From 92d9cade98d356a2f12be8c633f8de1e750b876b Mon Sep 17 00:00:00 2001 From: "wtc@chromium.org" Date: Thu, 25 Jun 2009 23:40:24 +0000 Subject: Fix a crash in net::SSLClientSocketWin::OnIOComplete(int) when an HttpNetworkTransaction is destroyed while its SSLClientSocket is verifying a certificate. Document that ClientSocket::Disconnect aborts any pending IO and prevents completion callback from running, like a cancel method. Change the verifier_ member of SSLClientSocket to a scoped_ptr so that we can destroy the CertVerifier object in the Disconnect method. (CertVerifier doesn't have a cancel method, so we cancel pending certificate verification by destroying the CertVerifier object.) R=willchan BUG=http://crbug.com/13981 TEST=none. I can only reproduce this crash by modifying the source code to create that condition. Review URL: http://codereview.chromium.org/147159 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19307 0039d316-1c4b-4281-b951-d872f2087c98 --- net/socket/ssl_client_socket_nss.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'net/socket/ssl_client_socket_nss.h') diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h index f53e53a..2454966 100644 --- a/net/socket/ssl_client_socket_nss.h +++ b/net/socket/ssl_client_socket_nss.h @@ -15,7 +15,6 @@ #include #include "base/scoped_ptr.h" -#include "net/base/cert_verifier.h" #include "net/base/cert_verify_result.h" #include "net/base/completion_callback.h" #include "net/base/nss_memio.h" @@ -24,6 +23,7 @@ namespace net { +class CertVerifier; class X509Certificate; // An SSL client socket implemented with Mozilla NSS. @@ -99,7 +99,7 @@ class SSLClientSocketNSS : public SSLClientSocket { scoped_refptr server_cert_; CertVerifyResult server_cert_verify_result_; - CertVerifier verifier_; + scoped_ptr verifier_; bool completed_handshake_; -- cgit v1.1