| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 364 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 375 // TODO(wtc,mattm): this is temporary while DBC support is changed into | 375 // TODO(wtc,mattm): this is temporary while DBC support is changed into |
| 376 // Channel ID. | 376 // Channel ID. |
| 377 return false; | 377 return false; |
| 378 } | 378 } |
| 379 | 379 |
| 380 void DestroyCertificates(CERTCertificate** certs, size_t len) { | 380 void DestroyCertificates(CERTCertificate** certs, size_t len) { |
| 381 for (size_t i = 0; i < len; i++) | 381 for (size_t i = 0; i < len; i++) |
| 382 CERT_DestroyCertificate(certs[i]); | 382 CERT_DestroyCertificate(certs[i]); |
| 383 } | 383 } |
| 384 | 384 |
| 385 // Helper function to make it possible to log events from within the |
| 386 // SSLClientSocketNSS::Core. Can't use Bind with BoundNetLog::AddEntry directly |
| 387 // on Windows because it is overloaded. |
| 388 void AddLogEvent(BoundNetLog* net_log, |
| 389 NetLog::EventType event_type, |
| 390 const scoped_refptr<NetLog::EventParameters>& event_params) { |
| 391 if (!net_log) |
| 392 return; |
| 393 net_log->AddEvent(event_type, event_params); |
| 394 } |
| 395 |
| 385 // Helper function to make it easier to call BoundNetLog::AddByteTransferEvent | 396 // Helper function to make it easier to call BoundNetLog::AddByteTransferEvent |
| 386 // from within the SSLClientSocketNSS::Core. | 397 // from within the SSLClientSocketNSS::Core. |
| 387 // AddByteTransferEvent expects to receive a const char*, which within the | 398 // AddByteTransferEvent expects to receive a const char*, which within the |
| 388 // Core is backed by an IOBuffer. If the "const char*" is bound via | 399 // Core is backed by an IOBuffer. If the "const char*" is bound via |
| 389 // base::Bind and posted to another thread, and the IOBuffer that backs that | 400 // base::Bind and posted to another thread, and the IOBuffer that backs that |
| 390 // pointer then goes out of scope on the origin thread, this would result in | 401 // pointer then goes out of scope on the origin thread, this would result in |
| 391 // an invalid read of a stale pointer. | 402 // an invalid read of a stale pointer. |
| 392 // Instead, provide a signature that accepts an IOBuffer*, so that a reference | 403 // Instead, provide a signature that accepts an IOBuffer*, so that a reference |
| 393 // to the owning IOBuffer can be bound to the Callback. This ensures that the | 404 // to the owning IOBuffer can be bound to the Callback. This ensures that the |
| 394 // IOBuffer will stay alive long enough to cross threads if needed. | 405 // IOBuffer will stay alive long enough to cross threads if needed. |
| (...skipping 890 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1285 CERTDistNames* ca_names, | 1296 CERTDistNames* ca_names, |
| 1286 CERTCertList** result_certs, | 1297 CERTCertList** result_certs, |
| 1287 void** result_private_key, | 1298 void** result_private_key, |
| 1288 CERTCertificate** result_nss_certificate, | 1299 CERTCertificate** result_nss_certificate, |
| 1289 SECKEYPrivateKey** result_nss_private_key) { | 1300 SECKEYPrivateKey** result_nss_private_key) { |
| 1290 Core* core = reinterpret_cast<Core*>(arg); | 1301 Core* core = reinterpret_cast<Core*>(arg); |
| 1291 DCHECK(core->OnNSSTaskRunner()); | 1302 DCHECK(core->OnNSSTaskRunner()); |
| 1292 | 1303 |
| 1293 core->PostOrRunCallback( | 1304 core->PostOrRunCallback( |
| 1294 FROM_HERE, | 1305 FROM_HERE, |
| 1295 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1306 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1296 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, | 1307 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, |
| 1297 scoped_refptr<NetLog::EventParameters>())); | 1308 scoped_refptr<NetLog::EventParameters>())); |
| 1298 | 1309 |
| 1299 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); | 1310 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); |
| 1300 | 1311 |
| 1301 // Check if a domain-bound certificate is requested. | 1312 // Check if a domain-bound certificate is requested. |
| 1302 if (DomainBoundCertNegotiated(socket)) { | 1313 if (DomainBoundCertNegotiated(socket)) { |
| 1303 return core->DomainBoundClientAuthHandler(cert_types, | 1314 return core->DomainBoundClientAuthHandler(cert_types, |
| 1304 result_nss_certificate, | 1315 result_nss_certificate, |
| 1305 result_nss_private_key); | 1316 result_nss_private_key); |
| (...skipping 26 matching lines...) Expand all Loading... |
| 1332 | 1343 |
| 1333 // TODO(rsleevi): Error checking for NSS allocation errors. | 1344 // TODO(rsleevi): Error checking for NSS allocation errors. |
| 1334 CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB(); | 1345 CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB(); |
