OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_mac.h" | 5 #include "net/socket/ssl_client_socket_mac.h" |
6 | 6 |
7 #include <CoreServices/CoreServices.h> | 7 #include <CoreServices/CoreServices.h> |
8 #include <netdb.h> | 8 #include <netdb.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
11 | 11 |
12 #include <algorithm> | 12 #include <algorithm> |
13 | 13 |
| 14 #include "base/lazy_instance.h" |
14 #include "base/mac/scoped_cftyperef.h" | 15 #include "base/mac/scoped_cftyperef.h" |
15 #include "base/singleton.h" | |
16 #include "base/string_util.h" | 16 #include "base/string_util.h" |
17 #include "net/base/address_list.h" | 17 #include "net/base/address_list.h" |
18 #include "net/base/cert_verifier.h" | 18 #include "net/base/cert_verifier.h" |
19 #include "net/base/io_buffer.h" | 19 #include "net/base/io_buffer.h" |
20 #include "net/base/net_errors.h" | 20 #include "net/base/net_errors.h" |
21 #include "net/base/net_log.h" | 21 #include "net/base/net_log.h" |
22 #include "net/base/ssl_cert_request_info.h" | 22 #include "net/base/ssl_cert_request_info.h" |
23 #include "net/base/ssl_connection_status_flags.h" | 23 #include "net/base/ssl_connection_status_flags.h" |
24 #include "net/base/ssl_info.h" | 24 #include "net/base/ssl_info.h" |
25 #include "net/socket/client_socket_handle.h" | 25 #include "net/socket/client_socket_handle.h" |
(...skipping 442 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
468 const std::vector<uint16>& disabled_cipher_suites_; | 468 const std::vector<uint16>& disabled_cipher_suites_; |
469 }; | 469 }; |
470 | 470 |
471 // Class to determine what cipher suites are available and which cipher | 471 // Class to determine what cipher suites are available and which cipher |
472 // suites should be enabled, based on the overall security policy. | 472 // suites should be enabled, based on the overall security policy. |
473 class EnabledCipherSuites { | 473 class EnabledCipherSuites { |
474 public: | 474 public: |
475 const std::vector<SSLCipherSuite>& ciphers() const { return ciphers_; } | 475 const std::vector<SSLCipherSuite>& ciphers() const { return ciphers_; } |
476 | 476 |
477 private: | 477 private: |
478 friend struct DefaultSingletonTraits<EnabledCipherSuites>; | 478 friend struct base::DefaultLazyInstanceTraits<EnabledCipherSuites>; |
479 EnabledCipherSuites(); | 479 EnabledCipherSuites(); |
480 ~EnabledCipherSuites() {} | 480 ~EnabledCipherSuites() {} |
481 | 481 |
482 std::vector<SSLCipherSuite> ciphers_; | 482 std::vector<SSLCipherSuite> ciphers_; |
483 | 483 |
484 DISALLOW_COPY_AND_ASSIGN(EnabledCipherSuites); | 484 DISALLOW_COPY_AND_ASSIGN(EnabledCipherSuites); |
485 }; | 485 }; |
486 | 486 |
| 487 static base::LazyInstance<EnabledCipherSuites> g_enabled_cipher_suites( |
| 488 base::LINKER_INITIALIZED); |
| 489 |
487 EnabledCipherSuites::EnabledCipherSuites() { | 490 EnabledCipherSuites::EnabledCipherSuites() { |
488 SSLContextRef ssl_context; | 491 SSLContextRef ssl_context; |
489 OSStatus status = SSLNewContext(false, &ssl_context); | 492 OSStatus status = SSLNewContext(false, &ssl_context); |
490 if (status != noErr) | 493 if (status != noErr) |
491 return; | 494 return; |
492 | 495 |
493 size_t num_supported_ciphers; | 496 size_t num_supported_ciphers; |
494 status = SSLGetNumberSupportedCiphers(ssl_context, &num_supported_ciphers); | 497 status = SSLGetNumberSupportedCiphers(ssl_context, &num_supported_ciphers); |
495 if (status != noErr) { | 498 if (status != noErr) { |
496 SSLDisposeContext(ssl_context); | 499 SSLDisposeContext(ssl_context); |
(...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
779 if (status) | 782 if (status) |
780 return NetErrorFromOSStatus(status); | 783 return NetErrorFromOSStatus(status); |
781 | 784 |
782 status = SSLSetProtocolVersionEnabled(ssl_context_, | 785 status = SSLSetProtocolVersionEnabled(ssl_context_, |
783 kTLSProtocol1, | 786 kTLSProtocol1, |
784 ssl_config_.tls1_enabled); | 787 ssl_config_.tls1_enabled); |
785 if (status) | 788 if (status) |
786 return NetErrorFromOSStatus(status); | 789 return NetErrorFromOSStatus(status); |
787 | 790 |
788 std::vector<SSLCipherSuite> enabled_ciphers = | 791 std::vector<SSLCipherSuite> enabled_ciphers = |
789 Singleton<EnabledCipherSuites>::get()->ciphers(); | 792 g_enabled_cipher_suites.Get().ciphers(); |
790 | 793 |
791 CipherSuiteIsDisabledFunctor is_disabled_cipher( | 794 CipherSuiteIsDisabledFunctor is_disabled_cipher( |
792 ssl_config_.disabled_cipher_suites); | 795 ssl_config_.disabled_cipher_suites); |
793 std::vector<SSLCipherSuite>::iterator new_end = | 796 std::vector<SSLCipherSuite>::iterator new_end = |
794 std::remove_if(enabled_ciphers.begin(), enabled_ciphers.end(), | 797 std::remove_if(enabled_ciphers.begin(), enabled_ciphers.end(), |
795 is_disabled_cipher); | 798 is_disabled_cipher); |
796 if (new_end != enabled_ciphers.end()) | 799 if (new_end != enabled_ciphers.end()) |
797 enabled_ciphers.erase(new_end, enabled_ciphers.end()); | 800 enabled_ciphers.erase(new_end, enabled_ciphers.end()); |
798 | 801 |
799 status = SSLSetEnabledCiphers( | 802 status = SSLSetEnabledCiphers( |
(...skipping 519 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1319 if (rv < 0 && rv != ERR_IO_PENDING) { | 1322 if (rv < 0 && rv != ERR_IO_PENDING) { |
1320 us->write_io_buf_ = NULL; | 1323 us->write_io_buf_ = NULL; |
1321 return OSStatusFromNetError(rv); | 1324 return OSStatusFromNetError(rv); |
1322 } | 1325 } |
1323 | 1326 |
1324 // always lie to our caller | 1327 // always lie to our caller |
1325 return noErr; | 1328 return noErr; |
1326 } | 1329 } |
1327 | 1330 |
1328 } // namespace net | 1331 } // namespace net |
OLD | NEW |