| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 13 matching lines...) Expand all Loading... |
| 24 #include "base/synchronization/lock.h" | 24 #include "base/synchronization/lock.h" |
| 25 #include "base/threading/thread_local.h" | 25 #include "base/threading/thread_local.h" |
| 26 #include "crypto/ec_private_key.h" | 26 #include "crypto/ec_private_key.h" |
| 27 #include "crypto/openssl_util.h" | 27 #include "crypto/openssl_util.h" |
| 28 #include "crypto/scoped_openssl_types.h" | 28 #include "crypto/scoped_openssl_types.h" |
| 29 #include "net/base/net_errors.h" | 29 #include "net/base/net_errors.h" |
| 30 #include "net/cert/cert_policy_enforcer.h" | 30 #include "net/cert/cert_policy_enforcer.h" |
| 31 #include "net/cert/cert_verifier.h" | 31 #include "net/cert/cert_verifier.h" |
| 32 #include "net/cert/ct_ev_whitelist.h" | 32 #include "net/cert/ct_ev_whitelist.h" |
| 33 #include "net/cert/ct_verifier.h" | 33 #include "net/cert/ct_verifier.h" |
| 34 #include "net/cert/single_request_cert_verifier.h" | |
| 35 #include "net/cert/x509_certificate_net_log_param.h" | 34 #include "net/cert/x509_certificate_net_log_param.h" |
| 36 #include "net/cert/x509_util_openssl.h" | 35 #include "net/cert/x509_util_openssl.h" |
| 37 #include "net/http/transport_security_state.h" | 36 #include "net/http/transport_security_state.h" |
| 38 #include "net/ssl/scoped_openssl_types.h" | 37 #include "net/ssl/scoped_openssl_types.h" |
| 39 #include "net/ssl/ssl_cert_request_info.h" | 38 #include "net/ssl/ssl_cert_request_info.h" |
| 40 #include "net/ssl/ssl_client_session_cache_openssl.h" | 39 #include "net/ssl/ssl_client_session_cache_openssl.h" |
| 41 #include "net/ssl/ssl_connection_status_flags.h" | 40 #include "net/ssl/ssl_connection_status_flags.h" |
| 42 #include "net/ssl/ssl_info.h" | 41 #include "net/ssl/ssl_info.h" |
| 43 | 42 |
| 44 #if defined(OS_WIN) | 43 #if defined(OS_WIN) |
| (...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 463 SSL_shutdown(ssl_); | 462 SSL_shutdown(ssl_); |
| 464 SSL_free(ssl_); | 463 SSL_free(ssl_); |
| 465 ssl_ = NULL; | 464 ssl_ = NULL; |
| 466 } | 465 } |
| 467 if (transport_bio_) { | 466 if (transport_bio_) { |
| 468 BIO_free_all(transport_bio_); | 467 BIO_free_all(transport_bio_); |
| 469 transport_bio_ = NULL; | 468 transport_bio_ = NULL; |
| 470 } | 469 } |
| 471 | 470 |
| 472 // Shut down anything that may call us back. | 471 // Shut down anything that may call us back. |
| 473 verifier_.reset(); | 472 cert_verifier_request_.reset(); |
| 474 transport_->socket()->Disconnect(); | 473 transport_->socket()->Disconnect(); |
| 475 | 474 |
| 476 // Null all callbacks, delete all buffers. | 475 // Null all callbacks, delete all buffers. |
| 477 transport_send_busy_ = false; | 476 transport_send_busy_ = false; |
| 478 send_buffer_ = NULL; | 477 send_buffer_ = NULL; |
| 479 transport_recv_busy_ = false; | 478 transport_recv_busy_ = false; |
| 480 recv_buffer_ = NULL; | 479 recv_buffer_ = NULL; |
| 481 | 480 |
| 482 user_connect_callback_.Reset(); | 481 user_connect_callback_.Reset(); |
| 483 user_read_callback_.Reset(); | 482 user_read_callback_.Reset(); |
| (...skipping 596 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1080 | 1079 |
| 1081 int flags = 0; | 1080 int flags = 0; |
| 1082 if (ssl_config_.rev_checking_enabled) | 1081 if (ssl_config_.rev_checking_enabled) |
| 1083 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 1082 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
| 1084 if (ssl_config_.verify_ev_cert) | 1083 if (ssl_config_.verify_ev_cert) |
| 1085 flags |= CertVerifier::VERIFY_EV_CERT; | 1084 flags |= CertVerifier::VERIFY_EV_CERT; |
| 1086 if (ssl_config_.cert_io_enabled) | 1085 if (ssl_config_.cert_io_enabled) |
| 1087 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 1086 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
| 1088 if (ssl_config_.rev_checking_required_local_anchors) | 1087 if (ssl_config_.rev_checking_required_local_anchors) |
| 1089 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; | 1088 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; |
| 1090 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | 1089 return cert_verifier_->Verify( |
| 1091 return verifier_->Verify( | |
| 1092 server_cert_.get(), host_and_port_.host(), ocsp_response, flags, | 1090 server_cert_.get(), host_and_port_.host(), ocsp_response, flags, |
| 1093 // TODO(davidben): Route the CRLSet through SSLConfig so | 1091 // TODO(davidben): Route the CRLSet through SSLConfig so |
| 1094 // SSLClientSocket doesn't depend on SSLConfigService. | 1092 // SSLClientSocket doesn't depend on SSLConfigService. |
| 1095 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, | 1093 SSLConfigService::GetCRLSet().get(), &server_cert_verify_result_, |
| 1096 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | 1094 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, |
| 1097 base::Unretained(this)), | 1095 base::Unretained(this)), |
| 1098 net_log_); | 1096 &cert_verifier_request_, net_log_); |
| 1099 } | 1097 } |
| 1100 | 1098 |
| 1101 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { | 1099 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { |
| 1102 verifier_.reset(); | 1100 cert_verifier_request_.reset(); |
| 1103 | 1101 |
| 1104 if (!start_cert_verification_time_.is_null()) { | 1102 if (!start_cert_verification_time_.is_null()) { |
| 1105 base::TimeDelta verify_time = | 1103 base::TimeDelta verify_time = |
| 1106 base::TimeTicks::Now() - start_cert_verification_time_; | 1104 base::TimeTicks::Now() - start_cert_verification_time_; |
| 1107 if (result == OK) { | 1105 if (result == OK) { |
| 1108 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | 1106 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); |
| 1109 } else { | 1107 } else { |
| 1110 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | 1108 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); |
| 1111 } | 1109 } |
| 1112 } | 1110 } |
| (...skipping 772 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1885 | 1883 |
| 1886 return result; | 1884 return result; |
| 1887 } | 1885 } |
| 1888 | 1886 |
| 1889 scoped_refptr<X509Certificate> | 1887 scoped_refptr<X509Certificate> |
| 1890 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1888 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1891 return server_cert_; | 1889 return server_cert_; |
| 1892 } | 1890 } |
| 1893 | 1891 |
| 1894 } // namespace net | 1892 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1115903002:
Refactor the API for CertVerifier::Verify() and the implementation of MultiThreadedCertVerifier::Ver (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master