Chromium Code Reviews Chromium Code Reviews
Issue 4339001:
Correctly handle SSL Client Authentication requests when connecting... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/| Index: net/socket/ssl_client_socket_mac.cc |
| =================================================================== |
| --- net/socket/ssl_client_socket_mac.cc (revision 65819) |
| +++ net/socket/ssl_client_socket_mac.cc (working copy) |
| @@ -16,6 +16,7 @@ |
| #include "base/string_util.h" |
| #include "net/base/address_list.h" |
| #include "net/base/cert_verifier.h" |
| +#include "net/base/host_port_pair.h" |
| #include "net/base/io_buffer.h" |
| #include "net/base/net_errors.h" |
| #include "net/base/net_log.h" |
| @@ -516,7 +517,7 @@ |
| //----------------------------------------------------------------------------- |
| SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket, |
| - const std::string& hostname, |
| + const HostPortPair& host_and_port, |
| const SSLConfig& ssl_config) |
| : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete), |
| transport_read_callback_(this, |
| @@ -524,7 +525,7 @@ |
| transport_write_callback_(this, |
| &SSLClientSocketMac::OnTransportWriteComplete), |
| transport_(transport_socket), |
| - hostname_(hostname), |
| + host_and_port_(host_and_port), |
| ssl_config_(ssl_config), |
| user_connect_callback_(NULL), |
| user_read_callback_(NULL), |
| @@ -742,9 +743,11 @@ |
| } |
| // Now get the available client certs whose issuers are allowed by the server. |
| - cert_request_info->host_and_port = hostname_; |
| + cert_request_info->host_and_port = host_and_port_.ToString(); |
| cert_request_info->client_certs.clear(); |
| - X509Certificate::GetSSLClientCertificates(hostname_, |
| + // TODO(rch): we should consider passing a host-port pair as the first |
| + // argument to X509Certificate::GetSSLClientCertificates. |
| + X509Certificate::GetSSLClientCertificates(host_and_port.host(), |
| valid_issuers, |
| &cert_request_info->client_certs); |
| VLOG(1) << "Asking user to choose between " |
| @@ -812,8 +815,8 @@ |
| // Passing the domain name enables the server_name TLS extension (SNI). |
| status = SSLSetPeerDomainName(ssl_context_, |
| - hostname_.data(), |
| - hostname_.length()); |
| + host_and_port_.host()_.data(), |
|
wtc
2010/11/12 00:12:55
Typo: extra '_'
Ryan Hamilton
2010/11/12 00:47:30
Done.
|
| + host_and_port_.host().length()); |
| if (status) |
| return NetErrorFromOSStatus(status); |
| @@ -840,10 +843,10 @@ |
| if (rv != OK) |
| return rv; |
| const struct addrinfo* ai = address.head(); |
| - std::string peer_id(hostname_); |
| + std::string peer_id(host_and_port_.host()); |
|
wtc
2010/11/12 00:12:55
BUG: this should say
std::string peer_id(host_an
Ryan Hamilton
2010/11/12 00:47:30
Done.
|
| peer_id += std::string(reinterpret_cast<char*>(ai->ai_addr), |
| ai->ai_addrlen); |
| - |
| + peer_id += host_and_port_.port(); |
| // SSLSetPeerID() treats peer_id as a binary blob, and makes its |
| // own copy. |
| status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length()); |
| @@ -1063,7 +1066,7 @@ |
| if (ssl_config_.verify_ev_cert) |
| flags |= X509Certificate::VERIFY_EV_CERT; |
| verifier_.reset(new CertVerifier); |
| - return verifier_->Verify(server_cert_, hostname_, flags, |
| + return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
| &server_cert_verify_result_, |
| &handshake_io_callback_); |
| } |
