| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 912 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 923 // task runner. | 923 // task runner. |
| 924 bool detached_; | 924 bool detached_; |
| 925 | 925 |
| 926 // The underlying transport to use for network IO. | 926 // The underlying transport to use for network IO. |
| 927 ClientSocketHandle* transport_; | 927 ClientSocketHandle* transport_; |
| 928 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; | 928 base::WeakPtrFactory<BoundNetLog> weak_net_log_factory_; |
| 929 | 929 |
| 930 // The current handshake state. Mirrors |nss_handshake_state_|. | 930 // The current handshake state. Mirrors |nss_handshake_state_|. |
| 931 HandshakeState network_handshake_state_; | 931 HandshakeState network_handshake_state_; |
| 932 | 932 |
| 933 // The service for retrieving Channel ID keys. May be NULL. |
| 933 ServerBoundCertService* server_bound_cert_service_; | 934 ServerBoundCertService* server_bound_cert_service_; |
| 934 ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_; | 935 ServerBoundCertService::RequestHandle domain_bound_cert_request_handle_; |
| 935 | 936 |
| 936 //////////////////////////////////////////////////////////////////////////// | 937 //////////////////////////////////////////////////////////////////////////// |
| 937 // Members that are ONLY accessed on the NSS task runner: | 938 // Members that are ONLY accessed on the NSS task runner: |
| 938 //////////////////////////////////////////////////////////////////////////// | 939 //////////////////////////////////////////////////////////////////////////// |
| 939 HostPortPair host_and_port_; | 940 HostPortPair host_and_port_; |
| 940 SSLConfig ssl_config_; | 941 SSLConfig ssl_config_; |
| 941 | 942 |
| 942 // NSS SSL socket. | 943 // NSS SSL socket. |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1073 #else | 1074 #else |
| 1074 rv = SSL_GetClientAuthDataHook( | 1075 rv = SSL_GetClientAuthDataHook( |
| 1075 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); | 1076 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); |
| 1076 #endif | 1077 #endif |
| 1077 if (rv != SECSuccess) { | 1078 if (rv != SECSuccess) { |
| 1078 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); | 1079 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); |
| 1079 return false; | 1080 return false; |
| 1080 } | 1081 } |
| 1081 | 1082 |
| 1082 if (ssl_config_.channel_id_enabled) { | 1083 if (ssl_config_.channel_id_enabled) { |
| 1083 if (!crypto::ECPrivateKey::IsSupported()) { | 1084 if (!server_bound_cert_service_) { |
| 1085 DVLOG(1) << "NULL server_bound_cert_service_, not enabling channel ID."; |
| 1086 } else if (!crypto::ECPrivateKey::IsSupported()) { |
| 1084 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; | 1087 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; |
| 1085 } else if (!server_bound_cert_service_->IsSystemTimeValid()) { | 1088 } else if (!server_bound_cert_service_->IsSystemTimeValid()) { |
| 1086 DVLOG(1) << "System time is weird, not enabling channel ID."; | 1089 DVLOG(1) << "System time is weird, not enabling channel ID."; |
| 1087 } else { | 1090 } else { |
| 1088 rv = SSL_SetClientChannelIDCallback( | 1091 rv = SSL_SetClientChannelIDCallback( |
| 1089 nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this); | 1092 nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this); |
| 1090 if (rv != SECSuccess) | 1093 if (rv != SECSuccess) |
| 1091 LogFailedNSSFunction(*weak_net_log_, "SSL_SetClientChannelIDCallback", | 1094 LogFailedNSSFunction(*weak_net_log_, "SSL_SetClientChannelIDCallback", |
| 1092 ""); | 1095 ""); |
| 1093 } | 1096 } |
| (...skipping 1422 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2516 if (nss_handshake_state_.resumed_handshake) | 2519 if (nss_handshake_state_.resumed_handshake) |
| 2517 return; | 2520 return; |
| 2518 | 2521 |
| 2519 // Since this enum is used for a histogram, do not change or re-use values. | 2522 // Since this enum is used for a histogram, do not change or re-use values. |
| 2520 enum { | 2523 enum { |
| 2521 DISABLED = 0, | 2524 DISABLED = 0, |
| 2522 CLIENT_ONLY = 1, | 2525 CLIENT_ONLY = 1, |
| 2523 CLIENT_AND_SERVER = 2, | 2526 CLIENT_AND_SERVER = 2, |
| 2524 CLIENT_NO_ECC = 3, | 2527 CLIENT_NO_ECC = 3, |
| 2525 CLIENT_BAD_SYSTEM_TIME = 4, | 2528 CLIENT_BAD_SYSTEM_TIME = 4, |
| 2529 CLIENT_NO_SERVER_BOUND_CERT_SERVICE = 5, |
| 2526 DOMAIN_BOUND_CERT_USAGE_MAX | 2530 DOMAIN_BOUND_CERT_USAGE_MAX |
| 2527 } supported = DISABLED; | 2531 } supported = DISABLED; |
| 2528 if (channel_id_xtn_negotiated_) { | 2532 if (channel_id_xtn_negotiated_) { |
| 2529 supported = CLIENT_AND_SERVER; | 2533 supported = CLIENT_AND_SERVER; |
| 2530 } else if (ssl_config_.channel_id_enabled) { | 2534 } else if (ssl_config_.channel_id_enabled) { |
| 2531 if (!crypto::ECPrivateKey::IsSupported()) | 2535 if (!server_bound_cert_service_) |
| 2536 supported = CLIENT_NO_SERVER_BOUND_CERT_SERVICE; |
| 2537 else if (!crypto::ECPrivateKey::IsSupported()) |
| 2532 supported = CLIENT_NO_ECC; | 2538 supported = CLIENT_NO_ECC; |
| 2533 else if (!server_bound_cert_service_->IsSystemTimeValid()) | 2539 else if (!server_bound_cert_service_->IsSystemTimeValid()) |
| 2534 supported = CLIENT_BAD_SYSTEM_TIME; | 2540 supported = CLIENT_BAD_SYSTEM_TIME; |
| 2535 else | 2541 else |
| 2536 supported = CLIENT_ONLY; | 2542 supported = CLIENT_ONLY; |
| 2537 } | 2543 } |
| 2538 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 2544 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
| 2539 DOMAIN_BOUND_CERT_USAGE_MAX); | 2545 DOMAIN_BOUND_CERT_USAGE_MAX); |
| 2540 } | 2546 } |
| 2541 | 2547 |
| (...skipping 979 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3521 EnsureThreadIdAssigned(); | 3527 EnsureThreadIdAssigned(); |
| 3522 base::AutoLock auto_lock(lock_); | 3528 base::AutoLock auto_lock(lock_); |
| 3523 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3529 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3524 } | 3530 } |
| 3525 | 3531 |
| 3526 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3532 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3527 return server_bound_cert_service_; | 3533 return server_bound_cert_service_; |
| 3528 } | 3534 } |
| 3529 | 3535 |
| 3530 } // namespace net | 3536 } // namespace net |
| OLD | NEW |