Make proxy fallback logic more captive-portal friendly,

particularly in the case of SSL proxies.

Errors that one is likely to see when trying to talk SSL
to a captive portal now trigger fallback.

The errors are:

ERR_CONNECTION_TIMED_OUT (Portal blackholes SSL)
ERR_PROXY_CERTIFICATE_INVALID (Portal uses self-signed cert)
ERR_SSL_PROTOCOL_ERROR (Portal talks HTTP over port 443)

BUG=176053
Review URL: https://codereview.chromium.org/12252015

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182411 0039d316-1c4b-4281-b951-d872f2087c98

net/http/http_stream_factory_impl_job.cc

@@ -1175,19 +1175,26 @@ int HttpStreamFactoryImpl::Job::ReconsiderProxyAfterError(int error) {
     case ERR_INTERNET_DISCONNECTED:
     case ERR_ADDRESS_UNREACHABLE:
     case ERR_CONNECTION_CLOSED:
+    case ERR_CONNECTION_TIMED_OUT:
     case ERR_CONNECTION_RESET:
     case ERR_CONNECTION_REFUSED:
     case ERR_CONNECTION_ABORTED:
     case ERR_TIMED_OUT:
     case ERR_TUNNEL_CONNECTION_FAILED:
     case ERR_SOCKS_CONNECTION_FAILED:
+    // This can happen in the case of trying to talk to a proxy using SSL, and
+    // ending up talking to a captive portal that supports SSL instead.
+    case ERR_PROXY_CERTIFICATE_INVALID:
+    // This can happen when trying to talk SSL to a non-SSL server (Like a
+    // captive portal).
+    case ERR_SSL_PROTOCOL_ERROR:
       break;
     case ERR_SOCKS_CONNECTION_HOST_UNREACHABLE:
       // Remap the SOCKS-specific "host unreachable" error to a more
       // generic error code (this way consumers like the link doctor
       // know to substitute their error page).
       //
-      // Note that if the host resolving was done by the SOCSK5 proxy, we can't
+      // Note that if the host resolving was done by the SOCKS5 proxy, we can't
       // differentiate between a proxy-side "host not found" versus a proxy-side
       // "address unreachable" error, and will report both of these failures as
       // ERR_ADDRESS_UNREACHABLE.