Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(280)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_client_socket_nss.cc

Issue 14915: Move certificate verification off the IO thread.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 11 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_client_socket_mac.cc ('k') | net/base/ssl_client_socket_win.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/ssl_client_socket_nss.h" 5 #include "net/base/ssl_client_socket_nss.h"
6 6
7 #include <nspr.h> 7 #include <nspr.h>
8 #include <nss.h> 8 #include <nss.h>
9 #include <secerr.h> 9 #include <secerr.h>
10 // Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424 10 // Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after
93 " mapped to net::ERR_CERT_INVALID"; 93 " mapped to net::ERR_CERT_INVALID";
94 return ERR_CERT_INVALID; 94 return ERR_CERT_INVALID;
95 } 95 }
96 LOG(WARNING) << "Unknown error " << err << 96 LOG(WARNING) << "Unknown error " << err <<
97 " mapped to net::ERR_FAILED"; 97 " mapped to net::ERR_FAILED";
98 return ERR_FAILED; 98 return ERR_FAILED;
99 } 99 }
100 } 100 }
101 } 101 }
102 102
103 // Shared with the Windows code. TODO(avi): merge to a common place
104 int CertStatusFromNetError(int error) {
105 switch (error) {
106 case ERR_CERT_COMMON_NAME_INVALID:
107 return CERT_STATUS_COMMON_NAME_INVALID;
108 case ERR_CERT_DATE_INVALID:
109 return CERT_STATUS_DATE_INVALID;
110 case ERR_CERT_AUTHORITY_INVALID:
111 return CERT_STATUS_AUTHORITY_INVALID;
112 case ERR_CERT_NO_REVOCATION_MECHANISM:
113 return CERT_STATUS_NO_REVOCATION_MECHANISM;
114 case ERR_CERT_UNABLE_TO_CHECK_REVOCATION:
115 return CERT_STATUS_UNABLE_TO_CHECK_REVOCATION;
116 case ERR_CERT_REVOKED:
117 return CERT_STATUS_REVOKED;
118 case ERR_CERT_CONTAINS_ERRORS:
119 NOTREACHED();
120 // Falls through.
121 case ERR_CERT_INVALID:
122 return CERT_STATUS_INVALID;
123 default:
124 return 0;
125 }
126 }
127
128 } // namespace 103 } // namespace
129 104
130 bool SSLClientSocketNSS::nss_options_initialized_ = false; 105 bool SSLClientSocketNSS::nss_options_initialized_ = false;
131 106
132 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocket* transport_socket, 107 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocket* transport_socket,
133 const std::string& hostname, 108 const std::string& hostname,
134 const SSLConfig& ssl_config) 109 const SSLConfig& ssl_config)
135 : 110 :
136 buffer_send_callback_(this, &SSLClientSocketNSS::BufferSendComplete), 111 buffer_send_callback_(this, &SSLClientSocketNSS::BufferSendComplete),
137 buffer_recv_callback_(this, &SSLClientSocketNSS::BufferRecvComplete), 112 buffer_recv_callback_(this, &SSLClientSocketNSS::BufferRecvComplete),
(...skipping 393 matching lines...) Expand 10 before | Expand all | Expand 10 after
531 // Indicate we're ready to handle I/O. Badly named? 506 // Indicate we're ready to handle I/O. Badly named?
532 GotoState(STATE_NONE); 507 GotoState(STATE_NONE);
533 } else { 508 } else {
534 PRErrorCode prerr = PR_GetError(); 509 PRErrorCode prerr = PR_GetError();
535 net_error = NetErrorFromNSPRError(prerr); 510 net_error = NetErrorFromNSPRError(prerr);
536 511
537 // If not done, stay in this state 512 // If not done, stay in this state
538 if (net_error == ERR_IO_PENDING) { 513 if (net_error == ERR_IO_PENDING) {
539 GotoState(STATE_HANDSHAKE_READ); 514 GotoState(STATE_HANDSHAKE_READ);
540 } else { 515 } else {
541 server_cert_status_ = CertStatusFromNetError(net_error); 516 server_cert_status_ = MapNetErrorToCertStatus(net_error);
542 LOG(ERROR) << "handshake failed; NSS error code " << prerr 517 LOG(ERROR) << "handshake failed; NSS error code " << prerr
543 << ", net_error " << net_error << ", server_cert_status " 518 << ", net_error " << net_error << ", server_cert_status "
544 << server_cert_status_; 519 << server_cert_status_;
545 } 520 }
546 } 521 }
547 522
548 LeaveFunction(""); 523 LeaveFunction("");
549 return net_error; 524 return net_error;
550 } 525 }
551 526
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
583 GotoState(STATE_PAYLOAD_WRITE); 558 GotoState(STATE_PAYLOAD_WRITE);
584 return ERR_IO_PENDING; 559 return ERR_IO_PENDING;
585 } 560 }
586 user_buf_ = NULL; 561 user_buf_ = NULL;
587 LeaveFunction(""); 562 LeaveFunction("");
588 return NetErrorFromNSPRError(prerr); 563 return NetErrorFromNSPRError(prerr);
589 } 564 }
590 565
591 } // namespace net 566 } // namespace net
592 567
OLDNEW
« no previous file with comments | « net/base/ssl_client_socket_mac.cc ('k') | net/base/ssl_client_socket_win.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698