Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(59)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_mac.cc

Issue 4339001: Correctly handle SSL Client Authentication requests when connecting... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Rebase... Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/socket/client_socket_factory.h ('K') | « net/socket/ssl_client_socket_mac.h ('k') | net/socket/ssl_client_socket_nss.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_mac.h" 5 #include "net/socket/ssl_client_socket_mac.h"
6 6
7 #include <CoreServices/CoreServices.h> 7 #include <CoreServices/CoreServices.h>
8 #include <netdb.h> 8 #include <netdb.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
11 11
12 #include <algorithm> 12 #include <algorithm>
13 13
14 #include "base/mac/scoped_cftyperef.h" 14 #include "base/mac/scoped_cftyperef.h"
15 #include "base/singleton.h" 15 #include "base/singleton.h"
16 #include "base/string_util.h" 16 #include "base/string_util.h"
17 #include "net/base/address_list.h" 17 #include "net/base/address_list.h"
18 #include "net/base/cert_verifier.h" 18 #include "net/base/cert_verifier.h"
19 #include "net/base/host_port_pair.h"
19 #include "net/base/io_buffer.h" 20 #include "net/base/io_buffer.h"
20 #include "net/base/net_errors.h" 21 #include "net/base/net_errors.h"
21 #include "net/base/net_log.h" 22 #include "net/base/net_log.h"
22 #include "net/base/ssl_cert_request_info.h" 23 #include "net/base/ssl_cert_request_info.h"
23 #include "net/base/ssl_connection_status_flags.h" 24 #include "net/base/ssl_connection_status_flags.h"
24 #include "net/base/ssl_info.h" 25 #include "net/base/ssl_info.h"
25 #include "net/socket/client_socket_handle.h" 26 #include "net/socket/client_socket_handle.h"
26 #include "net/socket/ssl_error_params.h" 27 #include "net/socket/ssl_error_params.h"
27 28
28 // Welcome to Mac SSL. We've been waiting for you. 29 // Welcome to Mac SSL. We've been waiting for you.
(...skipping 481 matching lines...) Expand 10 before | Expand all | Expand 10 after
510 ciphers_.push_back(supported_ciphers[i]); 511 ciphers_.push_back(supported_ciphers[i]);
511 } 512 }
512 } 513 }
513 514
514 } // namespace 515 } // namespace
515 516
516 //----------------------------------------------------------------------------- 517 //-----------------------------------------------------------------------------
517 518
518 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket, 519 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket,
519 const std::string& hostname, 520 const std::string& hostname,
521 uint16 port,
520 const SSLConfig& ssl_config) 522 const SSLConfig& ssl_config)
521 : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete), 523 : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete),
522 transport_read_callback_(this, 524 transport_read_callback_(this,
523 &SSLClientSocketMac::OnTransportReadComplete), 525 &SSLClientSocketMac::OnTransportReadComplete),
524 transport_write_callback_(this, 526 transport_write_callback_(this,
525 &SSLClientSocketMac::OnTransportWriteComplete), 527 &SSLClientSocketMac::OnTransportWriteComplete),
526 transport_(transport_socket), 528 transport_(transport_socket),
527 hostname_(hostname), 529 hostname_(hostname),
530 port_(port),
528 ssl_config_(ssl_config), 531 ssl_config_(ssl_config),
529 user_connect_callback_(NULL), 532 user_connect_callback_(NULL),
530 user_read_callback_(NULL), 533 user_read_callback_(NULL),
531 user_write_callback_(NULL), 534 user_write_callback_(NULL),
532 user_read_buf_len_(0), 535 user_read_buf_len_(0),
533 user_write_buf_len_(0), 536 user_write_buf_len_(0),
534 next_handshake_state_(STATE_NONE), 537 next_handshake_state_(STATE_NONE),
535 renegotiating_(false), 538 renegotiating_(false),
536 client_cert_requested_(false), 539 client_cert_requested_(false),
537 ssl_context_(NULL), 540 ssl_context_(NULL),
(...skipping 197 matching lines...) Expand 10 before | Expand all | Expand 10 after
735 CertPrincipal p; 738 CertPrincipal p;
736 if (p.ParseDistinguishedName(CFDataGetBytePtr(issuer), 739 if (p.ParseDistinguishedName(CFDataGetBytePtr(issuer),
737 CFDataGetLength(issuer))) { 740 CFDataGetLength(issuer))) {
738 valid_issuers.push_back(p); 741 valid_issuers.push_back(p);
739 } 742 }
740 } 743 }
741 CFRelease(valid_issuer_names); 744 CFRelease(valid_issuer_names);
742 } 745 }
743 746
744 // Now get the available client certs whose issuers are allowed by the server. 747 // Now get the available client certs whose issuers are allowed by the server.
