3 files changed, 44 insertions, 9 deletions
diff --git a/net/tools/testserver/testserver.py b/net/tools/testserver/testserver.py
index 569705d..acbfd67 100644
--- a/net/tools/testserver/testserver.py
+++ b/net/tools/testserver/testserver.py
@@ -77,6 +77,7 @@ class TestPageHandler(BaseHTTPServer.BaseHTTPRequestHandler):
   def __init__(self, request, client_address, socket_server):
     self._connect_handlers = [
       self.RedirectConnectHandler,
+      self.ServerAuthConnectHandler,
       self.DefaultConnectResponseHandler]
     self._get_handlers = [
       self.KillHandler,
@@ -912,6 +913,21 @@ class TestPageHandler(BaseHTTPServer.BaseHTTPRequestHandler):
     self.end_headers()
     return True
 
+  def ServerAuthConnectHandler(self):
+    """Sends a 401 to the CONNECT request for www.server-auth.com. This
+    response doesn't make sense because the proxy server cannot request
+    server authentication."""
+
+    if (self.path.find("www.server-auth.com") < 0):
+      return False
+
+    challenge = 'Basic realm="WallyWorld"'
+
+    self.send_response(401)  # unauthorized
+    self.send_header('WWW-Authenticate', challenge)
+    self.send_header('Connection', 'close')
+    self.end_headers()
+    return True
 
   def DefaultConnectResponseHandler(self):
     """This is the catch-all response handler for CONNECT requests that aren't
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index c7fc435..c4d0563 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -212,12 +212,6 @@ bool URLRequestHttpJob::IsRedirectResponse(GURL* location,
   if (!response_info_->headers->IsRedirect(&value))
     return false;
 
-  // For HTTPS, if we didn't receive a server certificate, the response was
-  // from the proxy server (a response to the CONNECT request) rather than
-  // the server.
-  if (request_->url().SchemeIsSecure() && !response_info_->ssl_info.cert)
-    return false;
-
   *location = request_->url().Resolve(value);
   *http_status_code = response_info_->headers->response_code();
   return true;
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 0cadd0e..21d1c72 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -84,8 +84,8 @@ class URLRequestTest : public PlatformTest {
 
 TEST_F(URLRequestTest, ProxyTunnelRedirectTest) {
   // In this unit test, we're using the HTTPTestServer as a proxy server and
-  // issue a CONNECT request with the magic host name "www.redirect.com" to
-  // it.  The HTTPTestServer will return a 302 response, which we should not
+  // issuing a CONNECT request with the magic host name "www.redirect.com".
+  // The HTTPTestServer will return a 302 response, which we should not
   // follow.
   scoped_refptr<HTTPTestServer> server =
       HTTPTestServer::CreateServer(L"", NULL);
@@ -102,14 +102,39 @@ TEST_F(URLRequestTest, ProxyTunnelRedirectTest) {
 
     MessageLoop::current()->Run();
 
-    EXPECT_EQ(1, d.response_started_count());
+    EXPECT_EQ(URLRequestStatus::SUCCESS, r.status().status());
     // We should have rewritten the 302 response code as 500.
     EXPECT_EQ(500, r.GetResponseCode());
+    EXPECT_EQ(1, d.response_started_count());
     // We should not have followed the redirect.
     EXPECT_EQ(0, d.received_redirect_count());
   }
 }
 
+TEST_F(URLRequestTest, UnexpectedServerAuthTest) {
+  // In this unit test, we're using the HTTPTestServer as a proxy server and
+  // issuing a CONNECT request with the magic host name "www.server-auth.com".
+  // The HTTPTestServer will return a 401 response, which we should balk at.
+  scoped_refptr<HTTPTestServer> server =
+      HTTPTestServer::CreateServer(L"", NULL);
+  ASSERT_TRUE(NULL != server.get());
+  TestDelegate d;
+  {
+    URLRequest r(GURL("https://www.server-auth.com/"), &d);
+    std::string proxy("localhost:");
+    proxy.append(IntToString(kHTTPDefaultPort));
+    r.set_context(new TestURLRequestContext(proxy));
+
+    r.Start();
+    EXPECT_TRUE(r.is_pending());
+
+    MessageLoop::current()->Run();
+
+    EXPECT_EQ(URLRequestStatus::FAILED, r.status().status());
+    EXPECT_EQ(net::ERR_UNEXPECTED_SERVER_AUTH, r.status().os_error());
+  }
+}
+
 TEST_F(URLRequestTest, GetTest_NoCache) {
   scoped_refptr<HTTPTestServer> server =
       HTTPTestServer::CreateServer(L"", NULL);