OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
63 #include <algorithm> | 63 #include <algorithm> |
64 #include <limits> | 64 #include <limits> |
65 #include <map> | 65 #include <map> |
66 | 66 |
67 #include "base/bind.h" | 67 #include "base/bind.h" |
68 #include "base/bind_helpers.h" | 68 #include "base/bind_helpers.h" |
69 #include "base/callback_helpers.h" | 69 #include "base/callback_helpers.h" |
70 #include "base/compiler_specific.h" | 70 #include "base/compiler_specific.h" |
71 #include "base/location.h" | 71 #include "base/location.h" |
72 #include "base/logging.h" | 72 #include "base/logging.h" |
| 73 #include "base/macros.h" |
73 #include "base/metrics/histogram_macros.h" | 74 #include "base/metrics/histogram_macros.h" |
74 #include "base/single_thread_task_runner.h" | 75 #include "base/single_thread_task_runner.h" |
75 #include "base/stl_util.h" | 76 #include "base/stl_util.h" |
76 #include "base/strings/string_number_conversions.h" | 77 #include "base/strings/string_number_conversions.h" |
77 #include "base/strings/string_util.h" | 78 #include "base/strings/string_util.h" |
78 #include "base/strings/stringprintf.h" | 79 #include "base/strings/stringprintf.h" |
79 #include "base/thread_task_runner_handle.h" | 80 #include "base/thread_task_runner_handle.h" |
80 #include "base/threading/thread_restrictions.h" | 81 #include "base/threading/thread_restrictions.h" |
81 #include "base/values.h" | 82 #include "base/values.h" |
82 #include "crypto/ec_private_key.h" | 83 #include "crypto/ec_private_key.h" |
(...skipping 1976 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2059 } | 2060 } |
2060 } | 2061 } |
2061 | 2062 |
2062 if (ssl_config_.version_fallback) { | 2063 if (ssl_config_.version_fallback) { |
2063 nss_handshake_state_.ssl_connection_status |= | 2064 nss_handshake_state_.ssl_connection_status |= |
2064 SSL_CONNECTION_VERSION_FALLBACK; | 2065 SSL_CONNECTION_VERSION_FALLBACK; |
2065 } | 2066 } |
2066 } | 2067 } |
2067 | 2068 |
2068 void SSLClientSocketNSS::Core::UpdateNextProto() { | 2069 void SSLClientSocketNSS::Core::UpdateNextProto() { |
2069 uint8 buf[256]; | 2070 uint8_t buf[256]; |
2070 SSLNextProtoState state; | 2071 SSLNextProtoState state; |
2071 unsigned buf_len; | 2072 unsigned buf_len; |
2072 | 2073 |
2073 SECStatus rv = SSL_GetNextProto(nss_fd_, &state, buf, &buf_len, sizeof(buf)); | 2074 SECStatus rv = SSL_GetNextProto(nss_fd_, &state, buf, &buf_len, sizeof(buf)); |
2074 if (rv != SECSuccess) | 2075 if (rv != SECSuccess) |
2075 return; | 2076 return; |
2076 | 2077 |
2077 nss_handshake_state_.next_proto = | 2078 nss_handshake_state_.next_proto = |
2078 std::string(reinterpret_cast<char*>(buf), buf_len); | 2079 std::string(reinterpret_cast<char*>(buf), buf_len); |
2079 switch (state) { | 2080 switch (state) { |
(...skipping 574 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2654 DCHECK(core_.get()); | 2655 DCHECK(core_.get()); |
2655 DCHECK(!callback.is_null()); | 2656 DCHECK(!callback.is_null()); |
2656 | 2657 |
2657 EnterFunction(buf_len); | 2658 EnterFunction(buf_len); |
2658 int rv = core_->Write(buf, buf_len, callback); | 2659 int rv = core_->Write(buf, buf_len, callback); |
2659 LeaveFunction(rv); | 2660 LeaveFunction(rv); |
2660 | 2661 |
2661 return rv; | 2662 return rv; |
2662 } | 2663 } |
2663 | 2664 |
2664 int SSLClientSocketNSS::SetReceiveBufferSize(int32 size) { | 2665 int SSLClientSocketNSS::SetReceiveBufferSize(int32_t size) { |
2665 return transport_->socket()->SetReceiveBufferSize(size); | 2666 return transport_->socket()->SetReceiveBufferSize(size); |
2666 } | 2667 } |
2667 | 2668 |
2668 int SSLClientSocketNSS::SetSendBufferSize(int32 size) { | 2669 int SSLClientSocketNSS::SetSendBufferSize(int32_t size) { |
2669 return transport_->socket()->SetSendBufferSize(size); | 2670 return transport_->socket()->SetSendBufferSize(size); |
2670 } | 2671 } |
2671 | 2672 |
2672 int SSLClientSocketNSS::Init() { | 2673 int SSLClientSocketNSS::Init() { |
2673 EnterFunction(""); | 2674 EnterFunction(""); |
2674 // Initialize the NSS SSL library in a threadsafe way. This also | 2675 // Initialize the NSS SSL library in a threadsafe way. This also |
2675 // initializes the NSS base library. | 2676 // initializes the NSS base library. |
2676 EnsureNSSSSLInit(); | 2677 EnsureNSSSSLInit(); |
2677 if (!NSS_IsInitialized()) | 2678 if (!NSS_IsInitialized()) |
2678 return ERR_UNEXPECTED; | 2679 return ERR_UNEXPECTED; |
(...skipping 86 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2765 } | 2766 } |
2766 | 2767 |
2767 if (ssl_config_.version_fallback) { | 2768 if (ssl_config_.version_fallback) { |
2768 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE); | 2769 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE); |
2769 if (rv != SECSuccess) { | 2770 if (rv != SECSuccess) { |
2770 LogFailedNSSFunction( | 2771 LogFailedNSSFunction( |
2771 net_log_, "SSL_OptionSet", "SSL_ENABLE_FALLBACK_SCSV"); | 2772 net_log_, "SSL_OptionSet", "SSL_ENABLE_FALLBACK_SCSV"); |
2772 } | 2773 } |
2773 } | 2774 } |
2774 | 2775 |
2775 for (std::vector<uint16>::const_iterator it = | 2776 for (std::vector<uint16_t>::const_iterator it = |
2776 ssl_config_.disabled_cipher_suites.begin(); | 2777 ssl_config_.disabled_cipher_suites.begin(); |
2777 it != ssl_config_.disabled_cipher_suites.end(); ++it) { | 2778 it != ssl_config_.disabled_cipher_suites.end(); ++it) { |
2778 // This will fail if the specified cipher is not implemented by NSS, but | 2779 // This will fail if the specified cipher is not implemented by NSS, but |
2779 // the failure is harmless. | 2780 // the failure is harmless. |
2780 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | 2781 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); |
2781 } | 2782 } |
2782 | 2783 |
2783 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); | 2784 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); |
2784 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); | 2785 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); |
2785 for (int i = 0; i < num_ciphers; i++) { | 2786 for (int i = 0; i < num_ciphers; i++) { |
(...skipping 391 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3177 return channel_id_service_; | 3178 return channel_id_service_; |
3178 } | 3179 } |
3179 | 3180 |
3180 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3181 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
3181 if (completed_handshake_) | 3182 if (completed_handshake_) |
3182 return SSL_FAILURE_NONE; | 3183 return SSL_FAILURE_NONE; |
3183 return SSL_FAILURE_UNKNOWN; | 3184 return SSL_FAILURE_UNKNOWN; |
3184 } | 3185 } |
3185 | 3186 |
3186 } // namespace net | 3187 } // namespace net |
OLD | NEW |