Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(121)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 3112013: Move chain building/verification out of X509Certificate (Closed)
Patch Set: Rebase to trunk - Without OpenSSL fixes Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/base/x509_chain_win.cc ('K') | « net/socket/ssl_client_socket_mac.cc ('k') | net/socket/ssl_client_socket_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
79 #include "net/base/dnsrr_resolver.h" 79 #include "net/base/dnsrr_resolver.h"
80 #include "net/base/dnssec_chain_verifier.h" 80 #include "net/base/dnssec_chain_verifier.h"
81 #include "net/base/io_buffer.h" 81 #include "net/base/io_buffer.h"
82 #include "net/base/net_errors.h" 82 #include "net/base/net_errors.h"
83 #include "net/base/net_log.h" 83 #include "net/base/net_log.h"
84 #include "net/base/ssl_cert_request_info.h" 84 #include "net/base/ssl_cert_request_info.h"
85 #include "net/base/ssl_connection_status_flags.h" 85 #include "net/base/ssl_connection_status_flags.h"
86 #include "net/base/ssl_info.h" 86 #include "net/base/ssl_info.h"
87 #include "net/base/ssl_non_sensitive_host_info.h" 87 #include "net/base/ssl_non_sensitive_host_info.h"
88 #include "net/base/sys_addrinfo.h" 88 #include "net/base/sys_addrinfo.h"
89 #include "net/base/x509_chain.h"
89 #include "net/ocsp/nss_ocsp.h" 90 #include "net/ocsp/nss_ocsp.h"
90 #include "net/socket/client_socket_handle.h" 91 #include "net/socket/client_socket_handle.h"
91 92
92 static const int kRecvBufferSize = 4096; 93 static const int kRecvBufferSize = 4096;
93 94
94 // kCorkTimeoutMs is the number of milliseconds for which we'll wait for a 95 // kCorkTimeoutMs is the number of milliseconds for which we'll wait for a
95 // Write to an SSL socket which we're False Starting. Since corking stops the 96 // Write to an SSL socket which we're False Starting. Since corking stops the
96 // Finished message from being sent, the server sees an incomplete handshake 97 // Finished message from being sent, the server sees an incomplete handshake
97 // and some will time out such sockets quite aggressively. 98 // and some will time out such sockets quite aggressively.
98 static const int kCorkTimeoutMs = 200; 99 static const int kCorkTimeoutMs = 200;
(...skipping 2184 matching lines...) Expand 10 before | Expand all | Expand 10 after
2283 2284
2284 return OK; 2285 return OK;
2285 } 2286 }
2286 2287
2287 int SSLClientSocketNSS::DoVerifyCert(int result) { 2288 int SSLClientSocketNSS::DoVerifyCert(int result) {
2288 DCHECK(server_cert_); 2289 DCHECK(server_cert_);
2289 GotoState(STATE_VERIFY_CERT_COMPLETE); 2290 GotoState(STATE_VERIFY_CERT_COMPLETE);
2290 int flags = 0; 2291 int flags = 0;
2291 2292
2292 if (ssl_config_.rev_checking_enabled) 2293 if (ssl_config_.rev_checking_enabled)
2293 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 2294 flags |= x509_chain::VERIFY_REV_CHECKING_ENABLED;
2294 if (ssl_config_.verify_ev_cert) 2295 if (ssl_config_.verify_ev_cert)
2295 flags |= X509Certificate::VERIFY_EV_CERT; 2296 flags |= x509_chain::VERIFY_EV_CERT;
2296 verifier_.reset(new CertVerifier); 2297 verifier_.reset(new CertVerifier);
2297 return verifier_->Verify(server_cert_, hostname_, flags, 2298 return verifier_->Verify(server_cert_, hostname_, flags,
2298 &server_cert_verify_result_, 2299 &server_cert_verify_result_,
2299 &handshake_io_callback_); 2300 &handshake_io_callback_);
2300 } 2301 }
2301 2302
2302 // Derived from AuthCertificateCallback() in 2303 // Derived from AuthCertificateCallback() in
2303 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. 2304 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp.
2304 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { 2305 int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
2305 verifier_.reset(); 2306 verifier_.reset();
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after
2414 return ERR_IO_PENDING; 2415 return ERR_IO_PENDING;
2415 } 2416 }
2416 LeaveFunction(""); 2417 LeaveFunction("");
2417 rv = MapNSPRError(prerr); 2418 rv = MapNSPRError(prerr);
2418 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, 2419 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR,
2419 new SSLErrorParams(rv, prerr)); 2420 new SSLErrorParams(rv, prerr));
2420 return rv; 2421 return rv;
2421 } 2422 }
2422 2423
2423 } // namespace net 2424 } // namespace net
OLDNEW
« net/base/x509_chain_win.cc ('K') | « net/socket/ssl_client_socket_mac.cc ('k') | net/socket/ssl_client_socket_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698