Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(220)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 1589034: If the server's CertificateRequest message contains an empty... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: More error code mapping improvements. Created 10 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after
106 public: 106 public:
107 NSSSSLInitSingleton() { 107 NSSSSLInitSingleton() {
108 base::EnsureNSSInit(); 108 base::EnsureNSSInit();
109 109
110 NSS_SetDomesticPolicy(); 110 NSS_SetDomesticPolicy();
111 111
112 #if defined(USE_SYSTEM_SSL) 112 #if defined(USE_SYSTEM_SSL)
113 // Use late binding to avoid scary but benign warning 113 // Use late binding to avoid scary but benign warning
114 // "Symbol `SSL_ImplementedCiphers' has different size in shared object, 114 // "Symbol `SSL_ImplementedCiphers' has different size in shared object,
115 // consider re-linking" 115 // consider re-linking"
116 // TODO(wtc): Use the new SSL_GetImplementedCiphers and
117 // SSL_GetNumImplementedCiphers functions when we require NSS 3.12.6.
118 // See https://bugzilla.mozilla.org/show_bug.cgi?id=496993.
116 const PRUint16* pSSL_ImplementedCiphers = static_cast<const PRUint16*>( 119 const PRUint16* pSSL_ImplementedCiphers = static_cast<const PRUint16*>(
117 dlsym(RTLD_DEFAULT, "SSL_ImplementedCiphers")); 120 dlsym(RTLD_DEFAULT, "SSL_ImplementedCiphers"));
118 if (pSSL_ImplementedCiphers == NULL) { 121 if (pSSL_ImplementedCiphers == NULL) {
119 NOTREACHED() << "Can't get list of supported ciphers"; 122 NOTREACHED() << "Can't get list of supported ciphers";
120 return; 123 return;
121 } 124 }
122 #else 125 #else
123 #define pSSL_ImplementedCiphers SSL_ImplementedCiphers 126 #define pSSL_ImplementedCiphers SSL_ImplementedCiphers
124 #endif 127 #endif
125 128
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
170 case PR_CONNECT_ABORTED_ERROR: 173 case PR_CONNECT_ABORTED_ERROR:
171 return ERR_CONNECTION_ABORTED; 174 return ERR_CONNECTION_ABORTED;
172 case PR_CONNECT_REFUSED_ERROR: 175 case PR_CONNECT_REFUSED_ERROR:
173 return ERR_CONNECTION_REFUSED; 176 return ERR_CONNECTION_REFUSED;
174 case PR_HOST_UNREACHABLE_ERROR: 177 case PR_HOST_UNREACHABLE_ERROR:
175 case PR_NETWORK_UNREACHABLE_ERROR: 178 case PR_NETWORK_UNREACHABLE_ERROR:
176 return ERR_ADDRESS_UNREACHABLE; 179 return ERR_ADDRESS_UNREACHABLE;
177 case PR_ADDRESS_NOT_AVAILABLE_ERROR: 180 case PR_ADDRESS_NOT_AVAILABLE_ERROR:
178 return ERR_ADDRESS_INVALID; 181 return ERR_ADDRESS_INVALID;
179 182
183 case SSL_ERROR_SSL_DISABLED:
184 return ERR_NO_SSL_VERSIONS_ENABLED;
180 case SSL_ERROR_NO_CYPHER_OVERLAP: 185 case SSL_ERROR_NO_CYPHER_OVERLAP:
181 case SSL_ERROR_UNSUPPORTED_VERSION: 186 case SSL_ERROR_UNSUPPORTED_VERSION:
182 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; 187 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
183 case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: 188 case SSL_ERROR_HANDSHAKE_FAILURE_ALERT:
189 case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT:
190 case SSL_ERROR_ILLEGAL_PARAMETER_ALERT:
184 return ERR_SSL_PROTOCOL_ERROR; 191 return ERR_SSL_PROTOCOL_ERROR;
185 192
186 default: { 193 default: {
187 if (IS_SSL_ERROR(err)) { 194 if (IS_SSL_ERROR(err)) {
188 LOG(WARNING) << "Unknown SSL error " << err << 195 LOG(WARNING) << "Unknown SSL error " << err <<
189 " mapped to net::ERR_SSL_PROTOCOL_ERROR"; 196 " mapped to net::ERR_SSL_PROTOCOL_ERROR";
190 return ERR_SSL_PROTOCOL_ERROR; 197 return ERR_SSL_PROTOCOL_ERROR;
191 } 198 }
192 LOG(WARNING) << "Unknown error " << err << 199 LOG(WARNING) << "Unknown error " << err <<
193 " mapped to net::ERR_FAILED"; 200 " mapped to net::ERR_FAILED";
(...skipping 693 matching lines...) Expand 10 before | Expand all | Expand 10 after
887 case ERR_CONNECTION_RESET: 894 case ERR_CONNECTION_RESET:
888 return PR_CONNECT_RESET_ERROR; 895 return PR_CONNECT_RESET_ERROR;
889 case ERR_CONNECTION_ABORTED: 896 case ERR_CONNECTION_ABORTED:
890 return PR_CONNECT_ABORTED_ERROR; 897 return PR_CONNECT_ABORTED_ERROR;
891 case ERR_CONNECTION_REFUSED: 898 case ERR_CONNECTION_REFUSED:
892 return PR_CONNECT_REFUSED_ERROR; 899 return PR_CONNECT_REFUSED_ERROR;
893 case ERR_ADDRESS_UNREACHABLE: 900 case ERR_ADDRESS_UNREACHABLE:
894 return PR_HOST_UNREACHABLE_ERROR; // Also PR_NETWORK_UNREACHABLE_ERROR. 901 return PR_HOST_UNREACHABLE_ERROR; // Also PR_NETWORK_UNREACHABLE_ERROR.
