| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 89 #include "net/base/net_errors.h" | 89 #include "net/base/net_errors.h" |
| 90 #include "net/cert/asn1_util.h" | 90 #include "net/cert/asn1_util.h" |
| 91 #include "net/cert/cert_policy_enforcer.h" | 91 #include "net/cert/cert_policy_enforcer.h" |
| 92 #include "net/cert/cert_status_flags.h" | 92 #include "net/cert/cert_status_flags.h" |
| 93 #include "net/cert/cert_verifier.h" | 93 #include "net/cert/cert_verifier.h" |
| 94 #include "net/cert/ct_ev_whitelist.h" | 94 #include "net/cert/ct_ev_whitelist.h" |
| 95 #include "net/cert/ct_verifier.h" | 95 #include "net/cert/ct_verifier.h" |
| 96 #include "net/cert/ct_verify_result.h" | 96 #include "net/cert/ct_verify_result.h" |
| 97 #include "net/cert/scoped_nss_types.h" | 97 #include "net/cert/scoped_nss_types.h" |
| 98 #include "net/cert/sct_status_flags.h" | 98 #include "net/cert/sct_status_flags.h" |
| 99 #include "net/cert/single_request_cert_verifier.h" | |
| 100 #include "net/cert/x509_certificate_net_log_param.h" | 99 #include "net/cert/x509_certificate_net_log_param.h" |
| 101 #include "net/cert/x509_util.h" | 100 #include "net/cert/x509_util.h" |
| 102 #include "net/cert_net/nss_ocsp.h" | 101 #include "net/cert_net/nss_ocsp.h" |
| 103 #include "net/http/transport_security_state.h" | 102 #include "net/http/transport_security_state.h" |
| 104 #include "net/log/net_log.h" | 103 #include "net/log/net_log.h" |
| 105 #include "net/socket/client_socket_handle.h" | 104 #include "net/socket/client_socket_handle.h" |
| 106 #include "net/socket/nss_ssl_util.h" | 105 #include "net/socket/nss_ssl_util.h" |
| 107 #include "net/ssl/ssl_cert_request_info.h" | 106 #include "net/ssl/ssl_cert_request_info.h" |
| 108 #include "net/ssl/ssl_cipher_suite_names.h" | 107 #include "net/ssl/ssl_cipher_suite_names.h" |
| 109 #include "net/ssl/ssl_connection_status_flags.h" | 108 #include "net/ssl/ssl_connection_status_flags.h" |
| (...skipping 2446 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2556 return rv > OK ? OK : rv; | 2555 return rv > OK ? OK : rv; |
| 2557 } | 2556 } |
| 2558 | 2557 |
| 2559 void SSLClientSocketNSS::Disconnect() { | 2558 void SSLClientSocketNSS::Disconnect() { |
| 2560 EnterFunction(""); | 2559 EnterFunction(""); |
| 2561 | 2560 |
| 2562 CHECK(CalledOnValidThread()); | 2561 CHECK(CalledOnValidThread()); |
| 2563 | 2562 |
| 2564 // Shut down anything that may call us back. | 2563 // Shut down anything that may call us back. |
| 2565 core_->Detach(); | 2564 core_->Detach(); |
| 2566 verifier_.reset(); | 2565 cert_verifier_request_.reset(); |
| 2567 transport_->socket()->Disconnect(); | 2566 transport_->socket()->Disconnect(); |
| 2568 | 2567 |
| 2569 // Reset object state. | 2568 // Reset object state. |
| 2570 user_connect_callback_.Reset(); | 2569 user_connect_callback_.Reset(); |
| 2571 server_cert_verify_result_.Reset(); | 2570 server_cert_verify_result_.Reset(); |
| 2572 completed_handshake_ = false; | 2571 completed_handshake_ = false; |
| 2573 start_cert_verification_time_ = base::TimeTicks(); | 2572 start_cert_verification_time_ = base::TimeTicks(); |
| 2574 InitCore(); | 2573 InitCore(); |
| 2575 | 2574 |
| 2576 LeaveFunction(""); | 2575 LeaveFunction(""); |
| (...skipping 457 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3034 | 3033 |
| 3035 int flags = 0; | 3034 int flags = 0; |
| 3036 if (ssl_config_.rev_checking_enabled) | 3035 if (ssl_config_.rev_checking_enabled) |
| 3037 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 3036 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
| 3038 if (ssl_config_.verify_ev_cert) | 3037 if (ssl_config_.verify_ev_cert) |
| 3039 flags |= CertVerifier::VERIFY_EV_CERT; | 3038 flags |= CertVerifier::VERIFY_EV_CERT; |
| 3040 if (ssl_config_.cert_io_enabled) | 3039 if (ssl_config_.cert_io_enabled) |
| 3041 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 3040 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
| 3042 if (ssl_config_.rev_checking_required_local_anchors) | 3041 if (ssl_config_.rev_checking_required_local_anchors) |
| 3043 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; | 3042 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; |
| 3044 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | 3043 return cert_verifier_->Verify( |
| 3045 return verifier_->Verify( | |
| 3046 core_->state().server_cert.get(), host_and_port_.host(), | 3044 core_->state().server_cert.get(), host_and_port_.host(), |
| 3047 core_->state().stapled_ocsp_response, flags, | 3045 core_->state().stapled_ocsp_response, flags, |
| 3048 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, | 3046 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, |
| 3049 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, | 3047 base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete, |
| 3050 base::Unretained(this)), | 3048 base::Unretained(this)), |
| 3051 net_log_); | 3049 &cert_verifier_request_, net_log_); |
| 3052 } | 3050 } |
| 3053 | 3051 |
| 3054 // Derived from AuthCertificateCallback() in | 3052 // Derived from AuthCertificateCallback() in |
| 3055 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | 3053 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 3056 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | 3054 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { |
| 3057 verifier_.reset(); | 3055 cert_verifier_request_.reset(); |
| 3058 | 3056 |
| 3059 if (!start_cert_verification_time_.is_null()) { | 3057 if (!start_cert_verification_time_.is_null()) { |
| 3060 base::TimeDelta verify_time = | 3058 base::TimeDelta verify_time = |
| 3061 base::TimeTicks::Now() - start_cert_verification_time_; | 3059 base::TimeTicks::Now() - start_cert_verification_time_; |
| 3062 if (result == OK) | 3060 if (result == OK) |
| 3063 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | 3061 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); |
| 3064 else | 3062 else |
| 3065 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | 3063 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); |
| 3066 } | 3064 } |
| 3067 | 3065 |
| (...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3175 scoped_refptr<X509Certificate> | 3173 scoped_refptr<X509Certificate> |
| 3176 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3174 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
| 3177 return core_->state().server_cert.get(); | 3175 return core_->state().server_cert.get(); |
| 3178 } | 3176 } |
| 3179 | 3177 |
| 3180 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3178 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
| 3181 return channel_id_service_; | 3179 return channel_id_service_; |
| 3182 } | 3180 } |
| 3183 | 3181 |
| 3184 } // namespace net | 3182 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1115903002:
Refactor the API for CertVerifier::Verify() and the implementation of MultiThreadedCertVerifier::Ver (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master