745 cert_request_info->host_and_port = hostname_; 748 cert_request_info->host_and_port = HostPortPair(hostname_, port_).ToString();
746 cert_request_info->client_certs.clear(); 749 cert_request_info->client_certs.clear();
750 // TODO(rch): we should consider passing a host-port pair as the first
751 // argument to X509Certificate::GetSSLClientCertificates.
747 X509Certificate::GetSSLClientCertificates(hostname_, 752 X509Certificate::GetSSLClientCertificates(hostname_,
748 valid_issuers, 753 valid_issuers,
749 &cert_request_info->client_certs); 754 &cert_request_info->client_certs);
750 VLOG(1) << "Asking user to choose between " 755 VLOG(1) << "Asking user to choose between "
751 << cert_request_info->client_certs.size() << " client certs..."; 756 << cert_request_info->client_certs.size() << " client certs...";
752 } 757 }
753 758
754 SSLClientSocket::NextProtoStatus 759 SSLClientSocket::NextProtoStatus
755 SSLClientSocketMac::GetNextProto(std::string* proto) { 760 SSLClientSocketMac::GetNextProto(std::string* proto) {
756 proto->clear(); 761 proto->clear();
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
836 // different peers, which puts us through certificate validation again 841 // different peers, which puts us through certificate validation again
837 // and catches hostname/certificate name mismatches. 842 // and catches hostname/certificate name mismatches.
838 AddressList address; 843 AddressList address;
839 int rv = transport_->socket()->GetPeerAddress(&address); 844 int rv = transport_->socket()->GetPeerAddress(&address);
840 if (rv != OK) 845 if (rv != OK)
841 return rv; 846 return rv;
842 const struct addrinfo* ai = address.head(); 847 const struct addrinfo* ai = address.head();
843 std::string peer_id(hostname_); 848 std::string peer_id(hostname_);
844 peer_id += std::string(reinterpret_cast<char*>(ai->ai_addr), 849 peer_id += std::string(reinterpret_cast<char*>(ai->ai_addr),
845 ai->ai_addrlen); 850 ai->ai_addrlen);
846 851 peer_id += port_;
847 // SSLSetPeerID() treats peer_id as a binary blob, and makes its 852 // SSLSetPeerID() treats peer_id as a binary blob, and makes its
848 // own copy. 853 // own copy.
849 status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length()); 854 status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
850 if (status) 855 if (status)
851 return NetErrorFromOSStatus(status); 856 return NetErrorFromOSStatus(status);
852 857
853 return OK; 858 return OK;
854 } 859 }
855 860
856 void SSLClientSocketMac::DoConnectCallback(int rv) { 861 void SSLClientSocketMac::DoConnectCallback(int rv) {
(...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after
1318 if (rv < 0 && rv != ERR_IO_PENDING) { 1323 if (rv < 0 && rv != ERR_IO_PENDING) {
1319 us->write_io_buf_ = NULL; 1324 us->write_io_buf_ = NULL;
1320 return OSStatusFromNetError(rv); 1325 return OSStatusFromNetError(rv);
1321 } 1326 }
1322 1327
1323 // always lie to our caller 1328 // always lie to our caller
1324 return noErr; 1329 return noErr;
1325 } 1330 }
1326 1331
1327 } // namespace net 1332 } // namespace net
OLDNEW
« net/socket/client_socket_factory.h ('K') | « net/socket/ssl_client_socket_mac.h ('k') | net/socket/ssl_client_socket_nss.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698