net: don't check revocation when fetching PAC files.

If a PAC file is configured on an HTTPS URL we get into trouble. In order to check revocation we need to make an HTTP request to the OCSP/CRL server, which needs the PAC script to load and so we deadlock. With this change we don't check revocation for PAC fetches. BUG=86219 TEST=Configure a PAC script on HTTPS. Review URL: http://codereview.chromium.org/7170026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@89489 0039d316-1c4b-4281-b951-d872f2087c98
author: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-06-17 15:46:19 +0000
committer: agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-06-17 15:46:19 +0000
commit: db6027b4d62ad276bba716cb61bf7e48479f7b83 (patch)
tree: 47c198bc0c4bc9465ce350706a49dc298f8014a9 /net/proxy
parent: bbba0a4a1ddc2efdb99a7c764a4dd579285f76c6 (diff)
download: chromium_src-db6027b4d62ad276bba716cb61bf7e48479f7b83.zip
chromium_src-db6027b4d62ad276bba716cb61bf7e48479f7b83.tar.gz
chromium_src-db6027b4d62ad276bba716cb61bf7e48479f7b83.tar.bz2
2 files changed, 33 insertions, 1 deletions
diff --git a/net/proxy/proxy_script_fetcher_impl.cc b/net/proxy/proxy_script_fetcher_impl.cc
index c276c30..d0b9d6a 100644
--- a/net/proxy/proxy_script_fetcher_impl.cc
+++ b/net/proxy/proxy_script_fetcher_impl.cc
@@ -145,7 +145,12 @@ int ProxyScriptFetcherImpl::Fetch(const GURL& url,
   // Also disable the use of the disk cache. The cache is disabled so that if
   // the user switches networks we don't potentially use the cached response
   // from old network when we should in fact be re-fetching on the new network.
-  cur_request_->set_load_flags(LOAD_BYPASS_PROXY | LOAD_DISABLE_CACHE);
+  // If the PAC script is hosted on an HTTPS server we bypass revocation
+  // checking in order to avoid a circular dependency when attempting to fetch
+  // the OCSP response or CRL. We could make the revocation check go direct but
+  // the proxy might be the only way to the outside world.
+  cur_request_->set_load_flags(LOAD_BYPASS_PROXY | LOAD_DISABLE_CACHE |
+                               LOAD_DISABLE_CERT_REVOCATION_CHECKING);
 
   // Save the caller's info for notification on completion.
   callback_ = callback;
diff --git a/net/proxy/proxy_script_fetcher_impl_unittest.cc b/net/proxy/proxy_script_fetcher_impl_unittest.cc
index 98fbd5e..f7bf5ef 100644
--- a/net/proxy/proxy_script_fetcher_impl_unittest.cc
+++ b/net/proxy/proxy_script_fetcher_impl_unittest.cc
@@ -11,6 +11,7 @@
 #include "base/path_service.h"
 #include "base/utf_string_conversions.h"
 #include "net/base/net_util.h"
+#include "net/base/load_flags.h"
 #include "net/base/ssl_config_service_defaults.h"
 #include "net/base/test_completion_callback.h"
 #include "net/disk_cache/disk_cache.h"
@@ -18,6 +19,7 @@
 #include "net/http/http_network_session.h"
 #include "net/test/test_server.h"
 #include "net/url_request/url_request_context_storage.h"
+#include "net/url_request/url_request_job_factory.h"
 #include "net/url_request/url_request_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/platform_test.h"
@@ -38,6 +40,26 @@ struct FetchResult {
   string16 text;
 };
 
+// CheckNoRevocationFlagSetInterceptor causes a test failure if a request is
+// seen that doesn't set a load flag to bypass revocation checking.
+class CheckNoRevocationFlagSetInterceptor :
+    public URLRequestJobFactory::Interceptor {
+ public:
+  virtual URLRequestJob* MaybeIntercept(URLRequest* request) const OVERRIDE {
+    EXPECT_TRUE(request->load_flags() & LOAD_DISABLE_CERT_REVOCATION_CHECKING);
+    return NULL;
+  }
+
+  virtual URLRequestJob* MaybeInterceptRedirect(const GURL& location,
+                                                URLRequest* request) const {
+    return NULL;
+  }
+
+  virtual URLRequestJob* MaybeInterceptResponse(URLRequest* request) const {
+    return NULL;
+  }
+};
+
 // A non-mock URL request which can access http:// and file:// urls.
 class RequestContext : public URLRequestContext {
  public:
@@ -61,6 +83,10 @@ class RequestContext : public URLRequestContext {
     storage_.set_http_transaction_factory(new HttpCache(
         network_session,
         HttpCache::DefaultBackend::InMemory(0)));
+    url_request_job_factory_.reset(new URLRequestJobFactory);
+    set_job_factory(url_request_job_factory_.get());
+    url_request_job_factory_->AddInterceptor(
+        new CheckNoRevocationFlagSetInterceptor);
   }
 
  private:
@@ -68,6 +94,7 @@ class RequestContext : public URLRequestContext {
   }
 
   URLRequestContextStorage storage_;
+  scoped_ptr<URLRequestJobFactory> url_request_job_factory_;
 };
 
 // Get a file:// url relative to net/data/proxy/proxy_script_fetcher_unittest.
author	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-06-17 15:46:19 +0000
committer	agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-06-17 15:46:19 +0000
commit	db6027b4d62ad276bba716cb61bf7e48479f7b83 (patch)
tree	47c198bc0c4bc9465ce350706a49dc298f8014a9 /net/proxy
parent	bbba0a4a1ddc2efdb99a7c764a4dd579285f76c6 (diff)
download	chromium_src-db6027b4d62ad276bba716cb61bf7e48479f7b83.zip chromium_src-db6027b4d62ad276bba716cb61bf7e48479f7b83.tar.gz chromium_src-db6027b4d62ad276bba716cb61bf7e48479f7b83.tar.bz2