Check ignore-certificate-erros in SocketStream

WebSocket should ignore certificate errors when chromium starts with
--ignore-certificate-erros flag.

BUG=141762
TEST=SSLUITestIgnoreCertErrors.TestWSS


Review URL: https://chromiumcodereview.appspot.com/10830256

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151208 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/ssl/ssl_browser_tests.cc

@@ -296,6 +296,16 @@ class SSLUITestBlock : public SSLUITest {
   }
 };
 
+class SSLUITestIgnoreCertErrors : public SSLUITest {
+ public:
+  SSLUITestIgnoreCertErrors() : SSLUITest() {}
+
+  virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE {
+    // Browser will ignore certificate errors.
+    command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
+  }
+};
+
 // Visits a regular page over http.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestHTTP) {
   ASSERT_TRUE(test_server()->Start());
@@ -1449,6 +1459,38 @@ IN_PROC_BROWSER_TEST_F(SSLUITestBlock, TestBlockRunningInsecureContent) {
   CheckAuthenticatedState(chrome::GetActiveWebContents(browser()), false);
 }
 
+// Visit a page and establish a WebSocket connection over bad https with
+// --ignore-certificate-errors. The connection should be established without
+// interstitial page showing.
+IN_PROC_BROWSER_TEST_F(SSLUITestIgnoreCertErrors, TestWSS) {
+  ASSERT_TRUE(test_server()->Start());
+  ASSERT_TRUE(https_server_expired_.Start());
+
+  // Start pywebsocket with TLS.
+  content::TestWebSocketServer wss_server;
+  int port = wss_server.UseRandomPort();
+  wss_server.UseTLS();
+  FilePath wss_root_dir;
+  ASSERT_TRUE(PathService::Get(chrome::DIR_TEST_DATA, &wss_root_dir));
+  ASSERT_TRUE(wss_server.Start(wss_root_dir));
+
+  // Setup page title observer.
+  WebContents* tab = chrome::GetActiveWebContents(browser());
+  content::TitleWatcher watcher(tab, ASCIIToUTF16("PASS"));
+  watcher.AlsoWaitForTitle(ASCIIToUTF16("FAIL"));
+
+  // Visit bad HTTPS page.
+  std::string url_path =
+      StringPrintf("%s%d%s", "https://localhost:", port, "/wss.html");
+  ui_test_utils::NavigateToURL(browser(), GURL(url_path));
+
+  // We shouldn't have an interstitial page showing here.
+
+  // Test page run a WebSocket wss connection test. The result will be shown
+  // as page title.
+  const string16 result = watcher.WaitAndGetTitle();
+  EXPECT_TRUE(LowerCaseEqualsASCII(result, "pass"));
+}
 
 // TODO(jcampan): more tests to do below.
 

net/socket_stream/socket_stream.cc

@@ -29,6 +29,7 @@
 #include "net/http/http_network_session.h"
 #include "net/http/http_request_info.h"
 #include "net/http/http_response_headers.h"
+#include "net/http/http_stream_factory.h"
 #include "net/http/http_transaction_factory.h"
 #include "net/http/http_util.h"
 #include "net/socket/client_socket_factory.h"
@@ -1040,7 +1041,7 @@ int SocketStream::DoSSLHandleCertError(int result) {
   DCHECK_EQ(STATE_NONE, next_state_);
   DCHECK(IsCertificateError(result));
   result = HandleCertificateError(result);
-  if (result == ERR_IO_PENDING)
+  if (result == OK || result == ERR_IO_PENDING)
     next_state_ = STATE_SSL_HANDLE_CERT_ERROR_COMPLETE;
   else
     next_state_ = STATE_CLOSE;
@@ -1297,12 +1298,16 @@ void SocketStream::DoRestartWithAuth() {
 
 int SocketStream::HandleCertificateError(int result) {
   DCHECK(IsCertificateError(result));
+  SSLClientSocket* ssl_socket = static_cast<SSLClientSocket*>(socket_.get());
+  DCHECK(ssl_socket);
+
+  if (HttpStreamFactory::ignore_certificate_errors() &&
+      ssl_socket->IgnoreCertError(result, LOAD_IGNORE_ALL_CERT_ERRORS))
+    return OK;
 
   if (!delegate_)
     return result;
 
-  SSLClientSocket* ssl_socket = static_cast<SSLClientSocket*>(socket_.get());
-  DCHECK(ssl_socket);
   SSLInfo ssl_info;
   ssl_socket->GetSSLInfo(&ssl_info);