diff options
| -rw-r--r-- | chrome/browser/browser_main.cc | 4 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 3 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 1 | ||||
| -rw-r--r-- | net/http/http_network_transaction.cc | 36 | ||||
| -rw-r--r-- | net/http/http_network_transaction.h | 6 |
5 files changed, 31 insertions, 19 deletions
diff --git a/chrome/browser/browser_main.cc b/chrome/browser/browser_main.cc index 8c218b0..4d9803c 100644 --- a/chrome/browser/browser_main.cc +++ b/chrome/browser/browser_main.cc @@ -65,6 +65,7 @@ #include "net/base/cookie_monster.h" #include "net/base/net_module.h" #include "net/http/http_network_session.h" +#include "net/http/http_network_transaction.h" #include "net/socket/client_socket_pool_base.h" #if defined(OS_POSIX) @@ -670,6 +671,9 @@ int BrowserMain(const MainFunctionParams& parameters) { parsed_command_line.GetSwitchValueASCII(switches::kFixedHttpsPort))); } + if (parsed_command_line.HasSwitch(switches::kIgnoreCertificateErrors)) + net::HttpNetworkTransaction::IgnoreCertificateErrors(true); + // Initialize histogram statistics gathering system. StatisticsRecorder statistics; diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index feb90fb..5787e1c 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -693,6 +693,9 @@ const char kUseSpdy[] = "use-spdy"; const char kFixedHttpPort[] = "testing-fixed-http-port"; const char kFixedHttpsPort[] = "testing-fixed-https-port"; +// Ignore certificate related errors. +const char kIgnoreCertificateErrors[] = "ignore-certificate-errors"; + // Use the low fragmentation heap for the CRT. const char kUseLowFragHeapCrt[] = "use-lf-heap"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 9d8e28f..afebf87 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -196,6 +196,7 @@ extern const char kUninstall[]; extern const char kUseSpdy[]; extern const char kFixedHttpPort[]; extern const char kFixedHttpsPort[]; +extern const char kIgnoreCertificateErrors[]; extern const char kUseLowFragHeapCrt[]; extern const char kUserAgent[]; extern const char kUserDataDir[]; diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc index 091edd0..5a30acb 100644 --- a/net/http/http_network_transaction.cc +++ b/net/http/http_network_transaction.cc @@ -143,6 +143,7 @@ void BuildTunnelRequest(const HttpRequestInfo* request_info, //----------------------------------------------------------------------------- std::string* HttpNetworkTransaction::g_next_protos = NULL; +bool HttpNetworkTransaction::g_ignore_certificate_errors = false; HttpNetworkTransaction::HttpNetworkTransaction(HttpNetworkSession* session) : pending_auth_target_(HttpAuth::AUTH_NONE), @@ -174,6 +175,11 @@ void HttpNetworkTransaction::SetNextProtos(const std::string& next_protos) { g_next_protos = new std::string(next_protos); } +// static +void HttpNetworkTransaction::IgnoreCertificateErrors(bool enabled) { + g_ignore_certificate_errors = enabled; +} + int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info, CompletionCallback* callback, LoadLog* load_log) { @@ -776,27 +782,8 @@ int HttpNetworkTransaction::DoSSLConnect() { } int HttpNetworkTransaction::DoSSLConnectComplete(int result) { - SSLClientSocket* ssl_socket = - reinterpret_cast<SSLClientSocket*>(connection_->socket()); - - SSLClientSocket::NextProtoStatus status = - SSLClientSocket::kNextProtoUnsupported; - std::string proto; - // GetNextProto will fail and and trigger a NOTREACHED if we pass in a socket - // that hasn't had SSL_ImportFD called on it. If we get a certificate error - // here, then we know that we called SSL_ImportFD. - if (result == OK || IsCertificateError(result)) - status = ssl_socket->GetNextProto(&proto); - static const char kSpdyProto[] = "spdy"; - using_spdy_ = (status == SSLClientSocket::kNextProtoNegotiated && - proto == kSpdyProto); - if (IsCertificateError(result)) { result = HandleCertificateError(result); - // TODO(wtc): We currently ignore certificate errors for - // spdy but we shouldn't. http://crbug.com/32020 - if (using_spdy_) - result = OK; if (result == OK && !connection_->socket()->IsConnectedAndIdle()) { connection_->socket()->Disconnect(); connection_->Reset(); @@ -806,6 +793,14 @@ int HttpNetworkTransaction::DoSSLConnectComplete(int result) { } if (result == OK) { + static const char kSpdyProto[] = "spdy"; + std::string proto; + SSLClientSocket* ssl_socket = + reinterpret_cast<SSLClientSocket*>(connection_->socket()); + SSLClientSocket::NextProtoStatus status = ssl_socket->GetNextProto(&proto); + using_spdy_ = (status == SSLClientSocket::kNextProtoNegotiated && + proto == kSpdyProto); + DCHECK(ssl_connect_start_time_ != base::TimeTicks()); base::TimeDelta connect_duration = base::TimeTicks::Now() - ssl_connect_start_time_; @@ -1392,6 +1387,9 @@ int HttpNetworkTransaction::HandleCertificateError(int error) { DCHECK(using_ssl_); DCHECK(IsCertificateError(error)); + if (g_ignore_certificate_errors) + return OK; + SSLClientSocket* ssl_socket = reinterpret_cast<SSLClientSocket*>(connection_->socket()); ssl_socket->GetSSLInfo(&response_.ssl_info); diff --git a/net/http/http_network_transaction.h b/net/http/http_network_transaction.h index 756a413..e4eef52 100644 --- a/net/http/http_network_transaction.h +++ b/net/http/http_network_transaction.h @@ -42,6 +42,10 @@ class HttpNetworkTransaction : public HttpTransaction { // Sets the next protocol negotiation value used during the SSL handshake. static void SetNextProtos(const std::string& next_protos); + // Sets the HttpNetworkTransaction into a mode where it can ignore + // certificate errors. This is for testing. + static void IgnoreCertificateErrors(bool enabled); + // HttpTransaction methods: virtual int Start(const HttpRequestInfo* request_info, CompletionCallback* callback, @@ -258,6 +262,8 @@ class HttpNetworkTransaction : public HttpTransaction { static std::string* g_next_protos; + static bool g_ignore_certificate_errors; + // The following three auth members are arrays of size two -- index 0 is // for the proxy server, and index 1 is for the origin server. // Use the enum HttpAuth::Target to index into them. |