| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 #include "base/synchronization/lock.h" | 23 #include "base/synchronization/lock.h" |
| 24 #include "base/threading/thread_local.h" | 24 #include "base/threading/thread_local.h" |
| 25 #include "crypto/ec_private_key.h" | 25 #include "crypto/ec_private_key.h" |
| 26 #include "crypto/openssl_util.h" | 26 #include "crypto/openssl_util.h" |
| 27 #include "crypto/scoped_openssl_types.h" | 27 #include "crypto/scoped_openssl_types.h" |
| 28 #include "net/base/net_errors.h" | 28 #include "net/base/net_errors.h" |
| 29 #include "net/cert/cert_policy_enforcer.h" | 29 #include "net/cert/cert_policy_enforcer.h" |
| 30 #include "net/cert/cert_verifier.h" | 30 #include "net/cert/cert_verifier.h" |
| 31 #include "net/cert/ct_ev_whitelist.h" | 31 #include "net/cert/ct_ev_whitelist.h" |
| 32 #include "net/cert/ct_verifier.h" | 32 #include "net/cert/ct_verifier.h" |
| 33 #include "net/cert/single_request_cert_verifier.h" | |
| 34 #include "net/cert/x509_certificate_net_log_param.h" | 33 #include "net/cert/x509_certificate_net_log_param.h" |
| 35 #include "net/cert/x509_util_openssl.h" | 34 #include "net/cert/x509_util_openssl.h" |
| 36 #include "net/http/transport_security_state.h" | 35 #include "net/http/transport_security_state.h" |
| 37 #include "net/ssl/scoped_openssl_types.h" | 36 #include "net/ssl/scoped_openssl_types.h" |
| 38 #include "net/ssl/ssl_cert_request_info.h" | 37 #include "net/ssl/ssl_cert_request_info.h" |
| 39 #include "net/ssl/ssl_client_session_cache_openssl.h" | 38 #include "net/ssl/ssl_client_session_cache_openssl.h" |
| 40 #include "net/ssl/ssl_connection_status_flags.h" | 39 #include "net/ssl/ssl_connection_status_flags.h" |
| 41 #include "net/ssl/ssl_info.h" | 40 #include "net/ssl/ssl_info.h" |
| 42 | 41 |
| 43 #if defined(OS_WIN) | 42 #if defined(OS_WIN) |
| (...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 462 SSL_shutdown(ssl_); | 461 SSL_shutdown(ssl_); |
| 463 SSL_free(ssl_); | 462 SSL_free(ssl_); |
| 464 ssl_ = NULL; | 463 ssl_ = NULL; |
| 465 } | 464 } |
| 466 if (transport_bio_) { | 465 if (transport_bio_) { |
| 467 BIO_free_all(transport_bio_); | 466 BIO_free_all(transport_bio_); |
| 468 transport_bio_ = NULL; | 467 transport_bio_ = NULL; |
| 469 } | 468 } |
| 470 | 469 |
| 471 // Shut down anything that may call us back. | 470 // Shut down anything that may call us back. |
| 472 verifier_.reset(); | 471 cert_verifier_request_.reset(); |
| 473 transport_->socket()->Disconnect(); | 472 transport_->socket()->Disconnect(); |
| 474 | 473 |
| 475 // Null all callbacks, delete all buffers. | 474 // Null all callbacks, delete all buffers. |
| 476 transport_send_busy_ = false; | 475 transport_send_busy_ = false; |
| 477 send_buffer_ = NULL; | 476 send_buffer_ = NULL; |
| 478 transport_recv_busy_ = false; | 477 transport_recv_busy_ = false; |
| 479 recv_buffer_ = NULL; | 478 recv_buffer_ = NULL; |
| 480 | 479 |
| 481 user_connect_callback_.Reset(); | 480 user_connect_callback_.Reset(); |
| 482 user_read_callback_.Reset(); | 481 user_read_callback_.Reset(); |
| (...skipping 596 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1079 | 1078 |
| 1080 int flags = 0; | 1079 int flags = 0; |
| 1081 if (ssl_config_.rev_checking_enabled) | 1080 if (ssl_config_.rev_checking_enabled) |
| 1082 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 1081 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
| 1083 if (ssl_config_.verify_ev_cert) | 1082 if (ssl_config_.verify_ev_cert) |
| 1084 flags |= CertVerifier::VERIFY_EV_CERT; | 1083 flags |= CertVerifier::VERIFY_EV_CERT; |
| 1085 if (ssl_config_.cert_io_enabled) | 1084 if (ssl_config_.cert_io_enabled) |
| 1086 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 1085 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
| 1087 if (ssl_config_.rev_checking_required_local_anchors) | 1086 if (ssl_config_.rev_checking_required_local_anchors) |
| 1088 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; | 1087 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; |
| 1089 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | 1088 return cert_verifier_->Verify( |
| 1090 return verifier_->Verify( | |
| 1091 server_cert_.get(), host_and_port_.host(), ocsp_response, flags, | 1089 server_cert_.get(), host_and_port_.host(), ocsp_response, flags, |
| 1092 // TODO(davidben): Route the CRLSet through SSLConfig so | 1090 // TODO(davidben): Route the CRLSet through SSLConfig so |
| 1093 // SSLClientSocket doesn't depend on SSLConfigService. | 1091 // SSLClientSocket doesn't depend on SSLConfigService. |
| 1094 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, | 1092 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, |
| 1095 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | 1093 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, |
| 1096 base::Unretained(this)), | 1094 base::Unretained(this)), |
| 1097 net_log_); | 1095 &cert_verifier_request_, net_log_); |
| 1098 } | 1096 } |
| 1099 | 1097 |
| 1100 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { | 1098 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { |
| 1101 verifier_.reset(); | 1099 cert_verifier_request_.reset(); |
| 1102 | 1100 |
| 1103 if (!start_cert_verification_time_.is_null()) { | 1101 if (!start_cert_verification_time_.is_null()) { |
| 1104 base::TimeDelta verify_time = | 1102 base::TimeDelta verify_time = |
| 1105 base::TimeTicks::Now() - start_cert_verification_time_; | 1103 base::TimeTicks::Now() - start_cert_verification_time_; |
| 1106 if (result == OK) { | 1104 if (result == OK) { |
| 1107 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | 1105 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); |
| 1108 } else { | 1106 } else { |
| 1109 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | 1107 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); |
| 1110 } | 1108 } |
| 1111 } | 1109 } |
| (...skipping 772 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1884 | 1882 |
| 1885 return result; | 1883 return result; |
| 1886 } | 1884 } |
| 1887 | 1885 |
| 1888 scoped_refptr<X509Certificate> | 1886 scoped_refptr<X509Certificate> |
| 1889 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1887 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1890 return server_cert_; | 1888 return server_cert_; |
| 1891 } | 1889 } |
| 1892 | 1890 |
| 1893 } // namespace net | 1891 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1115903002:
Refactor the API for CertVerifier::Verify() and the implementation of MultiThreadedCertVerifier::Ver (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master