Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(250)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 147159: Fix a crash in net::SSLClientSocketWin::OnIOComplete(int) when... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Upload before checkin Created 11 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_win.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code GetDefaultCertNickname(), derived from 5 // This file includes code GetDefaultCertNickname(), derived from
6 // nsNSSCertificate::defaultServerNickName() 6 // nsNSSCertificate::defaultServerNickName()
7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp
8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from
9 // AuthCertificateCallback() in 9 // AuthCertificateCallback() in
10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
59 #define Lock FOO_NSS_Lock 59 #define Lock FOO_NSS_Lock
60 #include <ssl.h> 60 #include <ssl.h>
61 #include <sslerr.h> 61 #include <sslerr.h>
62 #include <pk11pub.h> 62 #include <pk11pub.h>
63 #undef Lock 63 #undef Lock
64 64
65 #include "base/compiler_specific.h" 65 #include "base/compiler_specific.h"
66 #include "base/logging.h" 66 #include "base/logging.h"
67 #include "base/nss_init.h" 67 #include "base/nss_init.h"
68 #include "base/string_util.h" 68 #include "base/string_util.h"
69 #include "net/base/cert_verifier.h"
69 #include "net/base/io_buffer.h" 70 #include "net/base/io_buffer.h"
70 #include "net/base/net_errors.h" 71 #include "net/base/net_errors.h"
71 #include "net/base/ssl_info.h" 72 #include "net/base/ssl_info.h"
72 73
73 static const int kRecvBufferSize = 4096; 74 static const int kRecvBufferSize = 4096;
74 75
75 namespace net { 76 namespace net {
76 77
77 // State machines are easier to debug if you log state transitions. 78 // State machines are easier to debug if you log state transitions.
78 // Enable these if you want to see what's going on. 79 // Enable these if you want to see what's going on.
(...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after
359 void SSLClientSocketNSS::Disconnect() { 360 void SSLClientSocketNSS::Disconnect() {
360 EnterFunction(""); 361 EnterFunction("");
361 362
362 // TODO(wtc): Send SSL close_notify alert. 363 // TODO(wtc): Send SSL close_notify alert.
363 if (nss_fd_ != NULL) { 364 if (nss_fd_ != NULL) {
364 InvalidateSessionIfBadCertificate(); 365 InvalidateSessionIfBadCertificate();
365 PR_Close(nss_fd_); 366 PR_Close(nss_fd_);
366 nss_fd_ = NULL; 367 nss_fd_ = NULL;
367 } 368 }
368 369
370 // Shut down anything that may call us back (through buffer_send_callback_,
371 // buffer_recv_callback, or _io_callback_).
372 verifier_.reset();
369 transport_->Disconnect(); 373 transport_->Disconnect();
370 374
371 // Reset object state 375 // Reset object state
372 transport_send_busy_ = false; 376 transport_send_busy_ = false;
373 transport_recv_busy_ = false; 377 transport_recv_busy_ = false;
374 user_buf_ = NULL; 378 user_buf_ = NULL;
375 user_buf_len_ = 0; 379 user_buf_len_ = 0;
376 server_cert_ = NULL; 380 server_cert_ = NULL;
377 server_cert_verify_result_.Reset(); 381 server_cert_verify_result_.Reset();
378 completed_handshake_ = false; 382 completed_handshake_ = false;
(...skipping 335 matching lines...) Expand 10 before | Expand all | Expand 10 after
714 } 718 }
715 719
716 int SSLClientSocketNSS::DoVerifyCert(int result) { 720 int SSLClientSocketNSS::DoVerifyCert(int result) {
717 DCHECK(server_cert_); 721 DCHECK(server_cert_);
718 GotoState(STATE_VERIFY_CERT_COMPLETE); 722 GotoState(STATE_VERIFY_CERT_COMPLETE);
719 int flags = 0; 723 int flags = 0;
720 if (ssl_config_.rev_checking_enabled) 724 if (ssl_config_.rev_checking_enabled)
721 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 725 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
722 if (ssl_config_.verify_ev_cert) 726 if (ssl_config_.verify_ev_cert)
723 flags |= X509Certificate::VERIFY_EV_CERT; 727 flags |= X509Certificate::VERIFY_EV_CERT;
724 return verifier_.Verify(server_cert_, hostname_, flags, 728 verifier_.reset(new CertVerifier);
725 &server_cert_verify_result_, &io_callback_); 729 return verifier_->Verify(server_cert_, hostname_, flags,
730 &server_cert_verify_result_, &io_callback_);
726 } 731 }
727 732
728 // Derived from AuthCertificateCallback() in 733 // Derived from AuthCertificateCallback() in
729 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. 734 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp.
730 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { 735 int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
736 DCHECK(verifier_.get());
737 verifier_.reset();
738
731 if (result == OK) { 739 if (result == OK) {
732 // Remember the intermediate CA certs if the server sends them to us. 740 // Remember the intermediate CA certs if the server sends them to us.
733 CERTCertList* cert_list = CERT_GetCertChainFromCert( 741 CERTCertList* cert_list = CERT_GetCertChainFromCert(
734 server_cert_->os_cert_handle(), PR_Now(), certUsageSSLCA); 742 server_cert_->os_cert_handle(), PR_Now(), certUsageSSLCA);
735 if (cert_list) { 743 if (cert_list) {
736 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list); 744 for (CERTCertListNode* node = CERT_LIST_HEAD(cert_list);
737 !CERT_LIST_END(node, cert_list); 745 !CERT_LIST_END(node, cert_list);
738 node = CERT_LIST_NEXT(node)) { 746 node = CERT_LIST_NEXT(node)) {
739 if (node->cert->slot || node->cert->isRoot || node->cert->isperm || 747 if (node->cert->slot || node->cert->isRoot || node->cert->isperm ||
740 node->cert == server_cert_->os_cert_handle()) { 748 node->cert == server_cert_->os_cert_handle()) {
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
815 if (prerr == PR_WOULD_BLOCK_ERROR) { 823 if (prerr == PR_WOULD_BLOCK_ERROR) {
816 GotoState(STATE_PAYLOAD_WRITE); 824 GotoState(STATE_PAYLOAD_WRITE);
817 return ERR_IO_PENDING; 825 return ERR_IO_PENDING;
818 } 826 }
819 user_buf_ = NULL; 827 user_buf_ = NULL;
820 LeaveFunction(""); 828 LeaveFunction("");
821 return NetErrorFromNSPRError(prerr); 829 return NetErrorFromNSPRError(prerr);
822 } 830 }
823 831
824 } // namespace net 832 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_win.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698