Apply HSTS rules to also upgrade ws:// -> wss:// if appropriate. This avoids

a minor issue whereby failure to set a cookie "Secure" can get leaked via a WebSocket when http itself is mitiagted. TEST=WebSocketJobTest.HSTSUpgrade Review URL: http://codereview.chromium.org/6873029 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@82069 0039d316-1c4b-4281-b951-d872f2087c98
author: cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-04-19 05:06:55 +0000
committer: cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-04-19 05:06:55 +0000
commit: 857163eb100b1275a61d6ffe991846c34a61668f (patch)
tree: 0428c61782b2ae05e355e2ef769bba01291f92ff /net/url_request
parent: 0f2b2e95ea4c960e407e22075d7c2ec0ee1064d6 (diff)
download: chromium_src-857163eb100b1275a61d6ffe991846c34a61668f.zip
chromium_src-857163eb100b1275a61d6ffe991846c34a61668f.tar.gz
chromium_src-857163eb100b1275a61d6ffe991846c34a61668f.tar.bz2
4 files changed, 15 insertions, 15 deletions
diff --git a/net/url_request/url_request_context.cc b/net/url_request/url_request_context.cc
index 7e02641..09ac381 100644
--- a/net/url_request/url_request_context.cc
+++ b/net/url_request/url_request_context.cc
@@ -58,6 +58,15 @@ const std::string& URLRequestContext::GetUserAgent(const GURL& url) const {
   return EmptyString();
 }
 
+bool URLRequestContext::IsSNIAvailable() const {
+  if (!ssl_config_service_)
+    return false;
+
+  SSLConfig ssl_config;
+  ssl_config_service_->GetSSLConfig(&ssl_config);
+  return ssl_config.tls1_enabled;
+}
+
 URLRequestContext::~URLRequestContext() {
 }
 
diff --git a/net/url_request/url_request_context.h b/net/url_request/url_request_context.h
index ea80143..2c99059 100644
--- a/net/url_request/url_request_context.h
+++ b/net/url_request/url_request_context.h
@@ -180,6 +180,9 @@ class URLRequestContext
   bool is_main() const { return is_main_; }
   void set_is_main(bool is_main) { is_main_ = is_main; }
 
+  // Is SNI available in this request context?
+  bool IsSNIAvailable() const;
+
  protected:
   friend class base::RefCountedThreadSafe<URLRequestContext>;
 
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index 7166e5f..19b86a8 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -183,7 +183,7 @@ URLRequestJob* URLRequestHttpJob::Factory(URLRequest* request,
       request->context()->transport_security_state()->IsEnabledForHost(
           &domain_state,
           request->url().host(),
-          IsSNIAvailable(request->context()))) {
+          request->context()->IsSNIAvailable())) {
     if (domain_state.mode ==
          TransportSecurityState::DomainState::MODE_STRICT) {
       DCHECK_EQ(request->url().scheme(), "http");
@@ -665,7 +665,7 @@ void URLRequestHttpJob::OnStartCompleted(int result) {
     if (context_->transport_security_state()->IsEnabledForHost(
             &domain_state,
             request_->url().host(),
-            IsSNIAvailable(context_)) &&
+            context_->IsSNIAvailable()) &&
         ssl_info.is_issued_by_known_root &&
         !domain_state.IsChainOfPublicKeysPermitted(ssl_info.public_key_hashes)){
       result = ERR_CERT_INVALID;
@@ -720,7 +720,7 @@ bool URLRequestHttpJob::ShouldTreatAsCertificateError(int result) {
   TransportSecurityState::DomainState domain_state;
   // TODO(agl): don't ignore opportunistic mode.
   const bool r = context_->transport_security_state()->IsEnabledForHost(
-      &domain_state, request_info_.url.host(), IsSNIAvailable(context_));
+      &domain_state, request_info_.url.host(), context_->IsSNIAvailable());
 
   return !r || domain_state.mode ==
                TransportSecurityState::DomainState::MODE_OPPORTUNISTIC;
@@ -1370,14 +1370,4 @@ bool URLRequestHttpJob::IsCompressibleContent() const {
        IsSupportedNonImageMimeType(mime_type.c_str()));
 }
 
-// static
-bool URLRequestHttpJob::IsSNIAvailable(URLRequestContext* context) {
-  if (!context->ssl_config_service())
-    return false;
-
-  SSLConfig ssl_config;
-  context->ssl_config_service()->GetSSLConfig(&ssl_config);
-  return ssl_config.tls1_enabled;
-}
-
 }  // namespace net
diff --git a/net/url_request/url_request_http_job.h b/net/url_request/url_request_http_job.h
index 5173ae1..7ac5c97 100644
--- a/net/url_request/url_request_http_job.h
+++ b/net/url_request/url_request_http_job.h
@@ -147,8 +147,6 @@ class URLRequestHttpJob : public URLRequestJob {
   void RecordCompressionHistograms();
   bool IsCompressibleContent() const;
 
-  static bool IsSNIAvailable(URLRequestContext* context);
-
   base::Time request_creation_time_;
 
   // Data used for statistics gathering. This data is only used for histograms
author	cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-04-19 05:06:55 +0000
committer	cevans@chromium.org <cevans@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-04-19 05:06:55 +0000
commit	857163eb100b1275a61d6ffe991846c34a61668f (patch)
tree	0428c61782b2ae05e355e2ef769bba01291f92ff /net/url_request
parent	0f2b2e95ea4c960e407e22075d7c2ec0ee1064d6 (diff)
download	chromium_src-857163eb100b1275a61d6ffe991846c34a61668f.zip chromium_src-857163eb100b1275a61d6ffe991846c34a61668f.tar.gz chromium_src-857163eb100b1275a61d6ffe991846c34a61668f.tar.bz2