| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code GetDefaultCertNickname(), derived from | 5 // This file includes code GetDefaultCertNickname(), derived from |
| 6 // nsNSSCertificate::defaultServerNickName() | 6 // nsNSSCertificate::defaultServerNickName() |
| 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp | 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp |
| 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from | 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from |
| 9 // AuthCertificateCallback() in | 9 // AuthCertificateCallback() in |
| 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 62 #include <sslerr.h> | 62 #include <sslerr.h> |
| 63 #include <pk11pub.h> | 63 #include <pk11pub.h> |
| 64 #undef Lock | 64 #undef Lock |
| 65 | 65 |
| 66 #include "base/compiler_specific.h" | 66 #include "base/compiler_specific.h" |
| 67 #include "base/logging.h" | 67 #include "base/logging.h" |
| 68 #include "base/nss_init.h" | 68 #include "base/nss_init.h" |
| 69 #include "base/string_util.h" | 69 #include "base/string_util.h" |
| 70 #include "net/base/cert_verifier.h" | 70 #include "net/base/cert_verifier.h" |
| 71 #include "net/base/io_buffer.h" | 71 #include "net/base/io_buffer.h" |
| 72 #include "net/base/load_log.h" |
| 72 #include "net/base/net_errors.h" | 73 #include "net/base/net_errors.h" |
| 73 #include "net/base/ssl_cert_request_info.h" | 74 #include "net/base/ssl_cert_request_info.h" |
| 74 #include "net/base/ssl_info.h" | 75 #include "net/base/ssl_info.h" |
| 75 #include "net/ocsp/nss_ocsp.h" | 76 #include "net/ocsp/nss_ocsp.h" |
| 76 | 77 |
| 77 static const int kRecvBufferSize = 4096; | 78 static const int kRecvBufferSize = 4096; |
| 78 | 79 |
| 79 namespace net { | 80 namespace net { |
| 80 | 81 |
| 81 // State machines are easier to debug if you log state transitions. | 82 // State machines are easier to debug if you log state transitions. |
| (...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 229 base::EnsureNSSInit(); | 230 base::EnsureNSSInit(); |
| 230 // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop | 231 // We must call EnsureOCSPInit() here, on the IO thread, to get the IO loop |
| 231 // by MessageLoopForIO::current(). | 232 // by MessageLoopForIO::current(). |
| 232 // X509Certificate::Verify() runs on a worker thread of CertVerifier. | 233 // X509Certificate::Verify() runs on a worker thread of CertVerifier. |
| 233 EnsureOCSPInit(); | 234 EnsureOCSPInit(); |
| 234 | 235 |
| 235 LeaveFunction(""); | 236 LeaveFunction(""); |
| 236 return OK; | 237 return OK; |
| 237 } | 238 } |
| 238 | 239 |
| 239 int SSLClientSocketNSS::Connect(CompletionCallback* callback) { | 240 int SSLClientSocketNSS::Connect(CompletionCallback* callback, |
| 241 LoadLog* load_log) { |
| 240 EnterFunction(""); | 242 EnterFunction(""); |
| 241 DCHECK(transport_.get()); | 243 DCHECK(transport_.get()); |
| 242 DCHECK(next_handshake_state_ == STATE_NONE); | 244 DCHECK(next_handshake_state_ == STATE_NONE); |
| 243 DCHECK(!user_read_callback_); | 245 DCHECK(!user_read_callback_); |
| 244 DCHECK(!user_write_callback_); | 246 DCHECK(!user_write_callback_); |
| 245 DCHECK(!user_connect_callback_); | 247 DCHECK(!user_connect_callback_); |
| 246 DCHECK(!user_read_buf_); | 248 DCHECK(!user_read_buf_); |
| 247 DCHECK(!user_write_buf_); | 249 DCHECK(!user_write_buf_); |
| 248 | 250 |
| 251 LoadLog::BeginEvent(load_log, LoadLog::TYPE_SSL_CONNECT); |
| 252 |
| 249 if (Init() != OK) { | 253 if (Init() != OK) { |
| 250 NOTREACHED() << "Couldn't initialize nss"; | 254 NOTREACHED() << "Couldn't initialize nss"; |
| 251 } | 255 } |
| 252 | 256 |
| 257 int rv = InitializeSSLOptions(); |
| 258 if (rv != OK) { |
| 259 LoadLog::EndEvent(load_log, LoadLog::TYPE_SSL_CONNECT); |
| 260 return rv; |
| 261 } |
| 262 |
| 263 GotoState(STATE_HANDSHAKE); |
| 264 rv = DoHandshakeLoop(OK); |
| 265 if (rv == ERR_IO_PENDING) { |
| 266 user_connect_callback_ = callback; |
| 267 load_log_ = load_log; |
| 268 } else { |
| 269 LoadLog::EndEvent(load_log, LoadLog::TYPE_SSL_CONNECT); |
| 270 } |
| 271 |
| 272 LeaveFunction(""); |
| 273 return rv > OK ? OK : rv; |
| 274 } |
| 275 |
| 276 int SSLClientSocketNSS::InitializeSSLOptions() { |
| 253 // Transport connected, now hook it up to nss | 277 // Transport connected, now hook it up to nss |
| 254 // TODO(port): specify rx and tx buffer sizes separately | 278 // TODO(port): specify rx and tx buffer sizes separately |
