diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-05 00:16:02 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-03-05 00:16:02 +0000 |
| commit | 37a67922ed6c4b88f64863565d2cafe635446258 (patch) | |
| tree | b56550f404faa1955010942cb3b99e93e61e548b /net | |
| parent | 77551f623747c57f390e4c903b67df09e0dbf75c (diff) | |
| download | chromium_src-37a67922ed6c4b88f64863565d2cafe635446258.zip chromium_src-37a67922ed6c4b88f64863565d2cafe635446258.tar.gz chromium_src-37a67922ed6c4b88f64863565d2cafe635446258.tar.bz2 | |
Fix a regression introduced in r40465.
In DoSSLConnectComplete, we still need to set using_spdy_
if we get a certificate error.
In HandleCertificateError, we need to ignore the error
after adding the certificate to the allowed_bad_certs list.
R=mbelshe
BUG=37367
TEST=Connect to a SPDY server with a bad certificate. Clicking
"Proceed anyway" in the SSL blocking page should not result in
a download.
Review URL: http://codereview.chromium.org/668111
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40687 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/http/http_network_transaction.cc | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index 49711f4..170ec05 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -782,6 +782,21 @@ int HttpNetworkTransaction::DoSSLConnect() { } int HttpNetworkTransaction::DoSSLConnectComplete(int result) { + SSLClientSocket* ssl_socket = + reinterpret_cast<SSLClientSocket*>(connection_->socket()); + + SSLClientSocket::NextProtoStatus status = + SSLClientSocket::kNextProtoUnsupported; + std::string proto; + // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket + // that hasn't had SSL_ImportFD called on it. If we get a certificate error + // here, then we know that we called SSL_ImportFD. + if (result == OK || IsCertificateError(result)) + status = ssl_socket->GetNextProto(&proto); + static const char kSpdyProto[] = "spdy"; + using_spdy_ = (status == SSLClientSocket::kNextProtoNegotiated && + proto == kSpdyProto); + if (IsCertificateError(result)) { result = HandleCertificateError(result); if (result == OK && !connection_->socket()->IsConnectedAndIdle()) { @@ -793,14 +808,6 @@ int HttpNetworkTransaction::DoSSLConnectComplete(int result) { } if (result == OK) { - static const char kSpdyProto[] = "spdy"; - std::string proto; - SSLClientSocket* ssl_socket = - reinterpret_cast<SSLClientSocket*>(connection_->socket()); - SSLClientSocket::NextProtoStatus status = ssl_socket->GetNextProto(&proto); - using_spdy_ = (status == SSLClientSocket::kNextProtoNegotiated && - proto == kSpdyProto); - DCHECK(ssl_connect_start_time_ != base::TimeTicks()); base::TimeDelta connect_duration = base::TimeTicks::Now() - ssl_connect_start_time_; @@ -1355,9 +1362,6 @@ int HttpNetworkTransaction::HandleCertificateError(int error) { DCHECK(using_ssl_); DCHECK(IsCertificateError(error)); - if (g_ignore_certificate_errors) - return OK; - SSLClientSocket* ssl_socket = reinterpret_cast<SSLClientSocket*>(connection_->socket()); ssl_socket->GetSSLInfo(&response_.ssl_info); @@ -1371,6 +1375,9 @@ int HttpNetworkTransaction::HandleCertificateError(int error) { bad_cert.cert_status = response_.ssl_info.cert_status; ssl_config_.allowed_bad_certs.push_back(bad_cert); + if (g_ignore_certificate_errors) + return OK; + const int kCertFlags = LOAD_IGNORE_CERT_COMMON_NAME_INVALID | LOAD_IGNORE_CERT_DATE_INVALID | LOAD_IGNORE_CERT_AUTHORITY_INVALID | |