| 1335 CERTCertificate* user_cert = CERT_NewTempCertificate( | 1346 CERTCertificate* user_cert = CERT_NewTempCertificate( |
| 1336 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); | 1347 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); |
| 1337 if (!user_cert) { | 1348 if (!user_cert) { |
| 1338 // Importing the certificate can fail for reasons including a serial | 1349 // Importing the certificate can fail for reasons including a serial |
| 1339 // number collision. See crbug.com/97355. | 1350 // number collision. See crbug.com/97355. |
| 1340 core->PostOrRunCallback( | 1351 core->PostOrRunCallback( |
| 1341 FROM_HERE, | 1352 FROM_HERE, |
| 1342 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1353 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1343 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1354 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1344 make_scoped_refptr( | 1355 make_scoped_refptr( |
| 1345 new NetLogIntegerParameter("cert_count", 0)))); | 1356 new NetLogIntegerParameter("cert_count", 0)))); |
| 1346 return SECFailure; | 1357 return SECFailure; |
| 1347 } | 1358 } |
| 1348 CERTCertList* cert_chain = CERT_NewCertList(); | 1359 CERTCertList* cert_chain = CERT_NewCertList(); |
| 1349 CERT_AddCertToListTail(cert_chain, user_cert); | 1360 CERT_AddCertToListTail(cert_chain, user_cert); |
| 1350 | 1361 |
| 1351 // Add the intermediates. | 1362 // Add the intermediates. |
| 1352 X509Certificate::OSCertHandles intermediates = | 1363 X509Certificate::OSCertHandles intermediates = |
| 1353 core->ssl_config_.client_cert->GetIntermediateCertificates(); | 1364 core->ssl_config_.client_cert->GetIntermediateCertificates(); |
| 1354 for (X509Certificate::OSCertHandles::const_iterator it = | 1365 for (X509Certificate::OSCertHandles::const_iterator it = |
| 1355 intermediates.begin(); it != intermediates.end(); ++it) { | 1366 intermediates.begin(); it != intermediates.end(); ++it) { |
| 1356 der_cert.data = (*it)->pbCertEncoded; | 1367 der_cert.data = (*it)->pbCertEncoded; |
| 1357 der_cert.len = (*it)->cbCertEncoded; | 1368 der_cert.len = (*it)->cbCertEncoded; |
| 1358 | 1369 |
| 1359 CERTCertificate* intermediate = CERT_NewTempCertificate( | 1370 CERTCertificate* intermediate = CERT_NewTempCertificate( |
| 1360 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); | 1371 db_handle, &der_cert, NULL, PR_FALSE, PR_TRUE); |
| 1361 if (!intermediate) { | 1372 if (!intermediate) { |
| 1362 CERT_DestroyCertList(cert_chain); | 1373 CERT_DestroyCertList(cert_chain); |
| 1363 core->PostOrRunCallback( | 1374 core->PostOrRunCallback( |
| 1364 FROM_HERE, | 1375 FROM_HERE, |
| 1365 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1376 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1366 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1377 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1367 make_scoped_refptr( | 1378 make_scoped_refptr( |
| 1368 new NetLogIntegerParameter("cert_count", 0)))); | 1379 new NetLogIntegerParameter("cert_count", 0)))); |
| 1369 return SECFailure; | 1380 return SECFailure; |
| 1370 } | 1381 } |
| 1371 CERT_AddCertToListTail(cert_chain, intermediate); | 1382 CERT_AddCertToListTail(cert_chain, intermediate); |
| 1372 } | 1383 } |
| 1373 PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>( | 1384 PCERT_KEY_CONTEXT key_context = reinterpret_cast<PCERT_KEY_CONTEXT>( |
| 1374 PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT))); | 1385 PORT_ZAlloc(sizeof(CERT_KEY_CONTEXT))); |
| 1375 key_context->cbSize = sizeof(*key_context); | 1386 key_context->cbSize = sizeof(*key_context); |
| 1376 // NSS will free this context when no longer in use, but the | 1387 // NSS will free this context when no longer in use, but the |
| 1377 // |must_free| result from CryptAcquireCertificatePrivateKey was false | 1388 // |must_free| result from CryptAcquireCertificatePrivateKey was false |
| 1378 // so we increment the refcount to negate NSS's future decrement. | 1389 // so we increment the refcount to negate NSS's future decrement. |
| 1379 CryptContextAddRef(crypt_prov, NULL, 0); | 1390 CryptContextAddRef(crypt_prov, NULL, 0); |
| 1380 key_context->hCryptProv = crypt_prov; | 1391 key_context->hCryptProv = crypt_prov; |
| 1381 key_context->dwKeySpec = key_spec; | 1392 key_context->dwKeySpec = key_spec; |
| 1382 *result_private_key = key_context; | 1393 *result_private_key = key_context; |
| 1383 *result_certs = cert_chain; | 1394 *result_certs = cert_chain; |
| 1384 | 1395 |
| 1385 int cert_count = 1 + intermediates.size(); | 1396 int cert_count = 1 + intermediates.size(); |
| 1386 core->PostOrRunCallback( | 1397 core->PostOrRunCallback( |
| 1387 FROM_HERE, | 1398 FROM_HERE, |
| 1388 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1399 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1389 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1400 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1390 make_scoped_refptr( | 1401 make_scoped_refptr( |
