diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-12 18:33:38 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-12 18:33:38 +0000 |
| commit | 93dbe2055844f347f20ea7268f88e18d94ecc767 (patch) | |
| tree | df110631070f3768df2e56405dcaea2228dafa1f /net | |
| parent | 0aa54d6fe95bd455b2f0079e5304d510c9e15bc2 (diff) | |
| download | chromium_src-93dbe2055844f347f20ea7268f88e18d94ecc767.zip chromium_src-93dbe2055844f347f20ea7268f88e18d94ecc767.tar.gz chromium_src-93dbe2055844f347f20ea7268f88e18d94ecc767.tar.bz2 | |
SSL: don't ask for next proto if we got an error.
GetNextProto only returns an error if the NSPR socket passed in is not a valid
SSL socket. However, this happens in tests (see the bug).
It appears that in some code paths the socket is invalid by the time that we
call HttpNetworkTransaction::DoSSLConnectComplete.
This also fixes the case where we would use SPDY if the server supports NPN,
but didn't actually advertise support for it.
BUG=31611
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36024 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/http/http_network_transaction.cc | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index 5dc01ca..ea61c79 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -799,15 +799,23 @@ int HttpNetworkTransaction::DoSSLConnect() { int HttpNetworkTransaction::DoSSLConnectComplete(int result) { SSLClientSocket* ssl_socket = reinterpret_cast<SSLClientSocket*>(connection_->socket()); + + SSLClientSocket::NextProtoStatus status = + SSLClientSocket::kNextProtoUnsupported; std::string proto; - SSLClientSocket::NextProtoStatus status = ssl_socket->GetNextProto(&proto); + // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket + // that hasn't had SSL_ImportFD called on it. If we get a certificate error + // here, then we know that we called SSL_ImportFD. + if (result == OK || IsCertificateError(result)) + status = ssl_socket->GetNextProto(&proto); static const char kSpdyProto[] = "spdy"; - const bool use_spdy = (status != SSLClientSocket::kNextProtoUnsupported && + const bool use_spdy = (status == SSLClientSocket::kNextProtoNegotiated && proto == kSpdyProto); if (IsCertificateError(result)) { if (use_spdy) { - // We currently ignore certificate errors for spdy. + // TODO(agl/willchan/wtc): We currently ignore certificate errors for + // spdy but we shouldn't. http://crbug.com/32020 result = OK; } else { result = HandleCertificateError(result); |