OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 1056 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1067 #else | 1067 #else |
1068 rv = SSL_GetClientAuthDataHook( | 1068 rv = SSL_GetClientAuthDataHook( |
1069 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); | 1069 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); |
1070 #endif | 1070 #endif |
1071 if (rv != SECSuccess) { | 1071 if (rv != SECSuccess) { |
1072 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); | 1072 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); |
1073 return false; | 1073 return false; |
1074 } | 1074 } |
1075 | 1075 |
1076 if (ssl_config_.channel_id_enabled) { | 1076 if (ssl_config_.channel_id_enabled) { |
1077 // TODO(mattm): we can do this check on the network task runner only because | 1077 rv = SSL_SetClientChannelIDCallback( |
1078 // we use the NSS internal slot. If we support other slots in the future, | 1078 nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this); |
1079 // checking whether they support ECDSA may block NSS, and thus this check | 1079 if (rv != SECSuccess) |
1080 // would have to be moved to the NSS task runner. | 1080 LogFailedNSSFunction(*weak_net_log_, "SSL_SetClientChannelIDCallback", |
1081 crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot()); | 1081 ""); |
1082 if (PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && | |
1083 PK11_DoesMechanism(slot.get(), CKM_ECDSA)) { | |
1084 rv = SSL_SetClientChannelIDCallback( | |
1085 nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this); | |
1086 if (rv != SECSuccess) | |
1087 LogFailedNSSFunction(*weak_net_log_, "SSL_SetClientChannelIDCallback", | |
1088 ""); | |
1089 } else { | |
1090 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; | |
1091 } | |
1092 } | 1082 } |
1093 | 1083 |
1094 rv = SSL_HandshakeCallback( | 1084 rv = SSL_HandshakeCallback( |
1095 nss_fd_, SSLClientSocketNSS::Core::HandshakeCallback, this); | 1085 nss_fd_, SSLClientSocketNSS::Core::HandshakeCallback, this); |
1096 if (rv != SECSuccess) { | 1086 if (rv != SECSuccess) { |
1097 LogFailedNSSFunction(*weak_net_log_, "SSL_HandshakeCallback", ""); | 1087 LogFailedNSSFunction(*weak_net_log_, "SSL_HandshakeCallback", ""); |
1098 return false; | 1088 return false; |
1099 } | 1089 } |
1100 | 1090 |
1101 return true; | 1091 return true; |
(...skipping 2405 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3507 EnsureThreadIdAssigned(); | 3497 EnsureThreadIdAssigned(); |
3508 base::AutoLock auto_lock(lock_); | 3498 base::AutoLock auto_lock(lock_); |
3509 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3499 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
3510 } | 3500 } |
3511 | 3501 |
3512 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3502 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
3513 return server_bound_cert_service_; | 3503 return server_bound_cert_service_; |
3514 } | 3504 } |
3515 | 3505 |
3516 } // namespace net | 3506 } // namespace net |
OLD | NEW |