Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(267)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket_stream/socket_stream.cc

Issue 7401003: Don't use X509Certificate in SSLConfig. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: - Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_server_socket_unittest.cc ('k') | remoting/protocol/jingle_stream_connector.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 // 4 //
5 // TODO(ukai): code is similar with http_network_transaction.cc. We should 5 // TODO(ukai): code is similar with http_network_transaction.cc. We should
6 // think about ways to share code, if possible. 6 // think about ways to share code, if possible.
7 7
8 #include "net/socket_stream/socket_stream.h" 8 #include "net/socket_stream/socket_stream.h"
9 9
10 #include <set> 10 #include <set>
(...skipping 859 matching lines...) Expand 10 before | Expand all | Expand 10 after
870 // if it returns cert verification error. It didn't perform 870 // if it returns cert verification error. It didn't perform
871 // SSLHandshake yet. 871 // SSLHandshake yet.
872 // So, we should restart establishing connection with the 872 // So, we should restart establishing connection with the
873 // certificate in allowed bad certificates in |ssl_config_|. 873 // certificate in allowed bad certificates in |ssl_config_|.
874 // See also net/http/http_network_transaction.cc 874 // See also net/http/http_network_transaction.cc
875 // HandleCertificateError() and RestartIgnoringLastError(). 875 // HandleCertificateError() and RestartIgnoringLastError().
876 SSLClientSocket* ssl_socket = 876 SSLClientSocket* ssl_socket =
877 reinterpret_cast<SSLClientSocket*>(socket_.get()); 877 reinterpret_cast<SSLClientSocket*>(socket_.get());
878 SSLInfo ssl_info; 878 SSLInfo ssl_info;
879 ssl_socket->GetSSLInfo(&ssl_info); 879 ssl_socket->GetSSLInfo(&ssl_info);
880 if (ssl_config_.IsAllowedBadCert(ssl_info.cert, NULL)) { 880 if (ssl_info.cert == NULL ||
881 ssl_config_.IsAllowedBadCert(ssl_info.cert, NULL)) {
881 // If we already have the certificate in the set of allowed bad 882 // If we already have the certificate in the set of allowed bad
882 // certificates, we did try it and failed again, so we should not 883 // certificates, we did try it and failed again, so we should not
883 // retry again: the connection should fail at last. 884 // retry again: the connection should fail at last.
884 next_state_ = STATE_CLOSE; 885 next_state_ = STATE_CLOSE;
885 return result; 886 return result;
886 } 887 }
887 // Add the bad certificate to the set of allowed certificates in the 888 // Add the bad certificate to the set of allowed certificates in the
888 // SSL config object. 889 // SSL config object.
889 SSLConfig::CertAndStatus bad_cert; 890 SSLConfig::CertAndStatus bad_cert;
890 bad_cert.cert = ssl_info.cert; 891 if (!ssl_info.cert->GetDEREncoded(&bad_cert.der_cert)) {
892 next_state_ = STATE_CLOSE;
893 return result;
894 }
891 bad_cert.cert_status = ssl_info.cert_status; 895 bad_cert.cert_status = ssl_info.cert_status;
892 ssl_config_.allowed_bad_certs.push_back(bad_cert); 896 ssl_config_.allowed_bad_certs.push_back(bad_cert);
893 // Restart connection ignoring the bad certificate. 897 // Restart connection ignoring the bad certificate.
894 socket_->Disconnect(); 898 socket_->Disconnect();
895 socket_.reset(); 899 socket_.reset();
896 next_state_ = STATE_TCP_CONNECT; 900 next_state_ = STATE_TCP_CONNECT;
897 return OK; 901 return OK;
898 } 902 }
899 } 903 }
900 904
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after
1078 1082
1079 SSLConfigService* SocketStream::ssl_config_service() const { 1083 SSLConfigService* SocketStream::ssl_config_service() const {
1080 return context_->ssl_config_service(); 1084 return context_->ssl_config_service();
1081 } 1085 }
1082 1086
1083 ProxyService* SocketStream::proxy_service() const { 1087 ProxyService* SocketStream::proxy_service() const {
1084 return context_->proxy_service(); 1088 return context_->proxy_service();
1085 } 1089 }
1086 1090
1087 } // namespace net 1091 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_server_socket_unittest.cc ('k') | remoting/protocol/jingle_stream_connector.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698