diff options
| author | mbelshe@chromium.org <mbelshe@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-03 00:30:50 +0000 |
|---|---|---|
| committer | mbelshe@chromium.org <mbelshe@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-03 00:30:50 +0000 |
| commit | 3ce7df0f4d45cf53692d3b393984b9153db1682c (patch) | |
| tree | 27aa699c434c356c1180870fb86dfd0fd7dc44e9 /net/http | |
| parent | 918efd45e6af4dfadbea8e3d862e79032be3d014 (diff) | |
| download | chromium_src-3ce7df0f4d45cf53692d3b393984b9153db1682c.zip chromium_src-3ce7df0f4d45cf53692d3b393984b9153db1682c.tar.gz chromium_src-3ce7df0f4d45cf53692d3b393984b9153db1682c.tar.bz2 | |
Don't ignore certificate errors with SPDY.
For benchmarking and testing, we still want to be able to ignore the
certificate errors, so I added a flag to the use-spdy option to do so:
--ignore-certificate-errors
BUG=32020
TEST=none
Review URL: http://codereview.chromium.org/661375
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40465 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http')
| -rw-r--r-- | net/http/http_network_transaction.cc | 36 | ||||
| -rw-r--r-- | net/http/http_network_transaction.h | 6 |
2 files changed, 23 insertions, 19 deletions
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index 091edd0..5a30acb 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -143,6 +143,7 @@ void BuildTunnelRequest(const HttpRequestInfo* request_info, //----------------------------------------------------------------------------- std::string* HttpNetworkTransaction::g_next_protos = NULL; +bool HttpNetworkTransaction::g_ignore_certificate_errors = false; HttpNetworkTransaction::HttpNetworkTransaction(HttpNetworkSession* session) : pending_auth_target_(HttpAuth::AUTH_NONE), @@ -174,6 +175,11 @@ void HttpNetworkTransaction::SetNextProtos(const std::string& next_protos) { g_next_protos = new std::string(next_protos); } +// static +void HttpNetworkTransaction::IgnoreCertificateErrors(bool enabled) { + g_ignore_certificate_errors = enabled; +} + int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info, CompletionCallback* callback, LoadLog* load_log) { @@ -776,27 +782,8 @@ int HttpNetworkTransaction::DoSSLConnect() { } int HttpNetworkTransaction::DoSSLConnectComplete(int result) { - SSLClientSocket* ssl_socket = - reinterpret_cast<SSLClientSocket*>(connection_->socket()); - - SSLClientSocket::NextProtoStatus status = - SSLClientSocket::kNextProtoUnsupported; - std::string proto; - // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket - // that hasn't had SSL_ImportFD called on it. If we get a certificate error - // here, then we know that we called SSL_ImportFD. - if (result == OK || IsCertificateError(result)) - status = ssl_socket->GetNextProto(&proto); - static const char kSpdyProto[] = "spdy"; - using_spdy_ = (status == SSLClientSocket::kNextProtoNegotiated && - proto == kSpdyProto); - if (IsCertificateError(result)) { result = HandleCertificateError(result); - // TODO(wtc): We currently ignore certificate errors for - // spdy but we shouldn't. http://crbug.com/32020 - if (using_spdy_) - result = OK; if (result == OK && !connection_->socket()->IsConnectedAndIdle()) { connection_->socket()->Disconnect(); connection_->Reset(); @@ -806,6 +793,14 @@ int HttpNetworkTransaction::DoSSLConnectComplete(int result) { } if (result == OK) { + static const char kSpdyProto[] = "spdy"; + std::string proto; + SSLClientSocket* ssl_socket = + reinterpret_cast<SSLClientSocket*>(connection_->socket()); + SSLClientSocket::NextProtoStatus status = ssl_socket->GetNextProto(&proto); + using_spdy_ = (status == SSLClientSocket::kNextProtoNegotiated && + proto == kSpdyProto); + DCHECK(ssl_connect_start_time_ != base::TimeTicks()); base::TimeDelta connect_duration = base::TimeTicks::Now() - ssl_connect_start_time_; @@ -1392,6 +1387,9 @@ int HttpNetworkTransaction::HandleCertificateError(int error) { DCHECK(using_ssl_); DCHECK(IsCertificateError(error)); + if (g_ignore_certificate_errors) + return OK; + SSLClientSocket* ssl_socket = reinterpret_cast<SSLClientSocket*>(connection_->socket()); ssl_socket->GetSSLInfo(&response_.ssl_info); diff --git a/net/http/http_network_transaction.h b/net/http/http_network_transaction.h index 756a413..e4eef52 100644 --- a/net/http/http_network_transaction.h +++ b/net/http/http_network_transaction.h @@ -42,6 +42,10 @@ class HttpNetworkTransaction : public HttpTransaction { // Sets the next protocol negotiation value used during the SSL handshake. static void SetNextProtos(const std::string& next_protos); + // Sets the HttpNetworkTransaction into a mode where it can ignore + // certificate errors. This is for testing. + static void IgnoreCertificateErrors(bool enabled); + // HttpTransaction methods: virtual int Start(const HttpRequestInfo* request_info, CompletionCallback* callback, @@ -258,6 +262,8 @@ class HttpNetworkTransaction : public HttpTransaction { static std::string* g_next_protos; + static bool g_ignore_certificate_errors; + // The following three auth members are arrays of size two -- index 0 is // for the proxy server, and index 1 is for the origin server. // Use the enum HttpAuth::Target to index into them. |