OLD | NEW |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/base/ssl_client_socket_win.h" | 5 #include "net/base/ssl_client_socket_win.h" |
6 | 6 |
7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
8 | 8 |
9 #include "base/lock.h" | 9 #include "base/lock.h" |
10 #include "base/singleton.h" | 10 #include "base/singleton.h" |
(...skipping 597 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
608 memmove(recv_buffer_.get(), | 608 memmove(recv_buffer_.get(), |
609 recv_buffer_.get() + (bytes_received_ - in_buffers_[1].cbBuffer), | 609 recv_buffer_.get() + (bytes_received_ - in_buffers_[1].cbBuffer), |
610 in_buffers_[1].cbBuffer); | 610 in_buffers_[1].cbBuffer); |
611 bytes_received_ = in_buffers_[1].cbBuffer; | 611 bytes_received_ = in_buffers_[1].cbBuffer; |
612 } else { | 612 } else { |
613 bytes_received_ = 0; | 613 bytes_received_ = 0; |
614 } | 614 } |
615 return DidCompleteHandshake(); | 615 return DidCompleteHandshake(); |
616 } | 616 } |
617 | 617 |
618 if (FAILED(isc_status_)) | 618 if (FAILED(isc_status_)) { |
619 return MapSecurityError(isc_status_); | 619 int result = MapSecurityError(isc_status_); |
| 620 // We told Schannel to not verify the server certificate |
| 621 // (SCH_CRED_MANUAL_CRED_VALIDATION), so any certificate error returned by |
| 622 // InitializeSecurityContext must be referring to the (missing) client |
| 623 // certificate. |
| 624 if (IsCertificateError(result)) { |
| 625 // TODO(wtc): When we support SSL client authentication, we will need to |
| 626 // add new error codes for client certificate errors reported by the |
| 627 // server using SSL/TLS alert messages. See http://crbug.com/318. See |
| 628 // also the MSDN page "Schannel Error Codes for TLS and SSL Alerts", |
| 629 // which maps TLS alert messages to Windows error codes: |
| 630 // http://msdn.microsoft.com/en-us/library/dd721886%28VS.85%29.aspx |
| 631 return ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 632 } |
| 633 return result; |
| 634 } |
620 | 635 |
621 if (isc_status_ == SEC_I_INCOMPLETE_CREDENTIALS) { | 636 if (isc_status_ == SEC_I_INCOMPLETE_CREDENTIALS) { |
622 // We don't support SSL client authentication yet. For now we just set | 637 // We don't support SSL client authentication yet. For now we just set |
623 // no_client_cert_ to true and call InitializeSecurityContext again. | 638 // no_client_cert_ to true and call InitializeSecurityContext again. |
624 no_client_cert_ = true; | 639 no_client_cert_ = true; |
625 next_state_ = STATE_HANDSHAKE_READ_COMPLETE; | 640 next_state_ = STATE_HANDSHAKE_READ_COMPLETE; |
626 ignore_ok_result_ = true; // OK doesn't mean EOF. | 641 ignore_ok_result_ = true; // OK doesn't mean EOF. |
627 return OK; | 642 return OK; |
628 } | 643 } |
629 | 644 |
(...skipping 349 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
979 } | 994 } |
980 } | 995 } |
981 | 996 |
982 void SSLClientSocketWin::FreeSendBuffer() { | 997 void SSLClientSocketWin::FreeSendBuffer() { |
983 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 998 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
984 DCHECK(status == SEC_E_OK); | 999 DCHECK(status == SEC_E_OK); |
985 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1000 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
986 } | 1001 } |
987 | 1002 |
988 } // namespace net | 1003 } // namespace net |
OLD | NEW |