diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-05 19:54:14 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-04-05 19:54:14 +0000 |
| commit | 53a17e24bba43fb1c6b11303b02cce4dfaa2b65d (patch) | |
| tree | 3ff7fb87980d94aef7efd72fde11465a2211d529 /net/http | |
| parent | ff268ff5dc3e23701eadda8f72a3f25a56e1797c (diff) | |
| download | chromium_src-53a17e24bba43fb1c6b11303b02cce4dfaa2b65d.zip chromium_src-53a17e24bba43fb1c6b11303b02cce4dfaa2b65d.tar.gz chromium_src-53a17e24bba43fb1c6b11303b02cce4dfaa2b65d.tar.bz2 | |
net: remove forced renegotiation checks
We lost this battle. We had to step back from requirement the renegotiation
extension, even on sites which we know support it, because of the number of
MITM proxies.
Since there doesn't seem to be any way forward, this change removes the code.
BUG=55410
TEST=compiles
Review URL: http://codereview.chromium.org/6792032
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@80513 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http')
| -rw-r--r-- | net/http/http_network_transaction.cc | 3 | ||||
| -rw-r--r-- | net/http/http_stream_factory_impl_job.cc | 5 |
2 files changed, 1 insertions, 7 deletions
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index e97ec89..d396c96 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -1096,8 +1096,7 @@ int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: case ERR_SSL_DECOMPRESSION_FAILURE_ALERT: case ERR_SSL_BAD_RECORD_MAC_ALERT: - if (ssl_config_.tls1_enabled && - !SSLConfigService::IsKnownStrictTLSServer(request_->url.host())) { + if (ssl_config_.tls1_enabled) { // This could be a TLS-intolerant server, an SSL 3.0 server that // chose a TLS-only cipher suite or a server with buggy DEFLATE // support. Turn off TLS 1.0, DEFLATE support and retry. diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc index d0f1d6f..09c17ea 100644 --- a/net/http/http_stream_factory_impl_job.cc +++ b/net/http/http_stream_factory_impl_job.cc @@ -886,11 +886,6 @@ void HttpStreamFactoryImpl::Job::InitSSLConfig( if (request_info_.load_flags & LOAD_VERIFY_EV_CERT) ssl_config->verify_ev_cert = true; - - if (proxy_info_.proxy_server().scheme() == ProxyServer::SCHEME_HTTP || - proxy_info_.proxy_server().scheme() == ProxyServer::SCHEME_HTTPS) { - ssl_config->mitm_proxies_allowed = true; - } } |