Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(64)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 165191: Implement SSL certificate error handling on the Mac. If the user gives... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Upload before checkin Created 11 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_mac.cc ('k') | net/socket/ssl_client_socket_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code GetDefaultCertNickname(), derived from 5 // This file includes code GetDefaultCertNickname(), derived from
6 // nsNSSCertificate::defaultServerNickName() 6 // nsNSSCertificate::defaultServerNickName()
7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp
8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from
9 // AuthCertificateCallback() in 9 // AuthCertificateCallback() in
10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after
325 rv = DoLoop(OK); 325 rv = DoLoop(OK);
326 if (rv == ERR_IO_PENDING) 326 if (rv == ERR_IO_PENDING)
327 user_connect_callback_ = callback; 327 user_connect_callback_ = callback;
328 328
329 LeaveFunction(""); 329 LeaveFunction("");
330 return rv > OK ? OK : rv; 330 return rv > OK ? OK : rv;
331 } 331 }
332 332
333 void SSLClientSocketNSS::InvalidateSessionIfBadCertificate() { 333 void SSLClientSocketNSS::InvalidateSessionIfBadCertificate() {
334 if (UpdateServerCert() != NULL && 334 if (UpdateServerCert() != NULL &&
335 ssl_config_.allowed_bad_certs_.count(server_cert_)) { 335 ssl_config_.IsAllowedBadCert(server_cert_)) {
336 SSL_InvalidateSession(nss_fd_); 336 SSL_InvalidateSession(nss_fd_);
337 } 337 }
338 } 338 }
339 339
340 void SSLClientSocketNSS::Disconnect() { 340 void SSLClientSocketNSS::Disconnect() {
341 EnterFunction(""); 341 EnterFunction("");
342 342
343 // TODO(wtc): Send SSL close_notify alert. 343 // TODO(wtc): Send SSL close_notify alert.
344 if (nss_fd_ != NULL) { 344 if (nss_fd_ != NULL) {
345 InvalidateSessionIfBadCertificate(); 345 InvalidateSessionIfBadCertificate();
(...skipping 429 matching lines...) Expand 10 before | Expand all | Expand 10 after
775 } 775 }
776 } 776 }
777 CERT_DestroyCertList(cert_list); 777 CERT_DestroyCertList(cert_list);
778 } 778 }
779 } 779 }
780 780
781 // If we have been explicitly told to accept this certificate, override the 781 // If we have been explicitly told to accept this certificate, override the
782 // result of verifier_.Verify. 782 // result of verifier_.Verify.
783 // Eventually, we should cache the cert verification results so that we don't 783 // Eventually, we should cache the cert verification results so that we don't
784 // need to call verifier_.Verify repeatedly. But for now we need to do this. 784 // need to call verifier_.Verify repeatedly. But for now we need to do this.
785 // Alternatively, we might be able to store the cert's status along with 785 // Alternatively, we could use the cert's status that we stored along with
786 // the cert in the allowed_bad_certs_ set. 786 // the cert in the allowed_bad_certs vector.
787 if (IsCertificateError(result) && 787 if (IsCertificateError(result) &&
788 ssl_config_.allowed_bad_certs_.count(server_cert_)) { 788 ssl_config_.IsAllowedBadCert(server_cert_)) {
789 LOG(INFO) << "accepting bad SSL certificate, as user told us to"; 789 LOG(INFO) << "accepting bad SSL certificate, as user told us to";
790 result = OK; 790 result = OK;
791 } 791 }
792 792
793 completed_handshake_ = true; 793 completed_handshake_ = true;
794 // TODO(ukai): we may not need this call because it is now harmless to have an 794 // TODO(ukai): we may not need this call because it is now harmless to have an
795 // session with a bad cert. 795 // session with a bad cert.
796 InvalidateSessionIfBadCertificate(); 796 InvalidateSessionIfBadCertificate();
797 // Exit DoLoop and return the result to the caller to Connect. 797 // Exit DoLoop and return the result to the caller to Connect.
798 DCHECK(next_state_ == STATE_NONE); 798 DCHECK(next_state_ == STATE_NONE);
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
832 if (prerr == PR_WOULD_BLOCK_ERROR) { 832 if (prerr == PR_WOULD_BLOCK_ERROR) {
833 GotoState(STATE_PAYLOAD_WRITE); 833 GotoState(STATE_PAYLOAD_WRITE);
834 return ERR_IO_PENDING; 834 return ERR_IO_PENDING;
835 } 835 }
836 user_buf_ = NULL; 836 user_buf_ = NULL;
837 LeaveFunction(""); 837 LeaveFunction("");
838 return NetErrorFromNSPRError(prerr); 838 return NetErrorFromNSPRError(prerr);
839 } 839 }
840 840
841 } // namespace net 841 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_mac.cc ('k') | net/socket/ssl_client_socket_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698