| 1391 new NetLogIntegerParameter("cert_count", | 1402 new NetLogIntegerParameter("cert_count", |
| 1392 cert_count)))); | 1403 cert_count)))); |
| 1393 return SECSuccess; | 1404 return SECSuccess; |
| 1394 } | 1405 } |
| 1395 LOG(WARNING) << "Client cert found without private key"; | 1406 LOG(WARNING) << "Client cert found without private key"; |
| 1396 } | 1407 } |
| 1397 | 1408 |
| 1398 // Send no client certificate. | 1409 // Send no client certificate. |
| 1399 core->PostOrRunCallback( | 1410 core->PostOrRunCallback( |
| 1400 FROM_HERE, | 1411 FROM_HERE, |
| 1401 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1412 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1402 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1413 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1403 make_scoped_refptr( | 1414 make_scoped_refptr( |
| 1404 new NetLogIntegerParameter("cert_count", 0)))); | 1415 new NetLogIntegerParameter("cert_count", 0)))); |
| 1405 return SECFailure; | 1416 return SECFailure; |
| 1406 } | 1417 } |
| 1407 | 1418 |
| 1408 core->nss_handshake_state_.client_certs.clear(); | 1419 core->nss_handshake_state_.client_certs.clear(); |
| 1409 | 1420 |
| 1410 std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames); | 1421 std::vector<CERT_NAME_BLOB> issuer_list(ca_names->nnames); |
| 1411 for (int i = 0; i < ca_names->nnames; ++i) { | 1422 for (int i = 0; i < ca_names->nnames; ++i) { |
| 1412 issuer_list[i].cbData = ca_names->names[i].len; | 1423 issuer_list[i].cbData = ca_names->names[i].len; |
| 1413 issuer_list[i].pbData = ca_names->names[i].data; | 1424 issuer_list[i].pbData = ca_names->names[i].data; |
| 1414 } | 1425 } |
| 1415 | 1426 |
| 1416 // Client certificates of the user are in the "MY" system certificate store. | 1427 // Client certificates of the user are in the "MY" system certificate store. |
| 1417 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); | 1428 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); |
| 1418 if (!my_cert_store) { | 1429 if (!my_cert_store) { |
| 1419 PLOG(ERROR) << "Could not open the \"MY\" system certificate store"; | 1430 PLOG(ERROR) << "Could not open the \"MY\" system certificate store"; |
| 1420 | 1431 |
| 1421 core->PostOrRunCallback( | 1432 core->PostOrRunCallback( |
| 1422 FROM_HERE, | 1433 FROM_HERE, |
| 1423 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1434 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1424 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1435 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1425 make_scoped_refptr( | 1436 make_scoped_refptr( |
| 1426 new NetLogIntegerParameter("cert_count", 0)))); | 1437 new NetLogIntegerParameter("cert_count", 0)))); |
| 1427 return SECFailure; | 1438 return SECFailure; |
| 1428 } | 1439 } |
| 1429 | 1440 |
| 1430 // Enumerate the client certificates. | 1441 // Enumerate the client certificates. |
| 1431 CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para; | 1442 CERT_CHAIN_FIND_BY_ISSUER_PARA find_by_issuer_para; |
| 1432 memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para)); | 1443 memset(&find_by_issuer_para, 0, sizeof(find_by_issuer_para)); |
| 1433 find_by_issuer_para.cbSize = sizeof(find_by_issuer_para); | 1444 find_by_issuer_para.cbSize = sizeof(find_by_issuer_para); |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1558 } | 1569 } |
| 1559 } | 1570 } |
| 1560 if (os_error == noErr) { | 1571 if (os_error == noErr) { |
| 1561 int cert_count = 0; | 1572 int cert_count = 0; |
| 1562 if (chain) { | 1573 if (chain) { |
| 1563 cert_count = CFArrayGetCount(chain); | 1574 cert_count = CFArrayGetCount(chain); |
| 1564 CFRelease(chain); | 1575 CFRelease(chain); |
| 1565 } | 1576 } |
| 1566 core->PostOrRunCallback( | 1577 core->PostOrRunCallback( |
| 1567 FROM_HERE, | 1578 FROM_HERE, |
| 1568 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1579 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1569 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1580 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1570 make_scoped_refptr( | 1581 make_scoped_refptr( |
| 1571 new NetLogIntegerParameter("cert_count", | 1582 new NetLogIntegerParameter("cert_count", |
| 1572 cert_count)))); | 1583 cert_count)))); |
| 1573 return SECSuccess; | 1584 return SECSuccess; |
| 1574 } | 1585 } |
| 1575 OSSTATUS_LOG(WARNING, os_error) | 1586 OSSTATUS_LOG(WARNING, os_error) |
| 1576 << "Client cert found, but could not be used"; | 1587 << "Client cert found, but could not be used"; |
| 1577 if (*result_certs) { | 1588 if (*result_certs) { |
| 1578 CERT_DestroyCertList(*result_certs); | 1589 CERT_DestroyCertList(*result_certs); |
| 1579 *result_certs = NULL; | 1590 *result_certs = NULL; |
