summaryrefslogtreecommitdiffstats
path: root/net/http/http_network_transaction.cc
diff options
context:
space:
mode:
Diffstat (limited to 'net/http/http_network_transaction.cc')
-rw-r--r--net/http/http_network_transaction.cc41
1 files changed, 24 insertions, 17 deletions
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index f8e362f..d1e7ec5 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -107,9 +107,11 @@ HttpNetworkTransaction::HttpNetworkTransaction(HttpNetworkSession* session)
read_buf_len_(0),
next_state_(STATE_NONE),
establishing_tunnel_(false) {
- session->ssl_config_service()->GetSSLConfig(&ssl_config_);
- if (session->http_stream_factory()->next_protos())
- ssl_config_.next_protos = *session->http_stream_factory()->next_protos();
+ session->ssl_config_service()->GetSSLConfig(&server_ssl_config_);
+ if (session->http_stream_factory()->next_protos()) {
+ server_ssl_config_.next_protos =
+ *session->http_stream_factory()->next_protos();
+ }
}
HttpNetworkTransaction::~HttpNetworkTransaction() {
@@ -157,7 +159,7 @@ int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
start_time_ = base::Time::Now();
if (request_->load_flags & LOAD_DISABLE_CERT_REVOCATION_CHECKING)
- ssl_config_.rev_checking_enabled = false;
+ server_ssl_config_.rev_checking_enabled = false;
next_state_ = STATE_CREATE_STREAM;
int rv = DoLoop(OK);
@@ -189,10 +191,12 @@ int HttpNetworkTransaction::RestartWithCertificate(
DCHECK(!stream_.get());
DCHECK_EQ(STATE_NONE, next_state_);
- ssl_config_.client_cert = client_cert;
+ SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
+ &proxy_ssl_config_ : &server_ssl_config_;
+ ssl_config->send_client_cert = true;
+ ssl_config->client_cert = client_cert;
session_->ssl_client_auth_cache()->Add(
response_.cert_request_info->host_and_port, client_cert);
- ssl_config_.send_client_cert = true;
// Reset the other member variables.
// Note: this is necessary only with SSL renegotiation.
ResetStateForRestart();
@@ -375,7 +379,7 @@ void HttpNetworkTransaction::OnStreamReady(const SSLConfig& used_ssl_config,
DCHECK(stream_request_.get());
stream_.reset(stream);
- ssl_config_ = used_ssl_config;
+ server_ssl_config_ = used_ssl_config;
proxy_info_ = used_proxy_info;
response_.was_npn_negotiated = stream_request_->was_npn_negotiated();
response_.was_fetched_via_spdy = stream_request_->using_spdy();
@@ -390,7 +394,7 @@ void HttpNetworkTransaction::OnStreamFailed(int result,
DCHECK_NE(OK, result);
DCHECK(stream_request_.get());
DCHECK(!stream_.get());
- ssl_config_ = used_ssl_config;
+ server_ssl_config_ = used_ssl_config;
OnIOComplete(result);
}
@@ -405,7 +409,7 @@ void HttpNetworkTransaction::OnCertificateError(
DCHECK(!stream_.get());
response_.ssl_info = ssl_info;
- ssl_config_ = used_ssl_config;
+ server_ssl_config_ = used_ssl_config;
// TODO(mbelshe): For now, we're going to pass the error through, and that
// will close the stream_request in all cases. This means that we're always
@@ -428,7 +432,7 @@ void HttpNetworkTransaction::OnNeedsProxyAuth(
response_.headers = proxy_response.headers;
response_.auth_challenge = proxy_response.auth_challenge;
headers_valid_ = true;
- ssl_config_ = used_ssl_config;
+ server_ssl_config_ = used_ssl_config;
proxy_info_ = used_proxy_info;
auth_controllers_[HttpAuth::AUTH_PROXY] = auth_controller;
@@ -442,7 +446,7 @@ void HttpNetworkTransaction::OnNeedsClientAuth(
SSLCertRequestInfo* cert_info) {
DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_);
- ssl_config_ = used_ssl_config;
+ server_ssl_config_ = used_ssl_config;
response_.cert_request_info = cert_info;
OnIOComplete(ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
}
@@ -456,7 +460,7 @@ void HttpNetworkTransaction::OnHttpsProxyTunnelResponse(
headers_valid_ = true;
response_ = response_info;
- ssl_config_ = used_ssl_config;
+ server_ssl_config_ = used_ssl_config;
proxy_info_ = used_proxy_info;
stream_.reset(stream);
stream_request_.reset(); // we're done with the stream request
@@ -583,7 +587,8 @@ int HttpNetworkTransaction::DoCreateStream() {
stream_request_.reset(
session_->http_stream_factory()->RequestStream(
*request_,
- ssl_config_,
+ server_ssl_config_,
+ proxy_ssl_config_,
this,
net_log_));
DCHECK(stream_request_.get());
@@ -1124,8 +1129,10 @@ int HttpNetworkTransaction::HandleCertificateRequest(int error) {
// TODO(davidben): Add a unit test which covers this path; we need to be
// able to send a legitimate certificate and also bypass/clear the
// SSL session cache.
- ssl_config_.client_cert = client_cert;
- ssl_config_.send_client_cert = true;
+ SSLConfig* ssl_config = response_.cert_request_info->is_proxy ?
+ &proxy_ssl_config_ : &server_ssl_config_;
+ ssl_config->send_client_cert = true;
+ ssl_config->client_cert = client_cert;
next_state_ = STATE_CREATE_STREAM;
// Reset the other member variables.
// Note: this is necessary only with SSL renegotiation.
@@ -1139,7 +1146,7 @@ int HttpNetworkTransaction::HandleCertificateRequest(int error) {
// generated by the SSL proxy. http://crbug.com/69329
int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
DCHECK(request_);
- if (ssl_config_.send_client_cert &&
+ if (server_ssl_config_.send_client_cert &&
(error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) {
session_->ssl_client_auth_cache()->Remove(
GetHostAndPort(request_->url));
@@ -1150,7 +1157,7 @@ int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
case ERR_SSL_DECOMPRESSION_FAILURE_ALERT:
case ERR_SSL_BAD_RECORD_MAC_ALERT:
- if (ssl_config_.tls1_enabled) {
+ if (server_ssl_config_.tls1_enabled) {
// This could be a TLS-intolerant server, an SSL 3.0 server that
// chose a TLS-only cipher suite or a server with buggy DEFLATE
// support. Turn off TLS 1.0, DEFLATE support and retry.
generated by cgit v1.1 at 2025-03-12 00:58:55 +0000