AU: Restrict to HTTPS for official builds.
Also, fix multi http fetcher unit tests to predictably force non-expensive
connections.
BUG=7945
TEST=unit tests; tested on device with dev server as well as with
no /root/.dev_mode, dev server, omaha update
Change-Id: Iacc0188b464ec018fc0dbbc8d7d447386113ceb7
Review URL: http://codereview.chromium.org/4004004
diff --git a/libcurl_http_fetcher.cc b/libcurl_http_fetcher.cc
index 9cacf86..a921725 100644
--- a/libcurl_http_fetcher.cc
+++ b/libcurl_http_fetcher.cc
@@ -43,6 +43,10 @@
return FlimFlamProxy::IsExpensiveConnectionType(type);
}
+bool LibcurlHttpFetcher::IsOfficialBuild() const {
+ return force_build_type_ ? forced_official_build_ : utils::IsOfficialBuild();
+}
+
void LibcurlHttpFetcher::ResumeTransfer(const std::string& url) {
LOG(INFO) << "Starting/Resuming transfer";
CHECK(!transfer_in_progress_);
@@ -82,9 +86,7 @@
url_to_use = ""; // Sabotage the URL
}
- CHECK_EQ(curl_easy_setopt(curl_handle_,
- CURLOPT_URL,
- url_to_use.c_str()),
+ CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_URL, url_to_use.c_str()),
CURLE_OK);
// If the connection drops under 10 bytes/sec for 3 minutes, reconnect.
@@ -105,6 +107,16 @@
CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_CAPATH, kCACertificatesPath),
CURLE_OK);
+ // Restrict protocols to HTTPS in official builds.
+ if (IsOfficialBuild()) {
+ CHECK_EQ(curl_easy_setopt(curl_handle_, CURLOPT_PROTOCOLS, CURLPROTO_HTTPS),
+ CURLE_OK);
+ CHECK_EQ(curl_easy_setopt(curl_handle_,
+ CURLOPT_REDIR_PROTOCOLS,
+ CURLPROTO_HTTPS),
+ CURLE_OK);
+ }
+
CHECK_EQ(curl_multi_add_handle(curl_multi_handle_, curl_handle_), CURLM_OK);
transfer_in_progress_ = true;
}