| 1580 } | 1591 } |
| 1581 if (*result_private_key) | 1592 if (*result_private_key) |
| 1582 *result_private_key = NULL; | 1593 *result_private_key = NULL; |
| 1583 if (private_key) | 1594 if (private_key) |
| 1584 CFRelease(private_key); | 1595 CFRelease(private_key); |
| 1585 if (chain) | 1596 if (chain) |
| 1586 CFRelease(chain); | 1597 CFRelease(chain); |
| 1587 } | 1598 } |
| 1588 | 1599 |
| 1589 // Send no client certificate. | 1600 // Send no client certificate. |
| 1590 core->PostOrRunCallback( | 1601 core->PostOrRunCallback( |
| 1591 FROM_HERE, | 1602 FROM_HERE, |
| 1592 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1603 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1593 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1604 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1594 make_scoped_refptr( | 1605 make_scoped_refptr( |
| 1595 new NetLogIntegerParameter("cert_count", 0)))); | 1606 new NetLogIntegerParameter("cert_count", 0)))); |
| 1596 return SECFailure; | 1607 return SECFailure; |
| 1597 } | 1608 } |
| 1598 | 1609 |
| 1599 core->nss_handshake_state_.client_certs.clear(); | 1610 core->nss_handshake_state_.client_certs.clear(); |
| 1600 | 1611 |
| 1601 // First, get the cert issuer names allowed by the server. | 1612 // First, get the cert issuer names allowed by the server. |
| 1602 std::vector<CertPrincipal> valid_issuers; | 1613 std::vector<CertPrincipal> valid_issuers; |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1637 void* arg, | 1648 void* arg, |
| 1638 PRFileDesc* socket, | 1649 PRFileDesc* socket, |
| 1639 CERTDistNames* ca_names, | 1650 CERTDistNames* ca_names, |
| 1640 CERTCertificate** result_certificate, | 1651 CERTCertificate** result_certificate, |
| 1641 SECKEYPrivateKey** result_private_key) { | 1652 SECKEYPrivateKey** result_private_key) { |
| 1642 Core* core = reinterpret_cast<Core*>(arg); | 1653 Core* core = reinterpret_cast<Core*>(arg); |
| 1643 DCHECK(core->OnNSSTaskRunner()); | 1654 DCHECK(core->OnNSSTaskRunner()); |
| 1644 | 1655 |
| 1645 core->PostOrRunCallback( | 1656 core->PostOrRunCallback( |
| 1646 FROM_HERE, | 1657 FROM_HERE, |
| 1647 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1658 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1648 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, | 1659 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED, |
| 1649 scoped_refptr<NetLog::EventParameters>())); | 1660 scoped_refptr<NetLog::EventParameters>())); |
| 1650 | 1661 |
| 1651 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); | 1662 const SECItem* cert_types = SSL_GetRequestedClientCertificateTypes(socket); |
| 1652 | 1663 |
| 1653 // Check if a domain-bound certificate is requested. | 1664 // Check if a domain-bound certificate is requested. |
| 1654 if (DomainBoundCertNegotiated(socket)) { | 1665 if (DomainBoundCertNegotiated(socket)) { |
| 1655 return core->DomainBoundClientAuthHandler( | 1666 return core->DomainBoundClientAuthHandler( |
| 1656 cert_types, result_certificate, result_private_key); | 1667 cert_types, result_certificate, result_private_key); |
| 1657 } | 1668 } |
| (...skipping 11 matching lines...) Expand all Loading... |
| 1669 if (privkey) { | 1680 if (privkey) { |
| 1670 // TODO(jsorianopastor): We should wait for server certificate | 1681 // TODO(jsorianopastor): We should wait for server certificate |
| 1671 // verification before sending our credentials. See | 1682 // verification before sending our credentials. See |
| 1672 // http://crbug.com/13934. | 1683 // http://crbug.com/13934. |
| 1673 *result_certificate = cert; | 1684 *result_certificate = cert; |
| 1674 *result_private_key = privkey; | 1685 *result_private_key = privkey; |
| 1675 // A cert_count of -1 means the number of certificates is unknown. | 1686 // A cert_count of -1 means the number of certificates is unknown. |
| 1676 // NSS will construct the certificate chain. | 1687 // NSS will construct the certificate chain. |
| 1677 core->PostOrRunCallback( | 1688 core->PostOrRunCallback( |
| 1678 FROM_HERE, | 1689 FROM_HERE, |
| 1679 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1690 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1680 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1691 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1681 make_scoped_refptr( | 1692 make_scoped_refptr( |
| 1682 new NetLogIntegerParameter("cert_count", -1)))); | 1693 new NetLogIntegerParameter("cert_count", -1)))); |
| 1683 | 1694 |
| 1684 return SECSuccess; | 1695 return SECSuccess; |
| 1685 } | 1696 } |
| 1686 LOG(WARNING) << "Client cert found without private key"; | 1697 LOG(WARNING) << "Client cert found without private key"; |
| 1687 } | 1698 } |
| 1688 // Send no client certificate. | 1699 // Send no client certificate. |
| 1689 core->PostOrRunCallback( | 1700 core->PostOrRunCallback( |
