OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 1245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1256 } | 1256 } |
1257 } | 1257 } |
1258 | 1258 |
1259 const CertStatus cert_status = server_cert_verify_result_.cert_status; | 1259 const CertStatus cert_status = server_cert_verify_result_.cert_status; |
1260 if (transport_security_state_ && | 1260 if (transport_security_state_ && |
1261 (result == OK || | 1261 (result == OK || |
1262 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 1262 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
1263 !transport_security_state_->CheckPublicKeyPins( | 1263 !transport_security_state_->CheckPublicKeyPins( |
1264 host_and_port_.host(), | 1264 host_and_port_.host(), |
1265 server_cert_verify_result_.is_issued_by_known_root, | 1265 server_cert_verify_result_.is_issued_by_known_root, |
1266 server_cert_verify_result_.public_key_hashes, | 1266 server_cert_verify_result_.public_key_hashes, host_and_port_.port(), |
1267 &pinning_failure_log_)) { | 1267 server_cert_.get(), server_cert_verify_result_.verified_cert.get(), |
| 1268 TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) { |
1268 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 1269 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
1269 } | 1270 } |
1270 | 1271 |
1271 if (result == OK) { | 1272 if (result == OK) { |
1272 // Only check Certificate Transparency if there were no other errors with | 1273 // Only check Certificate Transparency if there were no other errors with |
1273 // the connection. | 1274 // the connection. |
1274 VerifyCT(); | 1275 VerifyCT(); |
1275 | 1276 |
1276 DCHECK(!certificate_verified_); | 1277 DCHECK(!certificate_verified_); |
1277 certificate_verified_ = true; | 1278 certificate_verified_ = true; |
(...skipping 869 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2147 OnHandshakeIOComplete(signature_result_); | 2148 OnHandshakeIOComplete(signature_result_); |
2148 return; | 2149 return; |
2149 } | 2150 } |
2150 | 2151 |
2151 // During a renegotiation, either Read or Write calls may be blocked on an | 2152 // During a renegotiation, either Read or Write calls may be blocked on an |
2152 // asynchronous private key operation. | 2153 // asynchronous private key operation. |
2153 PumpReadWriteEvents(); | 2154 PumpReadWriteEvents(); |
2154 } | 2155 } |
2155 | 2156 |
2156 } // namespace net | 2157 } // namespace net |
OLD | NEW |