OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/ssl_client_socket_win.h" | 5 #include "net/base/ssl_client_socket_win.h" |
6 | 6 |
7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
8 | 8 |
9 #include "base/lock.h" | 9 #include "base/lock.h" |
10 #include "base/singleton.h" | 10 #include "base/singleton.h" |
(...skipping 594 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
605 memmove(recv_buffer_.get(), | 605 memmove(recv_buffer_.get(), |
606 recv_buffer_.get() + (bytes_received_ - in_buffers_[1].cbBuffer), | 606 recv_buffer_.get() + (bytes_received_ - in_buffers_[1].cbBuffer), |
607 in_buffers_[1].cbBuffer); | 607 in_buffers_[1].cbBuffer); |
608 bytes_received_ = in_buffers_[1].cbBuffer; | 608 bytes_received_ = in_buffers_[1].cbBuffer; |
609 } else { | 609 } else { |
610 bytes_received_ = 0; | 610 bytes_received_ = 0; |
611 } | 611 } |
612 return DidCompleteHandshake(); | 612 return DidCompleteHandshake(); |
613 } | 613 } |
614 | 614 |
615 if (FAILED(isc_status_)) | 615 if (FAILED(isc_status_)) { |
616 return MapSecurityError(isc_status_); | 616 int result = MapSecurityError(isc_status_); |
| 617 // We told Schannel to not verify the server certificate |
| 618 // (SCH_CRED_MANUAL_CRED_VALIDATION), so any certificate error returned by |
| 619 // InitializeSecurityContext must be referring to the (missing) client |
| 620 // certificate. |
| 621 if (IsCertificateError(result)) { |
| 622 // TODO(wtc): When we support SSL client authentication, we will need to |
| 623 // add new error codes for client certificate errors reported by the |
| 624 // server using SSL/TLS alert messages. See http://crbug.com/318. See |
| 625 // also the MSDN page "Schannel Error Codes for TLS and SSL Alerts", |
| 626 // which maps TLS alert messages to Windows error codes: |
| 627 // http://msdn.microsoft.com/en-us/library/dd721886%28VS.85%29.aspx |
| 628 return ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 629 } |
| 630 return result; |
| 631 } |
617 | 632 |
618 if (isc_status_ == SEC_I_INCOMPLETE_CREDENTIALS) { | 633 if (isc_status_ == SEC_I_INCOMPLETE_CREDENTIALS) { |
619 // We don't support SSL client authentication yet. For now we just set | 634 // We don't support SSL client authentication yet. For now we just set |
620 // no_client_cert_ to true and call InitializeSecurityContext again. | 635 // no_client_cert_ to true and call InitializeSecurityContext again. |
621 no_client_cert_ = true; | 636 no_client_cert_ = true; |
622 next_state_ = STATE_HANDSHAKE_READ_COMPLETE; | 637 next_state_ = STATE_HANDSHAKE_READ_COMPLETE; |
623 ignore_ok_result_ = true; // OK doesn't mean EOF. | 638 ignore_ok_result_ = true; // OK doesn't mean EOF. |
624 return OK; | 639 return OK; |
625 } | 640 } |
626 | 641 |
(...skipping 385 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1012 } | 1027 } |
1013 } | 1028 } |
1014 | 1029 |
1015 void SSLClientSocketWin::FreeSendBuffer() { | 1030 void SSLClientSocketWin::FreeSendBuffer() { |
1016 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1031 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
1017 DCHECK(status == SEC_E_OK); | 1032 DCHECK(status == SEC_E_OK); |
1018 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1033 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
1019 } | 1034 } |
1020 | 1035 |
1021 } // namespace net | 1036 } // namespace net |
OLD | NEW |