OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
56 #include <secerr.h> | 56 #include <secerr.h> |
57 #include <sechash.h> | 57 #include <sechash.h> |
58 #include <ssl.h> | 58 #include <ssl.h> |
59 #include <sslerr.h> | 59 #include <sslerr.h> |
60 #include <sslproto.h> | 60 #include <sslproto.h> |
61 | 61 |
62 #include <limits> | 62 #include <limits> |
63 | 63 |
64 #include "base/compiler_specific.h" | 64 #include "base/compiler_specific.h" |
65 #include "base/metrics/histogram.h" | 65 #include "base/metrics/histogram.h" |
| 66 #include "base/lazy_instance.h" |
66 #include "base/logging.h" | 67 #include "base/logging.h" |
67 #include "base/nss_util.h" | 68 #include "base/nss_util.h" |
68 #include "base/singleton.h" | |
69 #include "base/string_number_conversions.h" | 69 #include "base/string_number_conversions.h" |
70 #include "base/string_util.h" | 70 #include "base/string_util.h" |
71 #include "base/stringprintf.h" | 71 #include "base/stringprintf.h" |
72 #include "base/thread_restrictions.h" | 72 #include "base/thread_restrictions.h" |
73 #include "base/values.h" | 73 #include "base/values.h" |
74 #include "net/base/address_list.h" | 74 #include "net/base/address_list.h" |
75 #include "net/base/cert_status_flags.h" | 75 #include "net/base/cert_status_flags.h" |
76 #include "net/base/cert_verifier.h" | 76 #include "net/base/cert_verifier.h" |
77 #include "net/base/connection_type_histograms.h" | 77 #include "net/base/connection_type_histograms.h" |
78 #include "net/base/dns_util.h" | 78 #include "net/base/dns_util.h" |
(...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
178 | 178 |
179 // All other SSL options are set per-session by SSLClientSocket. | 179 // All other SSL options are set per-session by SSLClientSocket. |
180 } | 180 } |
181 | 181 |
182 ~NSSSSLInitSingleton() { | 182 ~NSSSSLInitSingleton() { |
183 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. | 183 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. |
184 SSL_ClearSessionCache(); | 184 SSL_ClearSessionCache(); |
185 } | 185 } |
186 }; | 186 }; |
187 | 187 |
| 188 static base::LazyInstance<NSSSSLInitSingleton> g_nss_ssl_init_singleton( |
| 189 base::LINKER_INITIALIZED); |
| 190 |
188 // Initialize the NSS SSL library if it isn't already initialized. This must | 191 // Initialize the NSS SSL library if it isn't already initialized. This must |
189 // be called before any other NSS SSL functions. This function is | 192 // be called before any other NSS SSL functions. This function is |
190 // thread-safe, and the NSS SSL library will only ever be initialized once. | 193 // thread-safe, and the NSS SSL library will only ever be initialized once. |
191 // The NSS SSL library will be properly shut down on program exit. | 194 // The NSS SSL library will be properly shut down on program exit. |
192 void EnsureNSSSSLInit() { | 195 void EnsureNSSSSLInit() { |
193 // Initializing SSL causes us to do blocking IO. | 196 // Initializing SSL causes us to do blocking IO. |
194 // Temporarily allow it until we fix | 197 // Temporarily allow it until we fix |
195 // http://code.google.com/p/chromium/issues/detail?id=59847 | 198 // http://code.google.com/p/chromium/issues/detail?id=59847 |
196 base::ThreadRestrictions::ScopedAllowIO allow_io; | 199 base::ThreadRestrictions::ScopedAllowIO allow_io; |
197 | 200 |
198 Singleton<NSSSSLInitSingleton>::get(); | 201 g_nss_ssl_init_singleton.Get(); |
199 } | 202 } |
200 | 203 |
201 // The default error mapping function. | 204 // The default error mapping function. |
202 // Maps an NSPR error code to a network error code. | 205 // Maps an NSPR error code to a network error code. |
203 int MapNSPRError(PRErrorCode err) { | 206 int MapNSPRError(PRErrorCode err) { |
204 // TODO(port): fill this out as we learn what's important | 207 // TODO(port): fill this out as we learn what's important |
205 switch (err) { | 208 switch (err) { |
206 case PR_WOULD_BLOCK_ERROR: | 209 case PR_WOULD_BLOCK_ERROR: |
207 return ERR_IO_PENDING; | 210 return ERR_IO_PENDING; |
208 case PR_ADDRESS_NOT_SUPPORTED_ERROR: // For connect. | 211 case PR_ADDRESS_NOT_SUPPORTED_ERROR: // For connect. |
(...skipping 2398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2607 case SSL_CONNECTION_VERSION_TLS1_1: | 2610 case SSL_CONNECTION_VERSION_TLS1_1: |
2608 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); | 2611 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); |
2609 break; | 2612 break; |
2610 case SSL_CONNECTION_VERSION_TLS1_2: | 2613 case SSL_CONNECTION_VERSION_TLS1_2: |
2611 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); | 2614 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); |
2612 break; | 2615 break; |
2613 }; | 2616 }; |
2614 } | 2617 } |
2615 | 2618 |
2616 } // namespace net | 2619 } // namespace net |
OLD | NEW |