| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 57 #include <secerr.h> | 57 #include <secerr.h> |
| 58 #include <ssl.h> | 58 #include <ssl.h> |
| 59 #include <sslerr.h> | 59 #include <sslerr.h> |
| 60 #include <pk11pub.h> | 60 #include <pk11pub.h> |
| 61 | 61 |
| 62 #include "base/compiler_specific.h" | 62 #include "base/compiler_specific.h" |
| 63 #include "base/logging.h" | 63 #include "base/logging.h" |
| 64 #include "base/nss_util.h" | 64 #include "base/nss_util.h" |
| 65 #include "base/singleton.h" | 65 #include "base/singleton.h" |
| 66 #include "base/string_util.h" | 66 #include "base/string_util.h" |
| 67 #include "net/base/address_list.h" |
| 67 #include "net/base/cert_verifier.h" | 68 #include "net/base/cert_verifier.h" |
| 68 #include "net/base/io_buffer.h" | 69 #include "net/base/io_buffer.h" |
| 69 #include "net/base/load_log.h" | 70 #include "net/base/load_log.h" |
| 70 #include "net/base/net_errors.h" | 71 #include "net/base/net_errors.h" |
| 71 #include "net/base/ssl_cert_request_info.h" | 72 #include "net/base/ssl_cert_request_info.h" |
| 72 #include "net/base/ssl_info.h" | 73 #include "net/base/ssl_info.h" |
| 74 #include "net/base/sys_addrinfo.h" |
| 73 #include "net/ocsp/nss_ocsp.h" | 75 #include "net/ocsp/nss_ocsp.h" |
| 74 | 76 |
| 75 static const int kRecvBufferSize = 4096; | 77 static const int kRecvBufferSize = 4096; |
| 76 | 78 |
| 77 namespace net { | 79 namespace net { |
| 78 | 80 |
| 79 // State machines are easier to debug if you log state transitions. | 81 // State machines are easier to debug if you log state transitions. |
| 80 // Enable these if you want to see what's going on. | 82 // Enable these if you want to see what's going on. |
| 81 #if 1 | 83 #if 1 |
| 82 #define EnterFunction(x) | 84 #define EnterFunction(x) |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 306 | 308 |
| 307 int SSLClientSocketNSS::InitializeSSLOptions() { | 309 int SSLClientSocketNSS::InitializeSSLOptions() { |
| 308 // Transport connected, now hook it up to nss | 310 // Transport connected, now hook it up to nss |
| 309 // TODO(port): specify rx and tx buffer sizes separately | 311 // TODO(port): specify rx and tx buffer sizes separately |
| 310 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); | 312 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); |
| 311 if (nss_fd_ == NULL) { | 313 if (nss_fd_ == NULL) { |
| 312 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. | 314 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. |
| 313 } | 315 } |
| 314 | 316 |
| 315 // Tell NSS who we're connected to | 317 // Tell NSS who we're connected to |
| 316 PRNetAddr peername; | 318 AddressList peer_address; |
| 317 socklen_t len = sizeof(PRNetAddr); | 319 int err = transport_->GetPeerAddress(&peer_address); |
| 318 int err = transport_->GetPeerName((struct sockaddr *)&peername, &len); | 320 if (err != OK) |
| 319 if (err) { | 321 return err; |
| 320 DLOG(ERROR) << "GetPeerName failed"; | 322 const struct addrinfo* ai = peer_address.head(); |
| 321 // TODO(wtc): Change GetPeerName to return a network error code. | 323 memio_SetPeerName(nss_fd_, ai->ai_addr, ai->ai_addrlen); |
| 322 return ERR_UNEXPECTED; | |
| 323 } | |
| 324 memio_SetPeerName(nss_fd_, &peername); | |
| 325 | 324 |
| 326 // Grab pointer to buffers | 325 // Grab pointer to buffers |
| 327 nss_bufs_ = memio_GetSecret(nss_fd_); | 326 nss_bufs_ = memio_GetSecret(nss_fd_); |
| 328 | 327 |
| 329 /* Create SSL state machine */ | 328 /* Create SSL state machine */ |
| 330 /* Push SSL onto our fake I/O socket */ | 329 /* Push SSL onto our fake I/O socket */ |
| 331 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); | 330 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); |
| 332 if (nss_fd_ == NULL) { | 331 if (nss_fd_ == NULL) { |
| 333 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. | 332 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. |
| 334 } | 333 } |
| (...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 422 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | 421 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); |
| 423 if (rv != SECSuccess) | 422 if (rv != SECSuccess) |
| 424 return ERR_UNEXPECTED; | 423 return ERR_UNEXPECTED; |
| 425 | 424 |
| 426 // Tell SSL the hostname we're trying to connect to. | 425 // Tell SSL the hostname we're trying to connect to. |