| 255 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); | 279 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); |
| 256 if (nss_fd_ == NULL) { | 280 if (nss_fd_ == NULL) { |
| 257 return 9999; // TODO(port): real error | 281 return 9999; // TODO(port): real error |
| 258 } | 282 } |
| 259 | 283 |
| 260 // Tell NSS who we're connected to | 284 // Tell NSS who we're connected to |
| 261 PRNetAddr peername; | 285 PRNetAddr peername; |
| 262 socklen_t len = sizeof(PRNetAddr); | 286 socklen_t len = sizeof(PRNetAddr); |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 330 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | 354 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); |
| 331 if (rv != SECSuccess) | 355 if (rv != SECSuccess) |
| 332 return ERR_UNEXPECTED; | 356 return ERR_UNEXPECTED; |
| 333 | 357 |
| 334 // Tell SSL the hostname we're trying to connect to. | 358 // Tell SSL the hostname we're trying to connect to. |
| 335 SSL_SetURL(nss_fd_, hostname_.c_str()); | 359 SSL_SetURL(nss_fd_, hostname_.c_str()); |
| 336 | 360 |
| 337 // Tell SSL we're a client; needed if not letting NSPR do socket I/O | 361 // Tell SSL we're a client; needed if not letting NSPR do socket I/O |
| 338 SSL_ResetHandshake(nss_fd_, 0); | 362 SSL_ResetHandshake(nss_fd_, 0); |
| 339 | 363 |
| 340 GotoState(STATE_HANDSHAKE); | 364 return OK; |
| 341 rv = DoHandshakeLoop(OK); | |
| 342 if (rv == ERR_IO_PENDING) | |
| 343 user_connect_callback_ = callback; | |
| 344 | |
| 345 LeaveFunction(""); | |
| 346 return rv > OK ? OK : rv; | |
| 347 } | 365 } |
| 348 | 366 |
| 349 void SSLClientSocketNSS::InvalidateSessionIfBadCertificate() { | 367 void SSLClientSocketNSS::InvalidateSessionIfBadCertificate() { |
| 350 if (UpdateServerCert() != NULL && | 368 if (UpdateServerCert() != NULL && |
| 351 ssl_config_.IsAllowedBadCert(server_cert_)) { | 369 ssl_config_.IsAllowedBadCert(server_cert_)) { |
| 352 SSL_InvalidateSession(nss_fd_); | 370 SSL_InvalidateSession(nss_fd_); |
| 353 } | 371 } |
| 354 } | 372 } |
| 355 | 373 |
| 356 void SSLClientSocketNSS::Disconnect() { | 374 void SSLClientSocketNSS::Disconnect() { |
| (...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 569 | 587 |
| 570 CompletionCallback* c = user_connect_callback_; | 588 CompletionCallback* c = user_connect_callback_; |
| 571 user_connect_callback_ = NULL; | 589 user_connect_callback_ = NULL; |
| 572 c->Run(rv > OK ? OK : rv); | 590 c->Run(rv > OK ? OK : rv); |
| 573 LeaveFunction(""); | 591 LeaveFunction(""); |
| 574 } | 592 } |
| 575 | 593 |
| 576 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) { | 594 void SSLClientSocketNSS::OnHandshakeIOComplete(int result) { |
| 577 EnterFunction(result); | 595 EnterFunction(result); |
| 578 int rv = DoHandshakeLoop(result); | 596 int rv = DoHandshakeLoop(result); |
| 579 if (rv != ERR_IO_PENDING) | 597 if (rv != ERR_IO_PENDING) { |
| 598 LoadLog::EndEvent(load_log_, net::LoadLog::TYPE_SSL_CONNECT); |
| 599 load_log_ = NULL; |
| 580 DoConnectCallback(rv); | 600 DoConnectCallback(rv); |
| 601 } |
| 581 LeaveFunction(""); | 602 LeaveFunction(""); |
| 582 } | 603 } |
| 583 | 604 |
| 584 void SSLClientSocketNSS::OnSendComplete(int result) { | 605 void SSLClientSocketNSS::OnSendComplete(int result) { |
| 585 EnterFunction(result); | 606 EnterFunction(result); |
| 586 if (next_handshake_state_ != STATE_NONE) { | 607 if (next_handshake_state_ != STATE_NONE) { |
| 587 // In handshake phase. | 608 // In handshake phase. |
| 588 OnHandshakeIOComplete(result); | 609 OnHandshakeIOComplete(result); |
| 589 LeaveFunction(""); | 610 LeaveFunction(""); |
| 590 return; | 611 return; |
| (...skipping 477 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1068 } | 1089 } |
| 1069 PRErrorCode prerr = PR_GetError(); | 1090 PRErrorCode prerr = PR_GetError(); |
| 1070 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1091 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 1071 return ERR_IO_PENDING; | 1092 return ERR_IO_PENDING; |
| 1072 } | 1093 } |
| 1073 LeaveFunction(""); | 1094 LeaveFunction(""); |
| 1074 return NetErrorFromNSPRError(prerr); | 1095 return NetErrorFromNSPRError(prerr); |
| 1075 } | 1096 } |
| 1076 | 1097 |
| 1077 } // namespace net | 1098 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 344026:
Add LoadLog to ClientSocket::Connect(). (Closed)
