| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 908 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 919 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is | 919 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is |
| 920 // fixed. | 920 // fixed. |
| 921 tracked_objects::ScopedTracker tracking_profile1( | 921 tracked_objects::ScopedTracker tracking_profile1( |
| 922 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 922 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 923 "424386 DoHandshake_WithoutCert First")); | 923 "424386 DoHandshake_WithoutCert First")); |
| 924 | 924 |
| 925 rv = SSL_do_handshake(ssl_); | 925 rv = SSL_do_handshake(ssl_); |
| 926 } | 926 } |
| 927 } | 927 } |
| 928 | 928 |
| 929 if (client_auth_cert_needed_) { | 929 if (rv == 1) { |
| 930 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
| 931 tracked_objects::ScopedTracker tracking_profile2( | |
| 932 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
| 933 "424386 SSLClientSocketOpenSSL::DoHandshake2")); | |
| 934 | |
| 935 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | |
| 936 // If the handshake already succeeded (because the server requests but | |
| 937 // doesn't require a client cert), we need to invalidate the SSL session | |
| 938 // so that we won't try to resume the non-client-authenticated session in | |
| 939 // the next handshake. This will cause the server to ask for a client | |
| 940 // cert again. | |
| 941 if (rv == 1) { | |
| 942 // Remove from session cache but don't clear this connection. | |
| 943 SSL_SESSION* session = SSL_get_session(ssl_); | |
| 944 if (session) { | |
| 945 int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session); | |
| 946 LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session; | |
| 947 } | |
| 948 } | |
| 949 } else if (rv == 1) { | |
| 950 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 930 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 951 tracked_objects::ScopedTracker tracking_profile3( | 931 tracked_objects::ScopedTracker tracking_profile3( |
| 952 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 932 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 953 "424386 SSLClientSocketOpenSSL::DoHandshake3")); | 933 "424386 SSLClientSocketOpenSSL::DoHandshake3")); |
| 954 | 934 |
| 955 if (trying_cached_session_ && logging::DEBUG_MODE) { | 935 if (trying_cached_session_ && logging::DEBUG_MODE) { |
| 956 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString() | 936 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString() |
| 957 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail"); | 937 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail"); |
| 958 } | 938 } |
| 959 | 939 |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 997 | 977 |
| 998 // Verify the certificate. | 978 // Verify the certificate. |
| 999 UpdateServerCert(); | 979 UpdateServerCert(); |
| 1000 GotoState(STATE_VERIFY_CERT); | 980 GotoState(STATE_VERIFY_CERT); |
| 1001 } else { | 981 } else { |
| 1002 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 982 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 1003 tracked_objects::ScopedTracker tracking_profile4( | 983 tracked_objects::ScopedTracker tracking_profile4( |
| 1004 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 984 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 1005 "424386 SSLClientSocketOpenSSL::DoHandshake4")); | 985 "424386 SSLClientSocketOpenSSL::DoHandshake4")); |
| 1006 | 986 |
| 987 if (client_auth_cert_needed_) |
| 988 return ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 989 |
| 1007 int ssl_error = SSL_get_error(ssl_, rv); | 990 int ssl_error = SSL_get_error(ssl_, rv); |
| 1008 | 991 |
| 1009 if (ssl_error == SSL_ERROR_WANT_CHANNEL_ID_LOOKUP) { | 992 if (ssl_error == SSL_ERROR_WANT_CHANNEL_ID_LOOKUP) { |
| 1010 // The server supports channel ID. Stop to look one up before returning to | 993 // The server supports channel ID. Stop to look one up before returning to |
| 1011 // the handshake. | 994 // the handshake. |
| 1012 channel_id_xtn_negotiated_ = true; | 995 channel_id_xtn_negotiated_ = true; |
| 1013 GotoState(STATE_CHANNEL_ID_LOOKUP); | 996 GotoState(STATE_CHANNEL_ID_LOOKUP); |
| 1014 return OK; | 997 return OK; |
| 1015 } | 998 } |
| 1016 | 999 |
| (...skipping 943 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1960 | 1943 |
| 1961 return result; | 1944 return result; |
| 1962 } | 1945 } |
| 1963 | 1946 |
| 1964 scoped_refptr<X509Certificate> | 1947 scoped_refptr<X509Certificate> |
| 1965 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1948 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1966 return server_cert_; | 1949 return server_cert_; |
| 1967 } | 1950 } |
| 1968 | 1951 |
| 1969 } // namespace net | 1952 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1013193004:
Remove dead code in client auth logic. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master