| 1690 FROM_HERE, | 1701 FROM_HERE, |
| 1691 base::Bind(&BoundNetLog::AddEvent, core->weak_net_log_, | 1702 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1692 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 1703 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 1693 make_scoped_refptr( | 1704 make_scoped_refptr( |
| 1694 new NetLogIntegerParameter("cert_count", 0)))); | 1705 new NetLogIntegerParameter("cert_count", 0)))); |
| 1695 return SECFailure; | 1706 return SECFailure; |
| 1696 } | 1707 } |
| 1697 | 1708 |
| 1698 core->nss_handshake_state_.client_certs.clear(); | 1709 core->nss_handshake_state_.client_certs.clear(); |
| 1699 | 1710 |
| 1700 // Iterate over all client certificates. | 1711 // Iterate over all client certificates. |
| 1701 CERTCertList* client_certs = CERT_FindUserCertsByUsage( | 1712 CERTCertList* client_certs = CERT_FindUserCertsByUsage( |
| (...skipping 230 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1932 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 1943 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
| 1933 | 1944 |
| 1934 if (result < 0) | 1945 if (result < 0) |
| 1935 return result; | 1946 return result; |
| 1936 | 1947 |
| 1937 if (!nss_bufs_) { | 1948 if (!nss_bufs_) { |
| 1938 LOG(DFATAL) << "!nss_bufs_"; | 1949 LOG(DFATAL) << "!nss_bufs_"; |
| 1939 int rv = ERR_UNEXPECTED; | 1950 int rv = ERR_UNEXPECTED; |
| 1940 PostOrRunCallback( | 1951 PostOrRunCallback( |
| 1941 FROM_HERE, | 1952 FROM_HERE, |
| 1942 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 1953 base::Bind(&AddLogEvent, weak_net_log_, |
| 1943 NetLog::TYPE_SSL_READ_ERROR, | 1954 NetLog::TYPE_SSL_READ_ERROR, |
| 1944 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | 1955 make_scoped_refptr(new SSLErrorParams(rv, 0)))); |
| 1945 return rv; | 1956 return rv; |
| 1946 } | 1957 } |
| 1947 | 1958 |
| 1948 bool network_moved; | 1959 bool network_moved; |
| 1949 int rv; | 1960 int rv; |
| 1950 do { | 1961 do { |
| 1951 rv = DoPayloadRead(); | 1962 rv = DoPayloadRead(); |
| 1952 network_moved = DoTransportIO(); | 1963 network_moved = DoTransportIO(); |
| 1953 } while (rv == ERR_IO_PENDING && network_moved); | 1964 } while (rv == ERR_IO_PENDING && network_moved); |
| 1954 | 1965 |
| 1955 return rv; | 1966 return rv; |
| 1956 } | 1967 } |
| 1957 | 1968 |
| 1958 int SSLClientSocketNSS::Core::DoWriteLoop(int result) { | 1969 int SSLClientSocketNSS::Core::DoWriteLoop(int result) { |
| 1959 DCHECK(OnNSSTaskRunner()); | 1970 DCHECK(OnNSSTaskRunner()); |
| 1960 DCHECK(handshake_callback_called_); | 1971 DCHECK(handshake_callback_called_); |
| 1961 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 1972 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
| 1962 | 1973 |
| 1963 if (result < 0) | 1974 if (result < 0) |
| 1964 return result; | 1975 return result; |
| 1965 | 1976 |
| 1966 if (!nss_bufs_) { | 1977 if (!nss_bufs_) { |
| 1967 LOG(DFATAL) << "!nss_bufs_"; | 1978 LOG(DFATAL) << "!nss_bufs_"; |
| 1968 int rv = ERR_UNEXPECTED; | 1979 int rv = ERR_UNEXPECTED; |
| 1969 PostOrRunCallback( | 1980 PostOrRunCallback( |
| 1970 FROM_HERE, | 1981 FROM_HERE, |
| 1971 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 1982 base::Bind(&AddLogEvent, weak_net_log_, |
| 1972 NetLog::TYPE_SSL_READ_ERROR, | 1983 NetLog::TYPE_SSL_READ_ERROR, |
| 1973 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | 1984 make_scoped_refptr(new SSLErrorParams(rv, 0)))); |
| 1974 return rv; | 1985 return rv; |
| 1975 } | 1986 } |
| 1976 | 1987 |
| 1977 bool network_moved; | 1988 bool network_moved; |
| 1978 int rv; | 1989 int rv; |
| 1979 do { | 1990 do { |
| 1980 rv = DoPayloadWrite(); | 1991 rv = DoPayloadWrite(); |
| 1981 network_moved = DoTransportIO(); | 1992 network_moved = DoTransportIO(); |
| (...skipping 14 matching lines...) Expand all Loading... |
| 1996 // code so that the higher level code will attempt to delete the socket and | 2007 // code so that the higher level code will attempt to delete the socket and |
| 1997 // redo the handshake. | 2008 // redo the handshake. |
| 1998 if (client_auth_cert_needed_) { | 2009 if (client_auth_cert_needed_) { |
| 1999 if (domain_bound_cert_xtn_negotiated_) { | 2010 if (domain_bound_cert_xtn_negotiated_) { |
| 2000 GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE); | 2011 GotoState(STATE_GET_DOMAIN_BOUND_CERT_COMPLETE); |
| 2001 net_error = ERR_IO_PENDING; | 2012 net_error = ERR_IO_PENDING; |
| 2002 } else { | 2013 } else { |
| 2003 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 2014 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 2004 PostOrRunCallback( | 2015 PostOrRunCallback( |
| 2005 FROM_HERE, | 2016 FROM_HERE, |
| 2006 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2017 base::Bind(&AddLogEvent, weak_net_log_, |
