| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_win.h" | 5 #include "net/socket/ssl_client_socket_win.h" |
| 6 | 6 |
| 7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
| 8 | 8 |
| 9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
| 10 #include "base/lock.h" | 10 #include "base/lock.h" |
| (...skipping 397 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 408 // Copy it to our own certificate store, so that we can close the "MY" | 408 // Copy it to our own certificate store, so that we can close the "MY" |
| 409 // certificate store before returning from this function. | 409 // certificate store before returning from this function. |
| 410 PCCERT_CONTEXT cert_context2 = | 410 PCCERT_CONTEXT cert_context2 = |
| 411 Singleton<ClientCertStore>::get()->CopyCertContext(cert_context); | 411 Singleton<ClientCertStore>::get()->CopyCertContext(cert_context); |
| 412 if (!cert_context2) { | 412 if (!cert_context2) { |
| 413 NOTREACHED(); | 413 NOTREACHED(); |
| 414 continue; | 414 continue; |
| 415 } | 415 } |
| 416 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( | 416 scoped_refptr<X509Certificate> cert = X509Certificate::CreateFromHandle( |
| 417 cert_context2, X509Certificate::SOURCE_LONE_CERT_IMPORT, | 417 cert_context2, X509Certificate::SOURCE_LONE_CERT_IMPORT, |
| 418 net::X509Certificate::OSCertHandles()); | 418 X509Certificate::OSCertHandles()); |
| 419 cert_request_info->client_certs.push_back(cert); | 419 cert_request_info->client_certs.push_back(cert); |
| 420 CertFreeCertificateContext(cert_context2); |
| 420 } | 421 } |
| 421 | 422 |
| 422 FreeContextBuffer(issuer_list.aIssuers); | 423 FreeContextBuffer(issuer_list.aIssuers); |
| 423 | 424 |
| 424 BOOL ok = CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG); | 425 BOOL ok = CertCloseStore(my_cert_store, CERT_CLOSE_STORE_CHECK_FLAG); |
| 425 DCHECK(ok); | 426 DCHECK(ok); |
| 426 } | 427 } |
| 427 | 428 |
| 428 SSLClientSocket::NextProtoStatus | 429 SSLClientSocket::NextProtoStatus |
| 429 SSLClientSocketWin::GetNextProto(std::string* proto) { | 430 SSLClientSocketWin::GetNextProto(std::string* proto) { |
| (...skipping 870 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1300 &ctxt_, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &server_cert_handle); | 1301 &ctxt_, SECPKG_ATTR_REMOTE_CERT_CONTEXT, &server_cert_handle); |
| 1301 if (status != SEC_E_OK) { | 1302 if (status != SEC_E_OK) { |
| 1302 DLOG(ERROR) << "QueryContextAttributes (remote cert) failed: " << status; | 1303 DLOG(ERROR) << "QueryContextAttributes (remote cert) failed: " << status; |
| 1303 return MapSecurityError(status); | 1304 return MapSecurityError(status); |
| 1304 } | 1305 } |
| 1305 if (renegotiating_ && | 1306 if (renegotiating_ && |
| 1306 X509Certificate::IsSameOSCert(server_cert_->os_cert_handle(), | 1307 X509Certificate::IsSameOSCert(server_cert_->os_cert_handle(), |
| 1307 server_cert_handle)) { | 1308 server_cert_handle)) { |
| 1308 // We already verified the server certificate. Either it is good or the | 1309 // We already verified the server certificate. Either it is good or the |
| 1309 // user has accepted the certificate error. | 1310 // user has accepted the certificate error. |
| 1310 CertFreeCertificateContext(server_cert_handle); | |
| 1311 DidCompleteRenegotiation(); | 1311 DidCompleteRenegotiation(); |
| 1312 } else { | 1312 } else { |
| 1313 server_cert_ = X509Certificate::CreateFromHandle( | 1313 server_cert_ = X509Certificate::CreateFromHandle( |
| 1314 server_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, | 1314 server_cert_handle, X509Certificate::SOURCE_FROM_NETWORK, |
| 1315 net::X509Certificate::OSCertHandles()); | 1315 X509Certificate::OSCertHandles()); |
| 1316 | 1316 |
| 1317 next_state_ = STATE_VERIFY_CERT; | 1317 next_state_ = STATE_VERIFY_CERT; |
| 1318 } | 1318 } |
| 1319 CertFreeCertificateContext(server_cert_handle); |
| 1319 return OK; | 1320 return OK; |
| 1320 } | 1321 } |
| 1321 | 1322 |
| 1322 // Called when a renegotiation is completed. |result| is the verification | 1323 // Called when a renegotiation is completed. |result| is the verification |
| 1323 // result of the server certificate received during renegotiation. | 1324 // result of the server certificate received during renegotiation. |
| 1324 void SSLClientSocketWin::DidCompleteRenegotiation() { | 1325 void SSLClientSocketWin::DidCompleteRenegotiation() { |
| 1325 DCHECK(!user_connect_callback_); | 1326 DCHECK(!user_connect_callback_); |
| 1326 DCHECK(user_read_callback_); | 1327 DCHECK(user_read_callback_); |
| 1327 renegotiating_ = false; | 1328 renegotiating_ = false; |
| 1328 next_state_ = STATE_COMPLETED_RENEGOTIATION; | 1329 next_state_ = STATE_COMPLETED_RENEGOTIATION; |
| (...skipping 13 matching lines...) Expand all Loading... |
| 1342 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | 1343 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); |
| 1343 } | 1344 } |
| 1344 | 1345 |
| 1345 void SSLClientSocketWin::FreeSendBuffer() { | 1346 void SSLClientSocketWin::FreeSendBuffer() { |
| 1346 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1347 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
| 1347 DCHECK(status == SEC_E_OK); | 1348 DCHECK(status == SEC_E_OK); |
| 1348 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1349 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
| 1349 } | 1350 } |
| 1350 | 1351 |
| 1351 } // namespace net | 1352 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2867026:
Make X509Certificate::CreateFromHandle() copy the OSCertHandle, rather than assume ownership (Closed)