895 case ERR_ADDRESS_INVALID: 902 case ERR_ADDRESS_INVALID:
896 return PR_ADDRESS_NOT_AVAILABLE_ERROR; 903 return PR_ADDRESS_NOT_AVAILABLE_ERROR;
904 case ERR_NAME_NOT_RESOLVED:
905 return PR_DIRECTORY_LOOKUP_ERROR;
897 default: 906 default:
898 LOG(WARNING) << "MapErrorToNSS " << result 907 LOG(WARNING) << "MapErrorToNSS " << result
899 << " mapped to PR_UNKNOWN_ERROR"; 908 << " mapped to PR_UNKNOWN_ERROR";
900 return PR_UNKNOWN_ERROR; 909 return PR_UNKNOWN_ERROR;
901 } 910 }
902 } 911 }
903 912
904 // Do network I/O between the given buffer and the given socket. 913 // Do network I/O between the given buffer and the given socket.
905 // Return true if some I/O performed, false otherwise (error or ERR_IO_PENDING) 914 // Return true if some I/O performed, false otherwise (error or ERR_IO_PENDING)
906 bool SSLClientSocketNSS::DoTransportIO() { 915 bool SSLClientSocketNSS::DoTransportIO() {
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after
1216 CERT_GetDefaultCertDB(), SEC_CERT_NICKNAMES_USER, wincx); 1225 CERT_GetDefaultCertDB(), SEC_CERT_NICKNAMES_USER, wincx);
1217 if (names) { 1226 if (names) {
1218 for (int i = 0; i < names->numnicknames; ++i) { 1227 for (int i = 0; i < names->numnicknames; ++i) {
1219 cert = CERT_FindUserCertByUsage( 1228 cert = CERT_FindUserCertByUsage(
1220 CERT_GetDefaultCertDB(), names->nicknames[i], 1229 CERT_GetDefaultCertDB(), names->nicknames[i],
1221 certUsageSSLClient, PR_FALSE, wincx); 1230 certUsageSSLClient, PR_FALSE, wincx);
1222 if (!cert) 1231 if (!cert)
1223 continue; 1232 continue;
1224 // Only check unexpired certs. 1233 // Only check unexpired certs.
1225 if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) == 1234 if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) ==
1226 secCertTimeValid && 1235 secCertTimeValid && (!ca_names->nnames ||
1227 NSS_CmpCertChainWCANames(cert, ca_names) == SECSuccess) { 1236 NSS_CmpCertChainWCANames(cert, ca_names) == SECSuccess)) {
1228 privkey = PK11_FindKeyByAnyCert(cert, wincx); 1237 privkey = PK11_FindKeyByAnyCert(cert, wincx);
1229 if (privkey) { 1238 if (privkey) {
1230 X509Certificate* x509_cert = X509Certificate::CreateFromHandle( 1239 X509Certificate* x509_cert = X509Certificate::CreateFromHandle(
1231 cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, 1240 cert, X509Certificate::SOURCE_LONE_CERT_IMPORT,
1232 net::X509Certificate::OSCertHandles()); 1241 net::X509Certificate::OSCertHandles());
1233 that->client_certs_.push_back(x509_cert); 1242 that->client_certs_.push_back(x509_cert);
1234 SECKEY_DestroyPrivateKey(privkey); 1243 SECKEY_DestroyPrivateKey(privkey);
1235 continue; 1244 continue;
1236 } 1245 }
1237 } 1246 }
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after
1415 EnterFunction(user_write_buf_len_); 1424 EnterFunction(user_write_buf_len_);
1416 DCHECK(user_write_buf_); 1425 DCHECK(user_write_buf_);
1417 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); 1426 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_);
1418 if (rv >= 0) { 1427 if (rv >= 0) {
1419 LogData(user_write_buf_->data(), rv); 1428 LogData(user_write_buf_->data(), rv);
1420 LeaveFunction(""); 1429 LeaveFunction("");
1421 return rv; 1430 return rv;
1422 } 1431 }
1423 PRErrorCode prerr = PR_GetError(); 1432 PRErrorCode prerr = PR_GetError();
1424 if (prerr == PR_WOULD_BLOCK_ERROR) { 1433 if (prerr == PR_WOULD_BLOCK_ERROR) {
1434 LeaveFunction("");
1425 return ERR_IO_PENDING; 1435 return ERR_IO_PENDING;
1426 } 1436 }
1427 LeaveFunction(""); 1437 LeaveFunction("");
1428 return MapNSPRError(prerr); 1438 return MapNSPRError(prerr);
1429 } 1439 }
1430 1440
1431 } // namespace net 1441 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698