diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-19 22:02:11 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-10-19 22:02:11 +0000 |
| commit | 59ac896c5958f38c3ae8a54fff43acd11c736360 (patch) | |
| tree | 550f8558e4f459cf95f07ff7e280dd719e12ea85 /net/http | |
| parent | 9443f748c083247e71f827ad048d9bba59b7e9b6 (diff) | |
| download | chromium_src-59ac896c5958f38c3ae8a54fff43acd11c736360.zip chromium_src-59ac896c5958f38c3ae8a54fff43acd11c736360.tar.gz chromium_src-59ac896c5958f38c3ae8a54fff43acd11c736360.tar.bz2 | |
net: disable revocation checking for connections to HTTPS proxies.
When connecting to an HTTPS proxy, trying to do revocation checks (which will
probably need to go through the same proxy) is daft. Also, any attacker
sufficiently close to MITM a connection to a proxy server can very likely also
MITM the revocation checks.
BUG=98833
TEST=none
Review URL: http://codereview.chromium.org/8301001
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@106392 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http')
| -rw-r--r-- | net/http/http_stream_factory_impl_job.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc index d858be1..fe9c5c1 100644 --- a/net/http/http_stream_factory_impl_job.cc +++ b/net/http/http_stream_factory_impl_job.cc @@ -633,6 +633,9 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() { if (proxy_info_.is_https()) { InitSSLConfig(proxy_info_.proxy_server().host_port_pair(), &proxy_ssl_config_); + // Disable revocation checking for HTTPS proxies since the revocation + // requests are probably going to need to go through the proxy too. + proxy_ssl_config_.rev_checking_enabled = false; } if (using_ssl_) { InitSSLConfig(origin_, &server_ssl_config_); |