Return more specific error messages when performing a SSL client auth handshake and an error signing with the certificate private key is encountered, rather than using ERR_FAILED/ERR_SSL_PROTOCOL_ERROR.

BUG=69609
TEST=none

Review URL: http://codereview.chromium.org/6371014

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@73891 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 14 insertions, 2 deletions

diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index a31fb17..e0967c6 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -77,6 +77,19 @@ void ProcessAlternateProtocol(HttpStreamFactory* factory,
                                     http_host_port_pair);
 }
 
+// Returns true if |error| is a client certificate authentication error.
+bool IsClientCertificateError(int error) {
+  switch (error) {
+    case ERR_BAD_SSL_CLIENT_AUTH_CERT:
+    case ERR_SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED:
+    case ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY:
+    case ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED:
+      return true;
+    default:
+      return false;
+  }
+}
+
 }  // namespace
 
 //-----------------------------------------------------------------------------
@@ -1019,8 +1032,7 @@ int HttpNetworkTransaction::HandleCertificateRequest(int error) {
 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
   DCHECK(request_);
   if (ssl_config_.send_client_cert &&
-      (error == ERR_SSL_PROTOCOL_ERROR ||
-       error == ERR_BAD_SSL_CLIENT_AUTH_CERT)) {
+      (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) {
     session_->ssl_client_auth_cache()->Remove(
         GetHostAndPort(request_->url));
   }