diff options
| author | rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-31 09:56:07 +0000 |
|---|---|---|
| committer | rmsousa@chromium.org <rmsousa@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2013-07-31 09:56:07 +0000 |
| commit | 7c1969e57691ea9574ed347f3fad48bc15e82d04 (patch) | |
| tree | 5e2117c1155d46286d984e8b2fbf74c3eb62e91b /remoting | |
| parent | 05024715b06eb93c59f4bec13faf7a2ff8c24cdb (diff) | |
| download | chromium_src-7c1969e57691ea9574ed347f3fad48bc15e82d04.zip chromium_src-7c1969e57691ea9574ed347f3fad48bc15e82d04.tar.gz chromium_src-7c1969e57691ea9574ed347f3fad48bc15e82d04.tar.bz2 | |
Ignore client certificate requests by default.
URLFetcher's current behavior when a certificate request is received is to immediately cancel the connection -- this is needed because doing anything else inside chrome could cause that decision to affect other requests using the same urlrequestcontext (that would otherwise have been able to request a certificate from the user).
For the remoting host, however, that is irrelevant - there's no other way to request a certificate from the user, so we can consistently ignore client certificate requests - this at least allows the remoting host to successfully connect to servers with optional client certificate authentication (i.e. servers that request a client certificate, but will provide content even if one isn't provided).
BUG=
Review URL: https://chromiumcodereview.appspot.com/21012007
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@214659 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting')
| -rw-r--r-- | remoting/host/remoting_me2me_host.cc | 8 | ||||
| -rw-r--r-- | remoting/host/service_urls.cc | 12 | ||||
| -rw-r--r-- | remoting/host/service_urls.h | 4 | ||||
| -rw-r--r-- | remoting/host/setup/start_host.cc | 4 |
4 files changed, 7 insertions, 21 deletions
diff --git a/remoting/host/remoting_me2me_host.cc b/remoting/host/remoting_me2me_host.cc index 7b7d3e3..f2bbac0 100644 --- a/remoting/host/remoting_me2me_host.cc +++ b/remoting/host/remoting_me2me_host.cc @@ -371,10 +371,12 @@ bool HostProcess::InitWithCommandLine(const CommandLine* cmd_line) { } #endif // !defined(REMOTING_MULTI_PROCESS) + // Ignore certificate requests - the host currently has no client certificate + // support, so ignoring certificate requests allows connecting to servers that + // request, but don't require, a certificate (optional client authentication). + net::URLFetcher::SetIgnoreCertificateRequests(true); + ServiceUrls* service_urls = ServiceUrls::GetInstance(); - if (service_urls->ignore_urlfetcher_cert_requests()) { - net::URLFetcher::SetIgnoreCertificateRequests(true); - } bool xmpp_server_valid = net::ParseHostAndPort( service_urls->xmpp_server_address(), &xmpp_server_config_.host, &xmpp_server_config_.port); diff --git a/remoting/host/service_urls.cc b/remoting/host/service_urls.cc index b85939f..e73fc2a 100644 --- a/remoting/host/service_urls.cc +++ b/remoting/host/service_urls.cc @@ -20,8 +20,6 @@ const char kDirectoryBaseUrlSwitch[] = "directory-base-url"; const char kXmppServerAddressSwitch[] = "xmpp-server-address"; const char kXmppServerDisableTlsSwitch[] = "disable-xmpp-server-tls"; const char kDirectoryBotJidSwitch[] = "directory-bot-jid"; -const char kIgnoreUrlFetcherCertRequestsSwitch[] = - "ignore-urlfetcher-cert-requests"; // Non-configurable service paths. const char kDirectoryHostsSuffix[] = "/@me/hosts/"; @@ -34,8 +32,7 @@ ServiceUrls::ServiceUrls() : directory_base_url_(kDirectoryBaseUrl), xmpp_server_address_(kXmppServerAddress), xmpp_server_use_tls_(kXmppServerUseTls), - directory_bot_jid_(kDirectoryBotJid), - ignore_urlfetcher_cert_requests_(false) { + directory_bot_jid_(kDirectoryBotJid) { #if !defined(NDEBUG) // Allow debug builds to override urls via command line. CommandLine* command_line = CommandLine::ForCurrentProcess(); @@ -51,9 +48,6 @@ ServiceUrls::ServiceUrls() if (command_line->HasSwitch(kXmppServerDisableTlsSwitch)) { xmpp_server_use_tls_ = false; } - if (command_line->HasSwitch(kIgnoreUrlFetcherCertRequestsSwitch)) { - ignore_urlfetcher_cert_requests_ = true; - } if (command_line->HasSwitch(kDirectoryBotJidSwitch)) { directory_bot_jid_ = command_line->GetSwitchValueASCII( kDirectoryBotJidSwitch); @@ -90,8 +84,4 @@ const std::string& ServiceUrls::directory_bot_jid() const { return directory_bot_jid_; } -bool ServiceUrls::ignore_urlfetcher_cert_requests() const { - return ignore_urlfetcher_cert_requests_; -} - } // namespace remoting diff --git a/remoting/host/service_urls.h b/remoting/host/service_urls.h index b2d8846..ed377a5 100644 --- a/remoting/host/service_urls.h +++ b/remoting/host/service_urls.h @@ -31,9 +31,6 @@ class ServiceUrls { // Remoting directory bot JID (for registering hosts, logging, heartbeats). const std::string& directory_bot_jid() const; - // Use a NULL certificate for URLFetcher SSL client certificate requests. - bool ignore_urlfetcher_cert_requests() const; - private: friend struct DefaultSingletonTraits<ServiceUrls>; @@ -45,7 +42,6 @@ class ServiceUrls { std::string xmpp_server_address_; bool xmpp_server_use_tls_; std::string directory_bot_jid_; - bool ignore_urlfetcher_cert_requests_; DISALLOW_COPY_AND_ASSIGN(ServiceUrls); }; diff --git a/remoting/host/setup/start_host.cc b/remoting/host/setup/start_host.cc index ac50a76..024e9a3 100644 --- a/remoting/host/setup/start_host.cc +++ b/remoting/host/setup/start_host.cc @@ -153,9 +153,7 @@ int main(int argc, char** argv) { g_message_loop->message_loop_proxy(), io_thread.message_loop_proxy())); - if (remoting::ServiceUrls::GetInstance()->ignore_urlfetcher_cert_requests()) { - net::URLFetcher::SetIgnoreCertificateRequests(true); - } + net::URLFetcher::SetIgnoreCertificateRequests(true); // Start the host. scoped_ptr<HostStarter> host_starter(HostStarter::Create( |