| 2007 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 2018 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 2008 make_scoped_refptr(new SSLErrorParams(net_error, 0)))); | 2019 make_scoped_refptr(new SSLErrorParams(net_error, 0)))); |
| 2009 | 2020 |
| 2010 // If the handshake already succeeded (because the server requests but | 2021 // If the handshake already succeeded (because the server requests but |
| 2011 // doesn't require a client cert), we need to invalidate the SSL session | 2022 // doesn't require a client cert), we need to invalidate the SSL session |
| 2012 // so that we won't try to resume the non-client-authenticated session in | 2023 // so that we won't try to resume the non-client-authenticated session in |
| 2013 // the next handshake. This will cause the server to ask for a client | 2024 // the next handshake. This will cause the server to ask for a client |
| 2014 // cert again. | 2025 // cert again. |
| 2015 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) | 2026 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) |
| 2016 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); | 2027 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); |
| 2017 } | 2028 } |
| 2018 } else if (rv == SECSuccess) { | 2029 } else if (rv == SECSuccess) { |
| 2019 if (!handshake_callback_called_) { | 2030 if (!handshake_callback_called_) { |
| 2020 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 - | 2031 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 - |
| 2021 // SSL_ForceHandshake returned SECSuccess prematurely. | 2032 // SSL_ForceHandshake returned SECSuccess prematurely. |
| 2022 rv = SECFailure; | 2033 rv = SECFailure; |
| 2023 net_error = ERR_SSL_PROTOCOL_ERROR; | 2034 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 2024 PostOrRunCallback( | 2035 PostOrRunCallback( |
| 2025 FROM_HERE, | 2036 FROM_HERE, |
| 2026 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2037 base::Bind(&AddLogEvent, weak_net_log_, |
| 2027 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 2038 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 2028 make_scoped_refptr( | 2039 make_scoped_refptr( |
| 2029 new SSLErrorParams(net_error, 0)))); | 2040 new SSLErrorParams(net_error, 0)))); |
| 2030 } else { | 2041 } else { |
| 2031 #if defined(SSL_ENABLE_OCSP_STAPLING) | 2042 #if defined(SSL_ENABLE_OCSP_STAPLING) |
| 2032 // TODO(agl): figure out how to plumb an OCSP response into the Mac | 2043 // TODO(agl): figure out how to plumb an OCSP response into the Mac |
| 2033 // system library and update IsOCSPStaplingSupported for Mac. | 2044 // system library and update IsOCSPStaplingSupported for Mac. |
| 2034 if (!nss_handshake_state_.predicted_cert_chain_correct && | 2045 if (!nss_handshake_state_.predicted_cert_chain_correct && |
| 2035 IsOCSPStaplingSupported()) { | 2046 IsOCSPStaplingSupported()) { |
| 2036 unsigned int len = 0; | 2047 unsigned int len = 0; |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2077 } else { | 2088 } else { |
| 2078 PRErrorCode prerr = PR_GetError(); | 2089 PRErrorCode prerr = PR_GetError(); |
| 2079 net_error = HandleNSSError(prerr, true); | 2090 net_error = HandleNSSError(prerr, true); |
| 2080 | 2091 |
| 2081 // If not done, stay in this state | 2092 // If not done, stay in this state |
| 2082 if (net_error == ERR_IO_PENDING) { | 2093 if (net_error == ERR_IO_PENDING) { |
| 2083 GotoState(STATE_HANDSHAKE); | 2094 GotoState(STATE_HANDSHAKE); |
| 2084 } else { | 2095 } else { |
| 2085 PostOrRunCallback( | 2096 PostOrRunCallback( |
| 2086 FROM_HERE, | 2097 FROM_HERE, |
| 2087 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2098 base::Bind(&AddLogEvent, weak_net_log_, |
| 2088 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 2099 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 2089 make_scoped_refptr( | 2100 make_scoped_refptr( |
| 2090 new SSLErrorParams(net_error, prerr)))); | 2101 new SSLErrorParams(net_error, prerr)))); |
| 2091 } | 2102 } |
| 2092 } | 2103 } |
| 2093 | 2104 |
| 2094 return net_error; | 2105 return net_error; |
| 2095 } | 2106 } |
| 2096 | 2107 |
| 2097 int SSLClientSocketNSS::Core::DoGetDBCertComplete(int result) { | 2108 int SSLClientSocketNSS::Core::DoGetDBCertComplete(int result) { |
| (...skipping 20 matching lines...) Expand all Loading... |
| 2118 SECKEYPrivateKey* key; | 2129 SECKEYPrivateKey* key; |
| 2119 int error = ImportDBCertAndKey(&cert, &key); | 2130 int error = ImportDBCertAndKey(&cert, &key); |
| 2120 if (error != OK) | 2131 if (error != OK) |
| 2121 return error; | 2132 return error; |
| 2122 | 2133 |
| 2123 CERTCertificateList* cert_chain = | 2134 CERTCertificateList* cert_chain = |
| 2124 CERT_CertChainFromCert(cert, certUsageSSLClient, PR_FALSE); | 2135 CERT_CertChainFromCert(cert, certUsageSSLClient, PR_FALSE); |
| 2125 | 2136 |
| 2126 PostOrRunCallback( | 2137 PostOrRunCallback( |
