diff options
| -rw-r--r-- | chrome/app/generated_resources.grd | 3 | ||||
| -rw-r--r-- | chrome/renderer/localized_error.cc | 12 | ||||
| -rw-r--r-- | net/base/net_error_list.h | 5 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 30 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.h | 4 |
5 files changed, 17 insertions, 37 deletions
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd index f9c53f4..4614a69 100644 --- a/chrome/app/generated_resources.grd +++ b/chrome/app/generated_resources.grd @@ -5687,9 +5687,6 @@ Keep your key file in a safe place. You will need it to create new versions of y <message name="IDS_ERRORPAGES_HEADING_ESET_ANTI_VIRUS_SSL_INTERCEPTION" desc="Heading of the error page when we detect that ESET anti-virus is running and intercepting our HTTPS connections. 'ESET' is a product name and may be best left untranslated."> Cannot make secure connection because of ESET anti-virus </message> - <message name="IDS_ERRORPAGES_HEADING_NETNANNY_SSL_INTERCEPTION" desc="Heading of the error page when we detect that NetNanny is running and intercepting our HTTPS connections. 'NetNanny' is a product name and may be best left untranslated."> - Cannot make secure connection because of NetNanny - </message> <message name="IDS_ERRORPAGES_SUMMARY_NOT_AVAILABLE" desc="Summary in the error page when we can't connect to a site."> The webpage at <ph name="URL"><strong jscontent="failedUrl"></strong></ph> might be temporarily down or it may have moved permanently to a new web address. </message> diff --git a/chrome/renderer/localized_error.cc b/chrome/renderer/localized_error.cc index f507ddd..d1a01f8 100644 --- a/chrome/renderer/localized_error.cc +++ b/chrome/renderer/localized_error.cc @@ -31,8 +31,6 @@ static const char kWeakDHKeyLearnMoreUrl[] = "http://sites.google.com/a/chromium.org/dev/err_ssl_weak_server_ephemeral_dh_key"; static const char kESETLearnMoreUrl[] = "http://sites.google.com/a/chromium.org/dev/err_eset_anti_virus_ssl_interception"; -static const char kNetNannyLearnMoreUrl[] = - "http://sites.google.com/a/chromium.org/dev/err_netnanny_ssl_interception"; enum NAV_SUGGESTIONS { SUGGEST_NONE = 0, @@ -149,13 +147,6 @@ const LocalizedErrorMap net_error_options[] = { IDS_ERRORPAGES_DETAILS_SSL_PROTOCOL_ERROR, SUGGEST_LEARNMORE, }, - {net::ERR_NETNANNY_SSL_INTERCEPTION, - IDS_ERRORPAGES_TITLE_LOAD_FAILED, - IDS_ERRORPAGES_HEADING_NETNANNY_SSL_INTERCEPTION, - IDS_ERRORPAGES_SUMMARY_NETNANNY_SSL_INTERCEPTION, - IDS_ERRORPAGES_DETAILS_SSL_PROTOCOL_ERROR, - SUGGEST_LEARNMORE, - }, }; const LocalizedErrorMap http_error_options[] = { @@ -444,9 +435,6 @@ void LocalizedError::GetStrings(const WebKit::WebURLError& error, case net::ERR_ESET_ANTI_VIRUS_SSL_INTERCEPTION: learn_more_url = GURL(kESETLearnMoreUrl); break; - case net::ERR_NETNANNY_SSL_INTERCEPTION: - learn_more_url = GURL(kNetNannyLearnMoreUrl); - break; default: break; } diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h index 500228b..96b19ad 100644 --- a/net/base/net_error_list.h +++ b/net/base/net_error_list.h @@ -191,10 +191,7 @@ NET_ERROR(SSL_SNAP_START_NPN_MISPREDICTION, -131) // give the user a helpful error message rather than have the connection hang. NET_ERROR(ESET_ANTI_VIRUS_SSL_INTERCEPTION, -132) -// We detected NetNanny intercepting our HTTPS connections. Since this product -// is False Start intolerant, we return this error so that we can give the user -// a helpful error message rather than have the connection hang. -NET_ERROR(NETNANNY_SSL_INTERCEPTION, -133) +// Missing -133. Feel free to reuse in the future. // The permission to use the SSL client certificate's private key was denied. NET_ERROR(SSL_CLIENT_AUTH_PRIVATE_KEY_ACCESS_DENIED, -134) diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 0434f6d..a6aa458 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -446,7 +446,6 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, completed_handshake_(false), pseudo_connected_(false), eset_mitm_detected_(false), - netnanny_mitm_detected_(false), predicted_cert_chain_correct_(false), peername_initialized_(false), dnssec_provider_(NULL), @@ -927,7 +926,6 @@ void SSLClientSocketNSS::Disconnect() { completed_handshake_ = false; pseudo_connected_ = false; eset_mitm_detected_ = false; - netnanny_mitm_detected_= false; predicted_cert_chain_correct_ = false; peername_initialized_ = false; nss_bufs_ = NULL; @@ -1635,16 +1633,10 @@ SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, // different reads or not, depending on network conditions. PRBool false_start = 0; SECStatus rv = SSL_OptionGet(socket, SSL_ENABLE_FALSE_START, &false_start); - if (rv != SECSuccess) - NOTREACHED(); + DCHECK_EQ(SECSuccess, rv); + if (false_start) { SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); - if (!that->handshake_callback_called_) { - that->corked_ = true; - that->uncork_timer_.Start( - base::TimeDelta::FromMilliseconds(kCorkTimeoutMs), - that, &SSLClientSocketNSS::UncorkAfterTimeout); - } // ESET anti-virus is capable of intercepting HTTPS connections on Windows. // However, it is False Start intolerant and causes the connections to hang @@ -1657,12 +1649,24 @@ SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, if (common_name) { if (strcmp(common_name, "ESET_RootSslCert") == 0) that->eset_mitm_detected_ = true; - if (strcmp(common_name, "ContentWatch Root Certificate Authority") == 0) - that->netnanny_mitm_detected_ = true; + if (strcmp(common_name, "ContentWatch Root Certificate Authority") == 0) { + // This is NetNanny. NetNanny are updating their product so we + // silently disable False Start for now. + rv = SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); + DCHECK_EQ(SECSuccess, rv); + false_start = 0; + } PORT_Free(common_name); } CERT_DestroyCertificate(cert); } + + if (false_start && !that->handshake_callback_called_) { + that->corked_ = true; + that->uncork_timer_.Start( + base::TimeDelta::FromMilliseconds(kCorkTimeoutMs), + that, &SSLClientSocketNSS::UncorkAfterTimeout); + } } #endif @@ -2094,8 +2098,6 @@ int SSLClientSocketNSS::DoHandshake() { if (handshake_callback_called_) { if (eset_mitm_detected_) { net_error = ERR_ESET_ANTI_VIRUS_SSL_INTERCEPTION; - } else if (netnanny_mitm_detected_) { - net_error = ERR_NETNANNY_SSL_INTERCEPTION; } else { // We need to see if the predicted certificate chain (in // |ssl_host_info_->state().certs) matches the actual certificate chain diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index 2720c1d..87f7b92 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -204,10 +204,6 @@ class SSLClientSocketNSS : public SSLClientSocket { // HTTPS connections. bool eset_mitm_detected_; - // True iff we believe that the user has NetNanny intercepting our HTTPS - // connections. - bool netnanny_mitm_detected_; - // True iff |ssl_host_info_| contained a predicted certificate chain and // that we found the prediction to be correct. bool predicted_cert_chain_correct_; |