NetNanny intercepting our HTTPS connections. Since this product +// is False Start intolerant, we return this error so that we can give the user +// a helpful error message rather than have the connection hang. +NET_ERROR(NETNANNY_SSL_INTERCEPTION, -133) + // Certificate error codes // // The values of certificate error codes must be consecutive. |