We don't handle certificate errors during SSL renegotiation.

In the common case, the server sends the same certificate during
renegotiation.  Since the certificate has been verified, we can
assume the certificate is good or has been accepted by the user.
If the server sends a different certificate that has an error,
we need to return an error code that won't trigger our
certificate error handling code, which doesn't handle this case
correctly.  Add the ERR_CERT_ERROR_IN_SSL_RENEGOTIATION error
for this purpose.

R=rvargas
BUG=http://crbug.com/13226
TEST=See http://crbug.com/13226 comment 9
Review URL: http://codereview.chromium.org/118410

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17919 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 9 insertions, 0 deletions

diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 5795011..97f7715 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -745,6 +745,15 @@ int HttpNetworkTransaction::HandleConnectionClosedBeforeEndOfHeaders() {
 }
 
 int HttpNetworkTransaction::DoReadHeadersComplete(int result) {
+  if (using_ssl_ && IsCertificateError(result)) {
+    // We don't handle a certificate error during SSL renegotiation, so we
+    // have to return an error that's not in the certificate error range
+    // (-2xx).
+    LOG(ERROR) << "Got a server certificate with error " << result
+               << " during SSL renegotiation";
+    result = ERR_CERT_ERROR_IN_SSL_RENEGOTIATION;
+  }
+
   if (result < 0)
     return HandleIOError(result);