| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 318 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 329 if (rv != SECSuccess) | 329 if (rv != SECSuccess) |
| 330 return ERR_UNEXPECTED; | 330 return ERR_UNEXPECTED; |
| 331 | 331 |
| 332 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | 332 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); |
| 333 if (rv != SECSuccess) | 333 if (rv != SECSuccess) |
| 334 return ERR_UNEXPECTED; | 334 return ERR_UNEXPECTED; |
| 335 | 335 |
| 336 // Tell SSL the hostname we're trying to connect to. | 336 // Tell SSL the hostname we're trying to connect to. |
| 337 SSL_SetURL(nss_fd_, hostname_.c_str()); | 337 SSL_SetURL(nss_fd_, hostname_.c_str()); |
| 338 | 338 |
| 339 // Set the peer ID for session reuse. This is necessary when we create an |
| 340 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address |
| 341 // rather than the destination server's address in that case. |
| 342 // TODO(wtc): port in peername is not the server's port when a proxy is used. |
| 343 std::string peer_id = StringPrintf("%s:%d", hostname_.c_str(), |
| 344 PR_ntohs(PR_NetAddrInetPort(&peername))); |
| 345 rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); |
| 346 if (rv != SECSuccess) |
| 347 LOG(INFO) << "SSL_SetSockPeerID failed: peer_id=" << peer_id; |
| 348 |
| 339 // Tell SSL we're a client; needed if not letting NSPR do socket I/O | 349 // Tell SSL we're a client; needed if not letting NSPR do socket I/O |
| 340 SSL_ResetHandshake(nss_fd_, 0); | 350 SSL_ResetHandshake(nss_fd_, 0); |
| 341 | 351 |
| 342 return OK; | 352 return OK; |
| 343 } | 353 } |
| 344 | 354 |
| 345 void SSLClientSocketNSS::InvalidateSessionIfBadCertificate() { | 355 void SSLClientSocketNSS::InvalidateSessionIfBadCertificate() { |
| 346 if (UpdateServerCert() != NULL && | 356 if (UpdateServerCert() != NULL && |
| 347 ssl_config_.IsAllowedBadCert(server_cert_)) { | 357 ssl_config_.IsAllowedBadCert(server_cert_)) { |
| 348 SSL_InvalidateSession(nss_fd_); | 358 SSL_InvalidateSession(nss_fd_); |
| (...skipping 742 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1091 } | 1101 } |
| 1092 PRErrorCode prerr = PR_GetError(); | 1102 PRErrorCode prerr = PR_GetError(); |
| 1093 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1103 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 1094 return ERR_IO_PENDING; | 1104 return ERR_IO_PENDING; |
| 1095 } | 1105 } |
| 1096 LeaveFunction(""); | 1106 LeaveFunction(""); |
| 1097 return NetErrorFromNSPRError(prerr); | 1107 return NetErrorFromNSPRError(prerr); |
| 1098 } | 1108 } |
| 1099 | 1109 |
| 1100 } // namespace net | 1110 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 437046:
Call SSL_SetSockPeerID for proper SSL session reuse, especially when we... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/