| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/ssl_client_socket_win.h" | 5 #include "net/base/ssl_client_socket_win.h" |
| 6 | 6 |
| 7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
| 8 | 8 |
| 9 #include "base/lock.h" | 9 #include "base/lock.h" |
| 10 #include "base/singleton.h" | 10 #include "base/singleton.h" |
| (...skipping 594 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 605 memmove(recv_buffer_.get(), | 605 memmove(recv_buffer_.get(), |
| 606 recv_buffer_.get() + (bytes_received_ - in_buffers_[1].cbBuffer), | 606 recv_buffer_.get() + (bytes_received_ - in_buffers_[1].cbBuffer), |
| 607 in_buffers_[1].cbBuffer); | 607 in_buffers_[1].cbBuffer); |
| 608 bytes_received_ = in_buffers_[1].cbBuffer; | 608 bytes_received_ = in_buffers_[1].cbBuffer; |
| 609 } else { | 609 } else { |
| 610 bytes_received_ = 0; | 610 bytes_received_ = 0; |
| 611 } | 611 } |
| 612 return DidCompleteHandshake(); | 612 return DidCompleteHandshake(); |
| 613 } | 613 } |
| 614 | 614 |
| 615 if (FAILED(isc_status_)) | 615 if (FAILED(isc_status_)) { |
| 616 return MapSecurityError(isc_status_); | 616 int result = MapSecurityError(isc_status_); |
| 617 // We told Schannel to not verify the server certificate |
| 618 // (SCH_CRED_MANUAL_CRED_VALIDATION), so any certificate error returned by |
| 619 // InitializeSecurityContext must be referring to the (missing) client |
| 620 // certificate. |
| 621 if (IsCertificateError(result)) { |
| 622 // TODO(wtc): When we support SSL client authentication, we will need to |
| 623 // add new error codes for client certificate errors reported by the |
| 624 // server using SSL/TLS alert messages. See http://crbug.com/318. See |
| 625 // also the MSDN page "Schannel Error Codes for TLS and SSL Alerts", |
| 626 // which maps TLS alert messages to Windows error codes: |
| 627 // http://msdn.microsoft.com/en-us/library/dd721886%28VS.85%29.aspx |
| 628 return ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 629 } |
| 630 return result; |
| 631 } |
| 617 | 632 |
| 618 if (isc_status_ == SEC_I_INCOMPLETE_CREDENTIALS) { | 633 if (isc_status_ == SEC_I_INCOMPLETE_CREDENTIALS) { |
| 619 // We don't support SSL client authentication yet. For now we just set | 634 // We don't support SSL client authentication yet. For now we just set |
| 620 // no_client_cert_ to true and call InitializeSecurityContext again. | 635 // no_client_cert_ to true and call InitializeSecurityContext again. |
| 621 no_client_cert_ = true; | 636 no_client_cert_ = true; |
| 622 next_state_ = STATE_HANDSHAKE_READ_COMPLETE; | 637 next_state_ = STATE_HANDSHAKE_READ_COMPLETE; |
| 623 ignore_ok_result_ = true; // OK doesn't mean EOF. | 638 ignore_ok_result_ = true; // OK doesn't mean EOF. |
| 624 return OK; | 639 return OK; |
| 625 } | 640 } |
| 626 | 641 |
| (...skipping 385 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1012 } | 1027 } |
| 1013 } | 1028 } |
| 1014 | 1029 |
| 1015 void SSLClientSocketWin::FreeSendBuffer() { | 1030 void SSLClientSocketWin::FreeSendBuffer() { |
| 1016 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1031 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
| 1017 DCHECK(status == SEC_E_OK); | 1032 DCHECK(status == SEC_E_OK); |
| 1018 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1033 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
| 1019 } | 1034 } |
| 1020 | 1035 |
| 1021 } // namespace net | 1036 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 113375:
Do not map Windows certificate errors returned by Schannel's... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/