| OLD | NEW |
|---|
| 1 // Copyright (c) 2008-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2008-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_mac.h" | 5 #include "net/socket/ssl_client_socket_mac.h" |
| 6 | 6 |
| 7 #include <CoreServices/CoreServices.h> | 7 #include <CoreServices/CoreServices.h> |
| 8 #include <netdb.h> |
| 9 #include <sys/socket.h> |
| 10 #include <sys/types.h> |
| 8 | 11 |
| 9 #include "base/scoped_cftyperef.h" | 12 #include "base/scoped_cftyperef.h" |
| 10 #include "base/singleton.h" | 13 #include "base/singleton.h" |
| 11 #include "base/string_util.h" | 14 #include "base/string_util.h" |
| 15 #include "net/base/address_list.h" |
| 12 #include "net/base/cert_verifier.h" | 16 #include "net/base/cert_verifier.h" |
| 13 #include "net/base/io_buffer.h" | 17 #include "net/base/io_buffer.h" |
| 14 #include "net/base/load_log.h" | 18 #include "net/base/load_log.h" |
| 15 #include "net/base/net_errors.h" | 19 #include "net/base/net_errors.h" |
| 16 #include "net/base/ssl_cert_request_info.h" | 20 #include "net/base/ssl_cert_request_info.h" |
| 17 #include "net/base/ssl_info.h" | 21 #include "net/base/ssl_info.h" |
| 18 | 22 |
| 19 // Welcome to Mac SSL. We've been waiting for you. | 23 // Welcome to Mac SSL. We've been waiting for you. |
| 20 // | 24 // |
| 21 // The Mac SSL implementation is, like the Windows and NSS implementations, a | 25 // The Mac SSL implementation is, like the Windows and NSS implementations, a |
| (...skipping 550 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 572 // Unlike IsConnected, this method doesn't return a false positive. | 576 // Unlike IsConnected, this method doesn't return a false positive. |
| 573 // | 577 // |
| 574 // Strictly speaking, we should check if we have received the close_notify | 578 // Strictly speaking, we should check if we have received the close_notify |
| 575 // alert message from the server, and return false in that case. Although | 579 // alert message from the server, and return false in that case. Although |
| 576 // the close_notify alert message means EOF in the SSL layer, it is just | 580 // the close_notify alert message means EOF in the SSL layer, it is just |
| 577 // bytes to the transport layer below, so transport_->IsConnectedAndIdle() | 581 // bytes to the transport layer below, so transport_->IsConnectedAndIdle() |
| 578 // returns the desired false when we receive close_notify. | 582 // returns the desired false when we receive close_notify. |
| 579 return completed_handshake_ && transport_->IsConnectedAndIdle(); | 583 return completed_handshake_ && transport_->IsConnectedAndIdle(); |
| 580 } | 584 } |
| 581 | 585 |
| 582 int SSLClientSocketMac::GetPeerName(struct sockaddr* name, socklen_t* namelen) { | 586 int SSLClientSocketMac::GetPeerAddress(AddressList* address) const { |
| 583 return transport_->GetPeerName(name, namelen); | 587 return transport_->GetPeerAddress(address); |
| 584 } | 588 } |
| 585 | 589 |
| 586 int SSLClientSocketMac::Read(IOBuffer* buf, int buf_len, | 590 int SSLClientSocketMac::Read(IOBuffer* buf, int buf_len, |
| 587 CompletionCallback* callback) { | 591 CompletionCallback* callback) { |
| 588 DCHECK(completed_handshake_); | 592 DCHECK(completed_handshake_); |
| 589 DCHECK(!user_read_callback_); | 593 DCHECK(!user_read_callback_); |
| 590 DCHECK(!user_read_buf_); | 594 DCHECK(!user_read_buf_); |
| 591 | 595 |
| 592 user_read_buf_ = buf; | 596 user_read_buf_ = buf; |
| 593 user_read_buf_len_ = buf_len; | 597 user_read_buf_len_ = buf_len; |
