OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
401 unsigned num_certs_; | 401 unsigned num_certs_; |
402 CERTCertificate** certs_; | 402 CERTCertificate** certs_; |
403 }; | 403 }; |
404 | 404 |
405 } // namespace | 405 } // namespace |
406 | 406 |
407 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, | 407 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, |
408 const HostPortPair& host_and_port, | 408 const HostPortPair& host_and_port, |
409 const SSLConfig& ssl_config, | 409 const SSLConfig& ssl_config, |
410 SSLHostInfo* ssl_host_info, | 410 SSLHostInfo* ssl_host_info, |
| 411 CertVerifier* cert_verifier, |
411 DnsCertProvenanceChecker* dns_ctx) | 412 DnsCertProvenanceChecker* dns_ctx) |
412 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( | 413 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( |
413 this, &SSLClientSocketNSS::BufferSendComplete)), | 414 this, &SSLClientSocketNSS::BufferSendComplete)), |
414 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( | 415 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( |
415 this, &SSLClientSocketNSS::BufferRecvComplete)), | 416 this, &SSLClientSocketNSS::BufferRecvComplete)), |
416 transport_send_busy_(false), | 417 transport_send_busy_(false), |
417 transport_recv_busy_(false), | 418 transport_recv_busy_(false), |
418 corked_(false), | 419 corked_(false), |
419 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( | 420 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( |
420 this, &SSLClientSocketNSS::OnHandshakeIOComplete)), | 421 this, &SSLClientSocketNSS::OnHandshakeIOComplete)), |
421 transport_(transport_socket), | 422 transport_(transport_socket), |
422 host_and_port_(host_and_port), | 423 host_and_port_(host_and_port), |
423 ssl_config_(ssl_config), | 424 ssl_config_(ssl_config), |
424 user_connect_callback_(NULL), | 425 user_connect_callback_(NULL), |
425 user_read_callback_(NULL), | 426 user_read_callback_(NULL), |
426 user_write_callback_(NULL), | 427 user_write_callback_(NULL), |
427 user_read_buf_len_(0), | 428 user_read_buf_len_(0), |
428 user_write_buf_len_(0), | 429 user_write_buf_len_(0), |
429 server_cert_nss_(NULL), | 430 server_cert_nss_(NULL), |
430 server_cert_verify_result_(NULL), | 431 server_cert_verify_result_(NULL), |
431 ssl_connection_status_(0), | 432 ssl_connection_status_(0), |
432 client_auth_cert_needed_(false), | 433 client_auth_cert_needed_(false), |
| 434 cert_verifier_(cert_verifier), |
433 handshake_callback_called_(false), | 435 handshake_callback_called_(false), |
434 completed_handshake_(false), | 436 completed_handshake_(false), |
435 pseudo_connected_(false), | 437 pseudo_connected_(false), |
436 eset_mitm_detected_(false), | 438 eset_mitm_detected_(false), |
437 predicted_cert_chain_correct_(false), | 439 predicted_cert_chain_correct_(false), |
438 peername_initialized_(false), | 440 peername_initialized_(false), |
439 dnssec_provider_(NULL), | 441 dnssec_provider_(NULL), |
440 next_handshake_state_(STATE_NONE), | 442 next_handshake_state_(STATE_NONE), |
441 nss_fd_(NULL), | 443 nss_fd_(NULL), |
442 nss_bufs_(NULL), | 444 nss_bufs_(NULL), |
(...skipping 2014 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2457 return ssl_host_info_->WaitForCertVerification(&handshake_io_callback_); | 2459 return ssl_host_info_->WaitForCertVerification(&handshake_io_callback_); |
2458 } else { | 2460 } else { |
2459 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); | 2461 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); |
2460 } | 2462 } |
2461 | 2463 |
2462 int flags = 0; | 2464 int flags = 0; |
2463 if (ssl_config_.rev_checking_enabled) | 2465 if (ssl_config_.rev_checking_enabled) |
2464 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 2466 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
2465 if (ssl_config_.verify_ev_cert) | 2467 if (ssl_config_.verify_ev_cert) |
2466 flags |= X509Certificate::VERIFY_EV_CERT; | 2468 flags |= X509Certificate::VERIFY_EV_CERT; |
2467 verifier_.reset(new CertVerifier); | 2469 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
2468 server_cert_verify_result_ = &local_server_cert_verify_result_; | 2470 server_cert_verify_result_ = &local_server_cert_verify_result_; |
2469 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 2471 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
2470 &local_server_cert_verify_result_, | 2472 &local_server_cert_verify_result_, |
2471 &handshake_io_callback_); | 2473 &handshake_io_callback_); |
2472 } | 2474 } |
2473 | 2475 |
2474 // Derived from AuthCertificateCallback() in | 2476 // Derived from AuthCertificateCallback() in |
2475 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | 2477 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. |
2476 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | 2478 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { |
2477 verifier_.reset(); | 2479 verifier_.reset(); |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2628 case SSL_CONNECTION_VERSION_TLS1_1: | 2630 case SSL_CONNECTION_VERSION_TLS1_1: |
2629 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); | 2631 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); |
2630 break; | 2632 break; |
2631 case SSL_CONNECTION_VERSION_TLS1_2: | 2633 case SSL_CONNECTION_VERSION_TLS1_2: |
2632 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); | 2634 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); |
2633 break; | 2635 break; |
2634 }; | 2636 }; |
2635 } | 2637 } |
2636 | 2638 |
2637 } // namespace net | 2639 } // namespace net |
OLD | NEW |