| 2127 FROM_HERE, | 2138 FROM_HERE, |
| 2128 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2139 base::Bind(&AddLogEvent, weak_net_log_, |
| 2129 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 2140 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 2130 make_scoped_refptr( | 2141 make_scoped_refptr( |
| 2131 new NetLogIntegerParameter("cert_count", | 2142 new NetLogIntegerParameter("cert_count", |
| 2132 cert_chain->len)))); | 2143 cert_chain->len)))); |
| 2133 | 2144 |
| 2134 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain); | 2145 rv = SSL_RestartHandshakeAfterCertReq(nss_fd_, cert, key, cert_chain); |
| 2135 if (rv != SECSuccess) | 2146 if (rv != SECSuccess) |
| 2136 return MapNSSError(PORT_GetError()); | 2147 return MapNSSError(PORT_GetError()); |
| 2137 | 2148 |
| 2138 GotoState(STATE_HANDSHAKE); | 2149 GotoState(STATE_HANDSHAKE); |
| 2139 return OK; | 2150 return OK; |
| 2140 } | 2151 } |
| 2141 | 2152 |
| 2142 int SSLClientSocketNSS::Core::DoPayloadRead() { | 2153 int SSLClientSocketNSS::Core::DoPayloadRead() { |
| 2143 DCHECK(OnNSSTaskRunner()); | 2154 DCHECK(OnNSSTaskRunner()); |
| 2144 DCHECK(user_read_buf_); | 2155 DCHECK(user_read_buf_); |
| 2145 DCHECK_GT(user_read_buf_len_, 0); | 2156 DCHECK_GT(user_read_buf_len_, 0); |
| 2146 | 2157 |
| 2147 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); | 2158 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); |
| 2148 if (client_auth_cert_needed_) { | 2159 if (client_auth_cert_needed_) { |
| 2149 // We don't need to invalidate the non-client-authenticated SSL session | 2160 // We don't need to invalidate the non-client-authenticated SSL session |
| 2150 // because the server will renegotiate anyway. | 2161 // because the server will renegotiate anyway. |
| 2151 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 2162 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 2152 PostOrRunCallback( | 2163 PostOrRunCallback( |
| 2153 FROM_HERE, | 2164 FROM_HERE, |
| 2154 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2165 base::Bind(&AddLogEvent, weak_net_log_, |
| 2155 NetLog::TYPE_SSL_READ_ERROR, | 2166 NetLog::TYPE_SSL_READ_ERROR, |
| 2156 make_scoped_refptr(new SSLErrorParams(rv, 0)))); | 2167 make_scoped_refptr(new SSLErrorParams(rv, 0)))); |
| 2157 return rv; | 2168 return rv; |
| 2158 } | 2169 } |
| 2159 if (rv >= 0) { | 2170 if (rv >= 0) { |
| 2160 PostOrRunCallback( | 2171 PostOrRunCallback( |
| 2161 FROM_HERE, | 2172 FROM_HERE, |
| 2162 base::Bind(&LogByteTransferEvent, weak_net_log_, | 2173 base::Bind(&LogByteTransferEvent, weak_net_log_, |
| 2163 NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, | 2174 NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, |
| 2164 scoped_refptr<IOBuffer>(user_read_buf_))); | 2175 scoped_refptr<IOBuffer>(user_read_buf_))); |
| 2165 return rv; | 2176 return rv; |
| 2166 } | 2177 } |
| 2167 PRErrorCode prerr = PR_GetError(); | 2178 PRErrorCode prerr = PR_GetError(); |
| 2168 if (prerr == PR_WOULD_BLOCK_ERROR) | 2179 if (prerr == PR_WOULD_BLOCK_ERROR) |
| 2169 return ERR_IO_PENDING; | 2180 return ERR_IO_PENDING; |
| 2170 | 2181 |
| 2171 rv = HandleNSSError(prerr, false); | 2182 rv = HandleNSSError(prerr, false); |
| 2172 PostOrRunCallback( | 2183 PostOrRunCallback( |
| 2173 FROM_HERE, | 2184 FROM_HERE, |
| 2174 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2185 base::Bind(&AddLogEvent, weak_net_log_, |
| 2175 NetLog::TYPE_SSL_READ_ERROR, | 2186 NetLog::TYPE_SSL_READ_ERROR, |
| 2176 make_scoped_refptr(new SSLErrorParams(rv, prerr)))); | 2187 make_scoped_refptr(new SSLErrorParams(rv, prerr)))); |
| 2177 return rv; | 2188 return rv; |
| 2178 } | 2189 } |
| 2179 | 2190 |
| 2180 int SSLClientSocketNSS::Core::DoPayloadWrite() { | 2191 int SSLClientSocketNSS::Core::DoPayloadWrite() { |
| 2181 DCHECK(OnNSSTaskRunner()); | 2192 DCHECK(OnNSSTaskRunner()); |
| 2182 | 2193 |
| 2183 DCHECK(user_write_buf_); | 2194 DCHECK(user_write_buf_); |
| 2184 | 2195 |
| 2185 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); | 2196 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); |
| 2186 if (rv >= 0) { | 2197 if (rv >= 0) { |
| 2187 PostOrRunCallback( | 2198 PostOrRunCallback( |
| 2188 FROM_HERE, | 2199 FROM_HERE, |
| 2189 base::Bind(&LogByteTransferEvent, weak_net_log_, | 2200 base::Bind(&LogByteTransferEvent, weak_net_log_, |
| 2190 NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 2201 NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
| 2191 scoped_refptr<IOBuffer>(user_write_buf_))); | 2202 scoped_refptr<IOBuffer>(user_write_buf_))); |
| 2192 return rv; | 2203 return rv; |
| 2193 } | 2204 } |
| 2194 PRErrorCode prerr = PR_GetError(); | 2205 PRErrorCode prerr = PR_GetError(); |
| 2195 if (prerr == PR_WOULD_BLOCK_ERROR) | 2206 if (prerr == PR_WOULD_BLOCK_ERROR) |
| 2196 return ERR_IO_PENDING; | 2207 return ERR_IO_PENDING; |
| 2197 | 2208 |
