Google Git
Sign in
chromium / chromium / src.git / 3b8455ae75609ee9e91e3af240882785d9942359^! / . / content / browser / loader / resource_loader.cc
commit3b8455ae75609ee9e91e3af240882785d9942359[log] [tgz]
authordavidben <[email protected]>Wed Mar 11 19:42:19 2015
committerCommit bot <[email protected]>Wed Mar 11 19:43:57 2015
tree2c35e7bb09f7f4ba820314a9224d1422cd50dddf
parentc0844e78ad3dd640f6a2a84f57681ead31647b07 [diff] [blame]
Cancel client auth requests when not promptable.

Currently they hang (holding the cache lock) or crash. This plumbs
through a dedicated delegate interface. If the delegate is destroyed with
no notification, the request is aborted. This is distinct from
affirmatively continuing with no certificat (what you get from pressing
cancel). This is extremely bizarre UI, but this CL does not attempt to
address the existing UI being odd.

This fixes the following:
- Closing a tab with a client auth prompt acts as if you affirmatively selected
  to continue without a cert.
- A SharedWorker requesting client auth hangs the request.
- Hitting client auth in an extension background page crashes.

BUG=417092,410967

Review URL: https://codereview.chromium.org/859213006

Cr-Commit-Position: refs/heads/master@{#320117}

diff --git a/content/browser/loader/resource_loader.cc b/content/browser/loader/resource_loader.cc
index b462a68..7bb55f1 100644
--- a/content/browser/loader/resource_loader.cc
+++ b/content/browser/loader/resource_loader.cc

@@ -311,8 +311,7 @@
       << "OnCertificateRequested called with ssl_client_auth_handler pending";
   ssl_client_auth_handler_.reset(new SSLClientAuthHandler(
       GetRequestInfo()->GetContext()->CreateClientCertStore(), request_.get(),
-      cert_info, base::Bind(&ResourceLoader::ContinueWithCertificate,
-                            weak_ptr_factory_.GetWeakPtr())));
+      cert_info, this));
   ssl_client_auth_handler_->SelectCertificate();
 }
 
@@ -503,6 +502,18 @@
   request_->ContinueDespiteLastError();
 }
 
+void ResourceLoader::ContinueWithCertificate(net::X509Certificate* cert) {
+  DCHECK(ssl_client_auth_handler_);
+  ssl_client_auth_handler_.reset();
+  request_->ContinueWithCertificate(cert);
+}
+
+void ResourceLoader::CancelCertificateSelection() {
+  DCHECK(ssl_client_auth_handler_);
+  ssl_client_auth_handler_.reset();
+  request_->CancelWithError(net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED);
+}
+
 void ResourceLoader::Resume() {
   DCHECK(!is_transferring_);
 
@@ -851,9 +862,4 @@
   }
 }
 
-void ResourceLoader::ContinueWithCertificate(net::X509Certificate* cert) {
-  ssl_client_auth_handler_.reset();
-  request_->ContinueWithCertificate(cert);
-}
-
 }  // namespace content