Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(22)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_mac.cc

Issue 3112013: Move chain building/verification out of X509Certificate (Closed)
Patch Set: Rebase to trunk - Without OpenSSL fixes Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/base/x509_chain_win.cc ('K') | « net/net.gyp ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_mac.h" 5 #include "net/socket/ssl_client_socket_mac.h"
6 6
7 #include <CoreServices/CoreServices.h> 7 #include <CoreServices/CoreServices.h>
8 #include <netdb.h> 8 #include <netdb.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
11 11
12 #include "base/scoped_cftyperef.h" 12 #include "base/scoped_cftyperef.h"
13 #include "base/singleton.h" 13 #include "base/singleton.h"
14 #include "base/string_util.h" 14 #include "base/string_util.h"
15 #include "net/base/address_list.h" 15 #include "net/base/address_list.h"
16 #include "net/base/cert_verifier.h" 16 #include "net/base/cert_verifier.h"
17 #include "net/base/io_buffer.h" 17 #include "net/base/io_buffer.h"
18 #include "net/base/net_errors.h" 18 #include "net/base/net_errors.h"
19 #include "net/base/net_log.h" 19 #include "net/base/net_log.h"
20 #include "net/base/ssl_cert_request_info.h" 20 #include "net/base/ssl_cert_request_info.h"
21 #include "net/base/ssl_connection_status_flags.h" 21 #include "net/base/ssl_connection_status_flags.h"
22 #include "net/base/ssl_info.h" 22 #include "net/base/ssl_info.h"
23 #include "net/base/x509_chain.h"
23 #include "net/socket/client_socket_handle.h" 24 #include "net/socket/client_socket_handle.h"
24 25
25 // Welcome to Mac SSL. We've been waiting for you. 26 // Welcome to Mac SSL. We've been waiting for you.
26 // 27 //
27 // The Mac SSL implementation is, like the Windows and NSS implementations, a 28 // The Mac SSL implementation is, like the Windows and NSS implementations, a
28 // giant state machine. This design constraint is due to the asynchronous nature 29 // giant state machine. This design constraint is due to the asynchronous nature
29 // of our underlying transport mechanism. We can call down to read/write on the 30 // of our underlying transport mechanism. We can call down to read/write on the
30 // network, but what happens is that either it completes immediately or returns 31 // network, but what happens is that either it completes immediately or returns
31 // saying that we'll get a callback sometime in the future. In that case, we 32 // saying that we'll get a callback sometime in the future. In that case, we
32 // have to return to our caller but pick up where we left off when we 33 // have to return to our caller but pick up where we left off when we
(...skipping 951 matching lines...) Expand 10 before | Expand all | Expand 10 after
984 } 985 }
985 986
986 int SSLClientSocketMac::DoVerifyCert() { 987 int SSLClientSocketMac::DoVerifyCert() {
987 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; 988 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE;
988 989
989 DCHECK(server_cert_); 990 DCHECK(server_cert_);
990 991
991 SSL_LOG << "DoVerifyCert..."; 992 SSL_LOG << "DoVerifyCert...";
992 int flags = 0; 993 int flags = 0;
993 if (ssl_config_.rev_checking_enabled) 994 if (ssl_config_.rev_checking_enabled)
994 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 995 flags |= x509_chain::VERIFY_REV_CHECKING_ENABLED;
995 if (ssl_config_.verify_ev_cert) 996 if (ssl_config_.verify_ev_cert)
996 flags |= X509Certificate::VERIFY_EV_CERT; 997 flags |= x509_chain::VERIFY_EV_CERT;
997 verifier_.reset(new CertVerifier); 998 verifier_.reset(new CertVerifier);
998 return verifier_->Verify(server_cert_, hostname_, flags, 999 return verifier_->Verify(server_cert_, hostname_, flags,
999 &server_cert_verify_result_, 1000 &server_cert_verify_result_,
1000 &handshake_io_callback_); 1001 &handshake_io_callback_);
1001 } 1002 }
1002 1003
1003 int SSLClientSocketMac::DoVerifyCertComplete(int result) { 1004 int SSLClientSocketMac::DoVerifyCertComplete(int result) {
1004 DCHECK(verifier_.get()); 1005 DCHECK(verifier_.get());
1005 verifier_.reset(); 1006 verifier_.reset();
1006 1007
(...skipping 243 matching lines...) Expand 10 before | Expand all | Expand 10 after
1250 if (rv < 0 && rv != ERR_IO_PENDING) { 1251 if (rv < 0 && rv != ERR_IO_PENDING) {
1251 us->write_io_buf_ = NULL; 1252 us->write_io_buf_ = NULL;
1252 return OSStatusFromNetError(rv); 1253 return OSStatusFromNetError(rv);
1253 } 1254 }
1254 1255
1255 // always lie to our caller 1256 // always lie to our caller
1256 return noErr; 1257 return noErr;
1257 } 1258 }
1258 1259
1259 } // namespace net 1260 } // namespace net
OLDNEW
« net/base/x509_chain_win.cc ('K') | « net/net.gyp ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698