| 2198 rv = HandleNSSError(prerr, false); | 2209 rv = HandleNSSError(prerr, false); |
| 2199 PostOrRunCallback( | 2210 PostOrRunCallback( |
| 2200 FROM_HERE, | 2211 FROM_HERE, |
| 2201 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2212 base::Bind(&AddLogEvent, weak_net_log_, |
| 2202 NetLog::TYPE_SSL_WRITE_ERROR, | 2213 NetLog::TYPE_SSL_WRITE_ERROR, |
| 2203 make_scoped_refptr(new SSLErrorParams(rv, prerr)))); | 2214 make_scoped_refptr(new SSLErrorParams(rv, prerr)))); |
| 2204 return rv; | 2215 return rv; |
| 2205 } | 2216 } |
| 2206 | 2217 |
| 2207 // Do as much network I/O as possible between the buffer and the | 2218 // Do as much network I/O as possible between the buffer and the |
| 2208 // transport socket. Return true if some I/O performed, false | 2219 // transport socket. Return true if some I/O performed, false |
| 2209 // otherwise (error or ERR_IO_PENDING). | 2220 // otherwise (error or ERR_IO_PENDING). |
| 2210 bool SSLClientSocketNSS::Core::DoTransportIO() { | 2221 bool SSLClientSocketNSS::Core::DoTransportIO() { |
| 2211 DCHECK(OnNSSTaskRunner()); | 2222 DCHECK(OnNSSTaskRunner()); |
| (...skipping 227 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2439 domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE; | 2450 domain_bound_cert_type_ = CLIENT_CERT_INVALID_TYPE; |
| 2440 rv = SECFailure; | 2451 rv = SECFailure; |
| 2441 } | 2452 } |
| 2442 } else { | 2453 } else { |
| 2443 rv = SECFailure; | 2454 rv = SECFailure; |
| 2444 } | 2455 } |
| 2445 | 2456 |
| 2446 int cert_count = (rv == SECSuccess) ? 1 : 0; | 2457 int cert_count = (rv == SECSuccess) ? 1 : 0; |
| 2447 PostOrRunCallback( | 2458 PostOrRunCallback( |
| 2448 FROM_HERE, | 2459 FROM_HERE, |
| 2449 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2460 base::Bind(&AddLogEvent, weak_net_log_, |
| 2450 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | 2461 NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, |
| 2451 make_scoped_refptr( | 2462 make_scoped_refptr( |
| 2452 new NetLogIntegerParameter("cert_count", | 2463 new NetLogIntegerParameter("cert_count", |
| 2453 cert_count)))); | 2464 cert_count)))); |
| 2454 return rv; | 2465 return rv; |
| 2455 } | 2466 } |
| 2456 | 2467 |
| 2457 int SSLClientSocketNSS::Core::ImportDBCertAndKey(CERTCertificate** cert, | 2468 int SSLClientSocketNSS::Core::ImportDBCertAndKey(CERTCertificate** cert, |
| 2458 SECKEYPrivateKey** key) { | 2469 SECKEYPrivateKey** key) { |
| 2459 // Set the certificate. | 2470 // Set the certificate. |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2499 return OK; | 2510 return OK; |
| 2500 } | 2511 } |
| 2501 | 2512 |
| 2502 void SSLClientSocketNSS::Core::UpdateServerCert() { | 2513 void SSLClientSocketNSS::Core::UpdateServerCert() { |
| 2503 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); | 2514 nss_handshake_state_.server_cert_chain.Reset(nss_fd_); |
| 2504 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( | 2515 nss_handshake_state_.server_cert = X509Certificate::CreateFromDERCertChain( |
| 2505 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); | 2516 nss_handshake_state_.server_cert_chain.AsStringPieceVector()); |
| 2506 if (nss_handshake_state_.server_cert) { | 2517 if (nss_handshake_state_.server_cert) { |
| 2507 PostOrRunCallback( | 2518 PostOrRunCallback( |
| 2508 FROM_HERE, | 2519 FROM_HERE, |
| 2509 base::Bind(&BoundNetLog::AddEvent, weak_net_log_, | 2520 base::Bind(&AddLogEvent, weak_net_log_, |
| 2510 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | 2521 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, |
| 2511 make_scoped_refptr( | 2522 make_scoped_refptr( |
| 2512 new X509CertificateNetLogParam( | 2523 new X509CertificateNetLogParam( |
| 2513 nss_handshake_state_.server_cert)))); | 2524 nss_handshake_state_.server_cert)))); |
| 2514 } | 2525 } |
| 2515 } | 2526 } |
| 2516 | 2527 |
| 2517 void SSLClientSocketNSS::Core::UpdateConnectionStatus() { | 2528 void SSLClientSocketNSS::Core::UpdateConnectionStatus() { |
| 2518 SSLChannelInfo channel_info; | 2529 SSLChannelInfo channel_info; |
| 2519 SECStatus ok = SSL_GetChannelInfo(nss_fd_, | 2530 SECStatus ok = SSL_GetChannelInfo(nss_fd_, |
| (...skipping 1150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3670 EnsureThreadIdAssigned(); | 3681 EnsureThreadIdAssigned(); |
| 3671 base::AutoLock auto_lock(lock_); | 3682 base::AutoLock auto_lock(lock_); |
| 3672 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3683 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3673 } | 3684 } |
| 3674 | 3685 |
| 3675 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3686 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3676 return server_bound_cert_service_; | 3687 return server_bound_cert_service_; |
| 3677 } | 3688 } |
| 3678 | 3689 |
| 3679 } // namespace net | 3690 } // namespace net |
| OLD | NEW |