| OLD | NEW |
|---|
| 1 // Copyright (c) 2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/ssl_client_socket_mac.h" | 5 #include "net/base/ssl_client_socket_mac.h" |
| 6 | 6 |
| 7 #include "base/singleton.h" | 7 #include "base/singleton.h" |
| 8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "net/base/net_errors.h" | 9 #include "net/base/net_errors.h" |
| 10 #include "net/base/ssl_info.h" | 10 #include "net/base/ssl_info.h" |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 152 return errSSLClosedAbort; | 152 return errSSLClosedAbort; |
| 153 case OK: | 153 case OK: |
| 154 return noErr; | 154 return noErr; |
| 155 default: | 155 default: |
| 156 LOG(WARNING) << "Unknown error " << net_error << | 156 LOG(WARNING) << "Unknown error " << net_error << |
| 157 " mapped to errSSLIllegalParam"; | 157 " mapped to errSSLIllegalParam"; |
| 158 return errSSLIllegalParam; | 158 return errSSLIllegalParam; |
| 159 } | 159 } |
| 160 } | 160 } |
| 161 | 161 |
| 162 // Shared with the Windows code. TODO(avi): merge to a common place | |
| 163 int CertStatusFromNetError(int error) { | |
| 164 switch (error) { | |
| 165 case ERR_CERT_COMMON_NAME_INVALID: | |
| 166 return CERT_STATUS_COMMON_NAME_INVALID; | |
| 167 case ERR_CERT_DATE_INVALID: | |
| 168 return CERT_STATUS_DATE_INVALID; | |
| 169 case ERR_CERT_AUTHORITY_INVALID: | |
| 170 return CERT_STATUS_AUTHORITY_INVALID; | |
| 171 case ERR_CERT_NO_REVOCATION_MECHANISM: | |
| 172 return CERT_STATUS_NO_REVOCATION_MECHANISM; | |
| 173 case ERR_CERT_UNABLE_TO_CHECK_REVOCATION: | |
| 174 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION; | |
| 175 case ERR_CERT_REVOKED: | |
| 176 return CERT_STATUS_REVOKED; | |
| 177 case ERR_CERT_CONTAINS_ERRORS: | |
| 178 NOTREACHED(); | |
| 179 // Falls through. | |
| 180 case ERR_CERT_INVALID: | |
| 181 return CERT_STATUS_INVALID; | |
| 182 default: | |
| 183 return 0; | |
| 184 } | |
| 185 } | |
| 186 | |
| 187 // Converts from a cipher suite to its key size. If the suite is marked with a | 162 // Converts from a cipher suite to its key size. If the suite is marked with a |
| 188 // **, it's not actually implemented in Secure Transport and won't be returned | 163 // **, it's not actually implemented in Secure Transport and won't be returned |
| 189 // (but we'll code for it anyway). The reference here is | 164 // (but we'll code for it anyway). The reference here is |
| 190 // http://www.opensource.apple.com/darwinsource/10.5.5/libsecurity_ssl-32463/lib
/cipherSpecs.c | 165 // http://www.opensource.apple.com/darwinsource/10.5.5/libsecurity_ssl-32463/lib
/cipherSpecs.c |
| 191 // Seriously, though, there has to be an API for this, but I can't find one. | 166 // Seriously, though, there has to be an API for this, but I can't find one. |
| 192 // Anybody? | 167 // Anybody? |
| 193 int KeySizeOfCipherSuite(SSLCipherSuite suite) { | 168 int KeySizeOfCipherSuite(SSLCipherSuite suite) { |
| 194 switch (suite) { | 169 switch (suite) { |
| 195 // SSL 2 only | 170 // SSL 2 only |
| 196 | 171 |
| (...skipping 330 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 527 // At this point we have a connection. For now, we're going to use the default | 502 // At this point we have a connection. For now, we're going to use the default |
| 528 // certificate verification that the system does, and accept its answer for | 503 // certificate verification that the system does, and accept its answer for |
| 529 // the cert status. In the future, we'll need to call SSLSetEnableCertVerify | 504 // the cert status. In the future, we'll need to call SSLSetEnableCertVerify |
| 530 // to disable cert verification and do the verification ourselves. This allows | 505 // to disable cert verification and do the verification ourselves. This allows |
| 531 // very fine-grained control over what we'll accept for certification. | 506 // very fine-grained control over what we'll accept for certification. |
| 532 // TODO(avi): ditto | 507 // TODO(avi): ditto |
| 533 | 508 |
| 534 // TODO(wtc): for now, always check revocation. | 509 // TODO(wtc): for now, always check revocation. |
| 535 server_cert_status_ = CERT_STATUS_REV_CHECKING_ENABLED; | 510 server_cert_status_ = CERT_STATUS_REV_CHECKING_ENABLED; |
| 536 if (net_error) | 511 if (net_error) |
| 537 server_cert_status_ |= CertStatusFromNetError(net_error); | 512 server_cert_status_ |= MapNetErrorToCertStatus(net_error); |
| 538 | 513 |
| 539 return net_error; | 514 return net_error; |
| 540 } | 515 } |
| 541 | 516 |
| 542 int SSLClientSocketMac::DoReadComplete(int result) { | 517 int SSLClientSocketMac::DoReadComplete(int result) { |
| 543 if (result < 0) | 518 if (result < 0) |
| 544 return result; | 519 return result; |
| 545 | 520 |
| 546 recv_buffer_tail_slop_ -= result; | 521 recv_buffer_tail_slop_ -= result; |
| 547 | 522 |
| (...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 772 if (rv < 0 && rv != ERR_IO_PENDING) { | 747 if (rv < 0 && rv != ERR_IO_PENDING) { |
| 773 return OSStatusFromNetError(rv); | 748 return OSStatusFromNetError(rv); |
| 774 } | 749 } |
| 775 | 750 |
| 776 // always lie to our caller | 751 // always lie to our caller |
| 777 return noErr; | 752 return noErr; |
| 778 } | 753 } |
| 779 | 754 |
| 780 } // namespace net | 755 } // namespace net |
| 781 | 756 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14915:
Move certificate verification off the IO thread.... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/