| (...skipping 144 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 738 kSSLSessionOptionBreakOnCertRequested, | 742 kSSLSessionOptionBreakOnCertRequested, |
| 739 true); | 743 true); |
| 740 if (status) | 744 if (status) |
| 741 return NetErrorFromOSStatus(status); | 745 return NetErrorFromOSStatus(status); |
| 742 | 746 |
| 743 // Concatenate the hostname and peer address to use as the peer ID. To | 747 // Concatenate the hostname and peer address to use as the peer ID. To |
| 744 // resume a session, we must connect to the same server on the same port | 748 // resume a session, we must connect to the same server on the same port |
| 745 // using the same hostname (i.e., localhost and 127.0.0.1 are considered | 749 // using the same hostname (i.e., localhost and 127.0.0.1 are considered |
| 746 // different peers, which puts us through certificate validation again | 750 // different peers, which puts us through certificate validation again |
| 747 // and catches hostname/certificate name mismatches. | 751 // and catches hostname/certificate name mismatches. |
| 748 struct sockaddr_storage addr; | 752 AddressList address; |
| 749 socklen_t addr_length = sizeof(struct sockaddr_storage); | 753 int rv = transport_->GetPeerAddress(&address); |
| 750 memset(&addr, 0, sizeof(addr)); | 754 if (rv != OK) |
| 751 if (!transport_->GetPeerName(reinterpret_cast<struct sockaddr*>(&addr), | 755 return rv; |
| 752 &addr_length)) { | 756 const struct addrinfo* ai = address.head(); |
| 753 // Assemble the socket hostname and address into a single buffer. | 757 std::string peer_id(hostname_); |
| 754 std::vector<char> peer_id(hostname_.begin(), hostname_.end()); | 758 peer_id += std::string(reinterpret_cast<char*>(ai->ai_addr), |
| 755 peer_id.insert(peer_id.end(), reinterpret_cast<char*>(&addr), | 759 ai->ai_addrlen); |
| 756 reinterpret_cast<char*>(&addr) + addr_length); | |
| 757 | 760 |
| 758 // SSLSetPeerID() treats peer_id as a binary blob, and makes its | 761 // SSLSetPeerID() treats peer_id as a binary blob, and makes its |
| 759 // own copy. | 762 // own copy. |
| 760 status = SSLSetPeerID(ssl_context_, &peer_id[0], peer_id.size()); | 763 status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length()); |
| 761 if (status) | 764 if (status) |
| 762 return NetErrorFromOSStatus(status); | 765 return NetErrorFromOSStatus(status); |
| 763 } | |
| 764 } else { | 766 } else { |
| 765 // If I can't break on cert-requested, then set the cert up-front: | 767 // If I can't break on cert-requested, then set the cert up-front: |
| 766 status = SetClientCert(); | 768 status = SetClientCert(); |
| 767 if (status) | 769 if (status) |
| 768 return NetErrorFromOSStatus(status); | 770 return NetErrorFromOSStatus(status); |
| 769 } | 771 } |
| 770 | 772 |
| 771 return OK; | 773 return OK; |
| 772 } | 774 } |
| 773 | 775 |
| (...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1164 if (rv < 0 && rv != ERR_IO_PENDING) { | 1166 if (rv < 0 && rv != ERR_IO_PENDING) { |
| 1165 us->write_io_buf_ = NULL; | 1167 us->write_io_buf_ = NULL; |
| 1166 return OSStatusFromNetError(rv); | 1168 return OSStatusFromNetError(rv); |
| 1167 } | 1169 } |
| 1168 | 1170 |
| 1169 // always lie to our caller | 1171 // always lie to our caller |
| 1170 return noErr; | 1172 return noErr; |
| 1171 } | 1173 } |
| 1172 | 1174 |
| 1173 } // namespace net | 1175 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 598071:
Really connect to the same server in FTP network transaction. (Closed)