| 427 SSL_SetURL(nss_fd_, hostname_.c_str()); | 426 SSL_SetURL(nss_fd_, hostname_.c_str()); |
| 428 | 427 |
| 429 // Set the peer ID for session reuse. This is necessary when we create an | 428 // Set the peer ID for session reuse. This is necessary when we create an |
| 430 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address | 429 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address |
| 431 // rather than the destination server's address in that case. | 430 // rather than the destination server's address in that case. |
| 432 // TODO(wtc): port in peername is not the server's port when a proxy is used. | 431 // TODO(wtc): port in |peer_address| is not the server's port when a proxy is |
| 432 // used. |
| 433 std::string peer_id = StringPrintf("%s:%d", hostname_.c_str(), | 433 std::string peer_id = StringPrintf("%s:%d", hostname_.c_str(), |
| 434 PR_ntohs(PR_NetAddrInetPort(&peername))); | 434 peer_address.GetPort()); |
| 435 rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); | 435 rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); |
| 436 if (rv != SECSuccess) | 436 if (rv != SECSuccess) |
| 437 LOG(INFO) << "SSL_SetSockPeerID failed: peer_id=" << peer_id; | 437 LOG(INFO) << "SSL_SetSockPeerID failed: peer_id=" << peer_id; |
| 438 | 438 |
| 439 // Tell SSL we're a client; needed if not letting NSPR do socket I/O | 439 // Tell SSL we're a client; needed if not letting NSPR do socket I/O |
| 440 SSL_ResetHandshake(nss_fd_, 0); | 440 SSL_ResetHandshake(nss_fd_, 0); |
| 441 | 441 |
| 442 return OK; | 442 return OK; |
| 443 } | 443 } |
| 444 | 444 |
| (...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 508 // alert message from the server, and return false in that case. Although | 508 // alert message from the server, and return false in that case. Although |
| 509 // the close_notify alert message means EOF in the SSL layer, it is just | 509 // the close_notify alert message means EOF in the SSL layer, it is just |
| 510 // bytes to the transport layer below, so transport_->IsConnectedAndIdle() | 510 // bytes to the transport layer below, so transport_->IsConnectedAndIdle() |
| 511 // returns the desired false when we receive close_notify. | 511 // returns the desired false when we receive close_notify. |
| 512 EnterFunction(""); | 512 EnterFunction(""); |
| 513 bool ret = completed_handshake_ && transport_->IsConnectedAndIdle(); | 513 bool ret = completed_handshake_ && transport_->IsConnectedAndIdle(); |
| 514 LeaveFunction(""); | 514 LeaveFunction(""); |
| 515 return ret; | 515 return ret; |
| 516 } | 516 } |
| 517 | 517 |
| 518 int SSLClientSocketNSS::GetPeerName(struct sockaddr* name, socklen_t* namelen) { | 518 int SSLClientSocketNSS::GetPeerAddress(AddressList* address) const { |
| 519 return transport_->GetPeerName(name, namelen); | 519 return transport_->GetPeerAddress(address); |
| 520 } | 520 } |
| 521 | 521 |
| 522 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len, | 522 int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len, |
| 523 CompletionCallback* callback) { | 523 CompletionCallback* callback) { |
| 524 EnterFunction(buf_len); | 524 EnterFunction(buf_len); |
| 525 DCHECK(completed_handshake_); | 525 DCHECK(completed_handshake_); |
| 526 DCHECK(next_handshake_state_ == STATE_NONE); | 526 DCHECK(next_handshake_state_ == STATE_NONE); |
| 527 DCHECK(!user_read_callback_); | 527 DCHECK(!user_read_callback_); |
| 528 DCHECK(!user_connect_callback_); | 528 DCHECK(!user_connect_callback_); |
| 529 DCHECK(!user_read_buf_); | 529 DCHECK(!user_read_buf_); |
| (...skipping 775 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1305 } | 1305 } |
| 1306 PRErrorCode prerr = PR_GetError(); | 1306 PRErrorCode prerr = PR_GetError(); |
| 1307 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1307 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 1308 return ERR_IO_PENDING; | 1308 return ERR_IO_PENDING; |
| 1309 } | 1309 } |
| 1310 LeaveFunction(""); | 1310 LeaveFunction(""); |
| 1311 return MapNSPRError(prerr); | 1311 return MapNSPRError(prerr); |
| 1312 } | 1312 } |
| 1313 | 1313 |
| 1314 } // namespace net | 1314 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 598071:
Really connect to the same server in FTP network transaction. (Closed)
