diff options
| author | toyoshim@chromium.org <toyoshim@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-09 20:04:30 +0000 |
|---|---|---|
| committer | toyoshim@chromium.org <toyoshim@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-03-09 20:04:30 +0000 |
| commit | efacfe3516e3064810fa9c085e9920fbb6e21968 (patch) | |
| tree | e1a7fbe7460774d36c7a5997cc38c83a52196e14 /net/socket_stream | |
| parent | 64e266915ffab2a2cd3757125b9ec51b5a35ffa5 (diff) | |
| download | chromium_src-efacfe3516e3064810fa9c085e9920fbb6e21968.zip chromium_src-efacfe3516e3064810fa9c085e9920fbb6e21968.tar.gz chromium_src-efacfe3516e3064810fa9c085e9920fbb6e21968.tar.bz2 | |
OnSSLCertificateError delegate chain back to SocketStreamDispatcherHost
SSL cert errors must be handled by SSLManager.
This change provide delegate chain back to SocketStreamDispatcherHost to
handle the error by SSLManager here.
BUG=53836
TEST=run existing unit tests because this change is a kind of refactoring
Review URL: http://codereview.chromium.org/9454011
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@125882 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket_stream')
| -rw-r--r-- | net/socket_stream/socket_stream.cc | 46 | ||||
| -rw-r--r-- | net/socket_stream/socket_stream.h | 21 |
2 files changed, 54 insertions, 13 deletions
diff --git a/net/socket_stream/socket_stream.cc b/net/socket_stream/socket_stream.cc index 935debd..9da4456 100644 --- a/net/socket_stream/socket_stream.cc +++ b/net/socket_stream/socket_stream.cc @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // @@ -255,6 +255,19 @@ void SocketStream::SetClientSocketFactory( factory_ = factory; } +void SocketStream::CancelBecauseOfCertError(const SSLInfo& ssl_info) { + MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind(&SocketStream::DoLoop, this, + MapCertStatusToNetError(ssl_info.cert_status))); +} + +void SocketStream::ContinueDespiteCertError() { + MessageLoop::current()->PostTask( + FROM_HERE, + base::Bind(&SocketStream::DoLoop, this, OK)); +} + SocketStream::~SocketStream() { set_context(NULL); DCHECK(!delegate_); @@ -1170,17 +1183,26 @@ void SocketStream::DoRestartWithAuth() { } int SocketStream::HandleCertificateError(int result) { - // TODO(ukai): handle cert error properly. - switch (result) { - case ERR_CERT_COMMON_NAME_INVALID: - case ERR_CERT_DATE_INVALID: - case ERR_CERT_AUTHORITY_INVALID: - result = OK; - break; - default: - break; - } - return result; + DCHECK(IsCertificateError(result)); + + if (!delegate_) + return result; + + SSLClientSocket* ssl_socket = static_cast<SSLClientSocket*>(socket_.get()); + DCHECK(ssl_socket); + SSLInfo ssl_info; + ssl_socket->GetSSLInfo(&ssl_info); + + TransportSecurityState::DomainState domain_state; + DCHECK(context_); + const bool fatal = + context_->transport_security_state() && + context_->transport_security_state()->GetDomainState( + &domain_state, url_.host(), + SSLConfigService::IsSNIAvailable(context_->ssl_config_service())); + + delegate_->OnSSLCertificateError(this, ssl_info, fatal); + return ERR_IO_PENDING; } SSLConfigService* SocketStream::ssl_config_service() const { diff --git a/net/socket_stream/socket_stream.h b/net/socket_stream/socket_stream.h index 4dae5e8..510310e 100644 --- a/net/socket_stream/socket_stream.h +++ b/net/socket_stream/socket_stream.h @@ -1,4 +1,4 @@ -// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. @@ -35,6 +35,7 @@ class CookieOptions; class HostResolver; class HttpAuthHandlerFactory; class SSLConfigService; +class SSLInfo; class SingleRequestHostResolver; class SocketStreamMetrics; @@ -92,6 +93,15 @@ class NET_EXPORT SocketStream socket->Close(); } + // Called when using SSL and the server responds with a certificate with an + // error. The delegate should call CancelBecauseOfCertError() or + // ContinueDespiteCertError() to resume connection handling. + virtual void OnSSLCertificateError(SocketStream* socket, + const SSLInfo& ssl_info, + bool fatal) { + socket->CancelBecauseOfCertError(ssl_info); + } + // Called when an error occured. // This is only for error reporting to the delegate. // |error| is net::Error. @@ -165,6 +175,15 @@ class NET_EXPORT SocketStream // |factory|. For testing purposes only. void SetClientSocketFactory(ClientSocketFactory* factory); + // Cancel the connection because of receiving a certificate with an error. + // |error| is net::Error which represents the error. + void CancelBecauseOfCertError(const SSLInfo& ssl_info); + + // Continue to establish the connection in spite of receiving a certificate + // with an error. Usually this case happens because users allow it by manual + // actions on alert dialog or browser cached such kinds of user actions. + void ContinueDespiteCertError(); + protected: friend class base::RefCountedThreadSafe<SocketStream>; virtual ~SocketStream(); |