| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_win.h" | 5 #include "net/socket/ssl_client_socket_win.h" |
| 6 | 6 |
| 7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
| 8 #include <map> | 8 #include <map> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 103 return OK; | 103 return OK; |
| 104 default: | 104 default: |
| 105 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; | 105 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; |
| 106 return ERR_FAILED; | 106 return ERR_FAILED; |
| 107 } | 107 } |
| 108 } | 108 } |
| 109 | 109 |
| 110 //----------------------------------------------------------------------------- | 110 //----------------------------------------------------------------------------- |
| 111 | 111 |
| 112 // A bitmask consisting of these bit flags encodes which versions of the SSL | 112 // A bitmask consisting of these bit flags encodes which versions of the SSL |
| 113 // protocol (SSL 2.0, SSL 3.0, and TLS 1.0) are enabled. | 113 // protocol (SSL 3.0 and TLS 1.0) are enabled. |
| 114 enum { | 114 enum { |
| 115 SSL2 = 1 << 0, | 115 SSL3 = 1 << 0, |
| 116 SSL3 = 1 << 1, | 116 TLS1 = 1 << 1, |
| 117 TLS1 = 1 << 2, | 117 SSL_VERSION_MASKS = 1 << 2 // The number of SSL version bitmasks. |
| 118 SSL_VERSION_MASKS = 1 << 3 // The number of SSL version bitmasks. | |
| 119 }; | 118 }; |
| 120 | 119 |
| 121 // CredHandleClass simply gives a default constructor and a destructor to | 120 // CredHandleClass simply gives a default constructor and a destructor to |
| 122 // SSPI's CredHandle type (a C struct). | 121 // SSPI's CredHandle type (a C struct). |
| 123 class CredHandleClass : public CredHandle { | 122 class CredHandleClass : public CredHandle { |
| 124 public: | 123 public: |
| 125 CredHandleClass() { | 124 CredHandleClass() { |
| 126 SecInvalidateHandle(this); | 125 SecInvalidateHandle(this); |
| 127 } | 126 } |
| 128 | 127 |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 203 schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; | 202 schannel_cred.dwVersion = SCHANNEL_CRED_VERSION; |
| 204 if (client_cert) { | 203 if (client_cert) { |
| 205 schannel_cred.cCreds = 1; | 204 schannel_cred.cCreds = 1; |
| 206 schannel_cred.paCred = &client_cert; | 205 schannel_cred.paCred = &client_cert; |
| 207 // Schannel will make its own copy of client_cert. | 206 // Schannel will make its own copy of client_cert. |
| 208 } | 207 } |
| 209 | 208 |
| 210 // The global system registry settings take precedence over the value of | 209 // The global system registry settings take precedence over the value of |
| 211 // schannel_cred.grbitEnabledProtocols. | 210 // schannel_cred.grbitEnabledProtocols. |
| 212 schannel_cred.grbitEnabledProtocols = 0; | 211 schannel_cred.grbitEnabledProtocols = 0; |
| 213 if (ssl_version_mask & SSL2) | |
| 214 schannel_cred.grbitEnabledProtocols |= SP_PROT_SSL2; | |
| 215 if (ssl_version_mask & SSL3) | 212 if (ssl_version_mask & SSL3) |
| 216 schannel_cred.grbitEnabledProtocols |= SP_PROT_SSL3; | 213 schannel_cred.grbitEnabledProtocols |= SP_PROT_SSL3; |
| 217 if (ssl_version_mask & TLS1) | 214 if (ssl_version_mask & TLS1) |
| 218 schannel_cred.grbitEnabledProtocols |= SP_PROT_TLS1; | 215 schannel_cred.grbitEnabledProtocols |= SP_PROT_TLS1; |
| 219 | 216 |
| 220 // The default session lifetime is 36000000 milliseconds (ten hours). Set | 217 // The default session lifetime is 36000000 milliseconds (ten hours). Set |
| 221 // schannel_cred.dwSessionLifespan to change the number of milliseconds that | 218 // schannel_cred.dwSessionLifespan to change the number of milliseconds that |
| 222 // Schannel keeps the session in its session cache. | 219 // Schannel keeps the session in its session cache. |
| 223 | 220 |
| 224 // We can set the key exchange algorithms (RSA or DH) in | 221 // We can set the key exchange algorithms (RSA or DH) in |
| (...skipping 328 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 553 if (rv == ERR_IO_PENDING) { | 550 if (rv == ERR_IO_PENDING) { |
| 554 user_connect_callback_ = callback; | 551 user_connect_callback_ = callback; |
| 555 } else { | 552 } else { |
| 556 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, NULL); | 553 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, NULL); |
| 557 } | 554 } |
| 558 return rv; | 555 return rv; |
| 559 } | 556 } |
| 560 | 557 |
| 561 int SSLClientSocketWin::InitializeSSLContext() { | 558 int SSLClientSocketWin::InitializeSSLContext() { |
| 562 int ssl_version_mask = 0; | 559 int ssl_version_mask = 0; |
| 563 if (ssl_config_.ssl2_enabled) | |
| 564 ssl_version_mask |= SSL2; | |
| 565 if (ssl_config_.ssl3_enabled) | 560 if (ssl_config_.ssl3_enabled) |
| 566 ssl_version_mask |= SSL3; | 561 ssl_version_mask |= SSL3; |
| 567 if (ssl_config_.tls1_enabled) | 562 if (ssl_config_.tls1_enabled) |
| 568 ssl_version_mask |= TLS1; | 563 ssl_version_mask |= TLS1; |
| 569 // If we pass 0 to GetCredHandle, we will let Schannel select the protocols, | 564 // If we pass 0 to GetCredHandle, we will let Schannel select the protocols, |
| 570 // rather than enabling no protocols. So we have to fail here. | 565 // rather than enabling no protocols. So we have to fail here. |
| 571 if (ssl_version_mask == 0) | 566 if (ssl_version_mask == 0) |
| 572 return ERR_NO_SSL_VERSIONS_ENABLED; | 567 return ERR_NO_SSL_VERSIONS_ENABLED; |
| 573 PCCERT_CONTEXT cert_context = NULL; | 568 PCCERT_CONTEXT cert_context = NULL; |
| 574 if (ssl_config_.client_cert) | 569 if (ssl_config_.client_cert) |
| (...skipping 935 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1510 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | 1505 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); |
| 1511 } | 1506 } |
| 1512 | 1507 |
| 1513 void SSLClientSocketWin::FreeSendBuffer() { | 1508 void SSLClientSocketWin::FreeSendBuffer() { |
| 1514 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1509 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
| 1515 DCHECK(status == SEC_E_OK); | 1510 DCHECK(status == SEC_E_OK); |
| 1516 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1511 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
| 1517 } | 1512 } |
| 1518 | 1513 |
| 1519 } // namespace net | 1514 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
