| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_win.h" | 5 #include "net/socket/ssl_client_socket_win.h" |
| 6 | 6 |
| 7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
| 8 | 8 |
| 9 #include "base/lock.h" | 9 #include "base/lock.h" |
| 10 #include "base/singleton.h" | 10 #include "base/singleton.h" |
| 11 #include "base/stl_util-inl.h" | 11 #include "base/stl_util-inl.h" |
| 12 #include "base/string_util.h" | 12 #include "base/string_util.h" |
| 13 #include "net/base/cert_verifier.h" |
| 13 #include "net/base/connection_type_histograms.h" | 14 #include "net/base/connection_type_histograms.h" |
| 14 #include "net/base/io_buffer.h" | 15 #include "net/base/io_buffer.h" |
| 15 #include "net/base/net_errors.h" | 16 #include "net/base/net_errors.h" |
| 16 #include "net/base/ssl_cert_request_info.h" | 17 #include "net/base/ssl_cert_request_info.h" |
| 17 #include "net/base/ssl_info.h" | 18 #include "net/base/ssl_info.h" |
| 18 | 19 |
| 19 #pragma comment(lib, "secur32.lib") | 20 #pragma comment(lib, "secur32.lib") |
| 20 | 21 |
| 21 namespace net { | 22 namespace net { |
| 22 | 23 |
| (...skipping 447 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 470 next_state_ = STATE_HANDSHAKE_WRITE; | 471 next_state_ = STATE_HANDSHAKE_WRITE; |
| 471 int rv = DoLoop(OK); | 472 int rv = DoLoop(OK); |
| 472 if (rv == ERR_IO_PENDING) | 473 if (rv == ERR_IO_PENDING) |
| 473 user_callback_ = callback; | 474 user_callback_ = callback; |
| 474 return rv; | 475 return rv; |
| 475 } | 476 } |
| 476 | 477 |
| 477 void SSLClientSocketWin::Disconnect() { | 478 void SSLClientSocketWin::Disconnect() { |
| 478 // TODO(wtc): Send SSL close_notify alert. | 479 // TODO(wtc): Send SSL close_notify alert. |
| 479 completed_handshake_ = false; | 480 completed_handshake_ = false; |
| 481 // Shut down anything that may call us back through io_callback_. |
| 482 verifier_.reset(); |
| 480 transport_->Disconnect(); | 483 transport_->Disconnect(); |
| 481 | 484 |
| 482 if (send_buffer_.pvBuffer) | 485 if (send_buffer_.pvBuffer) |
| 483 FreeSendBuffer(); | 486 FreeSendBuffer(); |
| 484 if (ctxt_.dwLower || ctxt_.dwUpper) { | 487 if (ctxt_.dwLower || ctxt_.dwUpper) { |
| 485 DeleteSecurityContext(&ctxt_); | 488 DeleteSecurityContext(&ctxt_); |
| 486 memset(&ctxt_, 0, sizeof(ctxt_)); | 489 memset(&ctxt_, 0, sizeof(ctxt_)); |
| 487 } | 490 } |
| 488 if (server_cert_) | 491 if (server_cert_) |
| 489 server_cert_ = NULL; | 492 server_cert_ = NULL; |
| (...skipping 356 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 846 int SSLClientSocketWin::DoVerifyCert() { | 849 int SSLClientSocketWin::DoVerifyCert() { |
| 847 next_state_ = STATE_VERIFY_CERT_COMPLETE; | 850 next_state_ = STATE_VERIFY_CERT_COMPLETE; |
| 848 | 851 |
| 849 DCHECK(server_cert_); | 852 DCHECK(server_cert_); |
| 850 | 853 |
| 851 int flags = 0; | 854 int flags = 0; |
| 852 if (ssl_config_.rev_checking_enabled) | 855 if (ssl_config_.rev_checking_enabled) |
| 853 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 856 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 854 if (ssl_config_.verify_ev_cert) | 857 if (ssl_config_.verify_ev_cert) |
| 855 flags |= X509Certificate::VERIFY_EV_CERT; | 858 flags |= X509Certificate::VERIFY_EV_CERT; |
| 856 return verifier_.Verify(server_cert_, hostname_, flags, | 859 verifier_.reset(new CertVerifier); |
| 857 &server_cert_verify_result_, &io_callback_); | 860 return verifier_->Verify(server_cert_, hostname_, flags, |
| 861 &server_cert_verify_result_, &io_callback_); |
| 858 } | 862 } |
| 859 | 863 |
| 860 int SSLClientSocketWin::DoVerifyCertComplete(int result) { | 864 int SSLClientSocketWin::DoVerifyCertComplete(int result) { |
| 865 DCHECK(verifier_.get()); |
| 866 verifier_.reset(); |
| 867 |
| 861 // If we have been explicitly told to accept this certificate, override the | 868 // If we have been explicitly told to accept this certificate, override the |
| 862 // result of verifier_.Verify. | 869 // result of verifier_.Verify. |
| 863 // Eventually, we should cache the cert verification results so that we don't | 870 // Eventually, we should cache the cert verification results so that we don't |
| 864 // need to call verifier_.Verify repeatedly. But for now we need to do this. | 871 // need to call verifier_.Verify repeatedly. But for now we need to do this. |
| 865 // Alternatively, we might be able to store the cert's status along with | 872 // Alternatively, we might be able to store the cert's status along with |
| 866 // the cert in the allowed_bad_certs_ set. | 873 // the cert in the allowed_bad_certs_ set. |
| 867 if (IsCertificateError(result) && | 874 if (IsCertificateError(result) && |
| 868 ssl_config_.allowed_bad_certs_.count(server_cert_)) | 875 ssl_config_.allowed_bad_certs_.count(server_cert_)) |
| 869 result = OK; | 876 result = OK; |
| 870 | 877 |
| (...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1185 } | 1192 } |
| 1186 } | 1193 } |
| 1187 | 1194 |
| 1188 void SSLClientSocketWin::FreeSendBuffer() { | 1195 void SSLClientSocketWin::FreeSendBuffer() { |
| 1189 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1196 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
| 1190 DCHECK(status == SEC_E_OK); | 1197 DCHECK(status == SEC_E_OK); |
| 1191 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1198 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
| 1192 } | 1199 } |
| 1193 | 1200 |
| 1194 } // namespace net | 1201 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 147159:
Fix a crash in net::SSLClientSocketWin::OnIOComplete(int) when... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/