diff options
| author | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-15 02:57:29 +0000 |
|---|---|---|
| committer | ukai@chromium.org <ukai@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-02-15 02:57:29 +0000 |
| commit | d7660f1c6bfa23327b20d6e1ae308c91140388ab (patch) | |
| tree | 95b0f9283f5532953e1b3c57f425180927668dd2 /net/http | |
| parent | ed5db9a0097ede07ee9703b73eb1bb72b6851a83 (diff) | |
| download | chromium_src-d7660f1c6bfa23327b20d6e1ae308c91140388ab.zip chromium_src-d7660f1c6bfa23327b20d6e1ae308c91140388ab.tar.gz chromium_src-d7660f1c6bfa23327b20d6e1ae308c91140388ab.tar.bz2 | |
Fix LOAD_IGNORE_CERT_* on Mac
SSLClientSocketMac reports certificate error before SSL handshake is completed,
so just returning OK for LOAD_IGNORE_CERT_* won't work (completed_handshake_ is false yet, so we can't Read()/Write() on the socket).
Add the cert in allowed_bad_certs, and reconnect again.
BUG=35108
TEST=none
Review URL: http://codereview.chromium.org/593013
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39037 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http')
| -rw-r--r-- | net/http/http_network_transaction.cc | 44 |
1 files changed, 23 insertions, 21 deletions
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index a37edb4..7a664a0 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -790,12 +790,15 @@ int HttpNetworkTransaction::DoSSLConnectComplete(int result) { proto == kSpdyProto); if (IsCertificateError(result)) { - if (use_spdy) { - // TODO(agl/willchan/wtc): We currently ignore certificate errors for - // spdy but we shouldn't. http://crbug.com/32020 - result = OK; - } else { - result = HandleCertificateError(result); + result = HandleCertificateError(result); + // TODO(wtc): We currently ignore certificate errors for + // spdy but we shouldn't. http://crbug.com/32020 + if ((result == OK || use_spdy) && + !connection_->socket()->IsConnectedAndIdle()) { + connection_->socket()->Disconnect(); + connection_->Reset(); + next_state_ = STATE_INIT_CONNECTION; + return OK; } } @@ -1379,6 +1382,20 @@ void HttpNetworkTransaction::LogBlockedTunnelResponse( int HttpNetworkTransaction::HandleCertificateError(int error) { DCHECK(using_ssl_); + DCHECK(IsCertificateError(error)); + + SSLClientSocket* ssl_socket = + reinterpret_cast<SSLClientSocket*>(connection_->socket()); + ssl_socket->GetSSLInfo(&response_.ssl_info); + + // Add the bad certificate to the set of allowed certificates in the + // SSL info object. This data structure will be consulted after calling + // RestartIgnoringLastError(). And the user will be asked interactively + // before RestartIgnoringLastError() is ever called. + SSLConfig::CertAndStatus bad_cert; + bad_cert.cert = response_.ssl_info.cert; + bad_cert.cert_status = response_.ssl_info.cert_status; + ssl_config_.allowed_bad_certs.push_back(bad_cert); const int kCertFlags = LOAD_IGNORE_CERT_COMMON_NAME_INVALID | LOAD_IGNORE_CERT_DATE_INVALID | @@ -1400,21 +1417,6 @@ int HttpNetworkTransaction::HandleCertificateError(int error) { break; } } - - if (error != OK) { - SSLClientSocket* ssl_socket = - reinterpret_cast<SSLClientSocket*>(connection_->socket()); - ssl_socket->GetSSLInfo(&response_.ssl_info); - - // Add the bad certificate to the set of allowed certificates in the - // SSL info object. This data structure will be consulted after calling - // RestartIgnoringLastError(). And the user will be asked interactively - // before RestartIgnoringLastError() is ever called. - SSLConfig::CertAndStatus bad_cert; - bad_cert.cert = response_.ssl_info.cert; - bad_cert.cert_status = response_.ssl_info.cert_status; - ssl_config_.allowed_bad_certs.push_back(bad_cert); - } return error; } |