OLD | NEW |
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
106 public: | 106 public: |
107 NSSSSLInitSingleton() { | 107 NSSSSLInitSingleton() { |
108 base::EnsureNSSInit(); | 108 base::EnsureNSSInit(); |
109 | 109 |
110 NSS_SetDomesticPolicy(); | 110 NSS_SetDomesticPolicy(); |
111 | 111 |
112 #if defined(USE_SYSTEM_SSL) | 112 #if defined(USE_SYSTEM_SSL) |
113 // Use late binding to avoid scary but benign warning | 113 // Use late binding to avoid scary but benign warning |
114 // "Symbol `SSL_ImplementedCiphers' has different size in shared object, | 114 // "Symbol `SSL_ImplementedCiphers' has different size in shared object, |
115 // consider re-linking" | 115 // consider re-linking" |
| 116 // TODO(wtc): Use the new SSL_GetImplementedCiphers and |
| 117 // SSL_GetNumImplementedCiphers functions when we require NSS 3.12.6. |
| 118 // See https://bugzilla.mozilla.org/show_bug.cgi?id=496993. |
116 const PRUint16* pSSL_ImplementedCiphers = static_cast<const PRUint16*>( | 119 const PRUint16* pSSL_ImplementedCiphers = static_cast<const PRUint16*>( |
117 dlsym(RTLD_DEFAULT, "SSL_ImplementedCiphers")); | 120 dlsym(RTLD_DEFAULT, "SSL_ImplementedCiphers")); |
118 if (pSSL_ImplementedCiphers == NULL) { | 121 if (pSSL_ImplementedCiphers == NULL) { |
119 NOTREACHED() << "Can't get list of supported ciphers"; | 122 NOTREACHED() << "Can't get list of supported ciphers"; |
120 return; | 123 return; |
121 } | 124 } |
122 #else | 125 #else |
123 #define pSSL_ImplementedCiphers SSL_ImplementedCiphers | 126 #define pSSL_ImplementedCiphers SSL_ImplementedCiphers |
124 #endif | 127 #endif |
125 | 128 |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
170 case PR_CONNECT_ABORTED_ERROR: | 173 case PR_CONNECT_ABORTED_ERROR: |
171 return ERR_CONNECTION_ABORTED; | 174 return ERR_CONNECTION_ABORTED; |
172 case PR_CONNECT_REFUSED_ERROR: | 175 case PR_CONNECT_REFUSED_ERROR: |
173 return ERR_CONNECTION_REFUSED; | 176 return ERR_CONNECTION_REFUSED; |
174 case PR_HOST_UNREACHABLE_ERROR: | 177 case PR_HOST_UNREACHABLE_ERROR: |
175 case PR_NETWORK_UNREACHABLE_ERROR: | 178 case PR_NETWORK_UNREACHABLE_ERROR: |
176 return ERR_ADDRESS_UNREACHABLE; | 179 return ERR_ADDRESS_UNREACHABLE; |
177 case PR_ADDRESS_NOT_AVAILABLE_ERROR: | 180 case PR_ADDRESS_NOT_AVAILABLE_ERROR: |
178 return ERR_ADDRESS_INVALID; | 181 return ERR_ADDRESS_INVALID; |
179 | 182 |
| 183 case SSL_ERROR_SSL_DISABLED: |
| 184 return ERR_NO_SSL_VERSIONS_ENABLED; |
180 case SSL_ERROR_NO_CYPHER_OVERLAP: | 185 case SSL_ERROR_NO_CYPHER_OVERLAP: |
181 case SSL_ERROR_UNSUPPORTED_VERSION: | 186 case SSL_ERROR_UNSUPPORTED_VERSION: |
182 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; | 187 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; |
183 case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: | 188 case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: |
| 189 case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: |
| 190 case SSL_ERROR_ILLEGAL_PARAMETER_ALERT: |
184 return ERR_SSL_PROTOCOL_ERROR; | 191 return ERR_SSL_PROTOCOL_ERROR; |
185 | 192 |
186 default: { | 193 default: { |
187 if (IS_SSL_ERROR(err)) { | 194 if (IS_SSL_ERROR(err)) { |
188 LOG(WARNING) << "Unknown SSL error " << err << | 195 LOG(WARNING) << "Unknown SSL error " << err << |
189 " mapped to net::ERR_SSL_PROTOCOL_ERROR"; | 196 " mapped to net::ERR_SSL_PROTOCOL_ERROR"; |
190 return ERR_SSL_PROTOCOL_ERROR; | 197 return ERR_SSL_PROTOCOL_ERROR; |
191 } | 198 } |
192 LOG(WARNING) << "Unknown error " << err << | 199 LOG(WARNING) << "Unknown error " << err << |
193 " mapped to net::ERR_FAILED"; | 200 " mapped to net::ERR_FAILED"; |
(...skipping 693 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
887 case ERR_CONNECTION_RESET: | 894 case ERR_CONNECTION_RESET: |
888 return PR_CONNECT_RESET_ERROR; | 895 return PR_CONNECT_RESET_ERROR; |
889 case ERR_CONNECTION_ABORTED: | 896 case ERR_CONNECTION_ABORTED: |
890 return PR_CONNECT_ABORTED_ERROR; | 897 return PR_CONNECT_ABORTED_ERROR; |
891 case ERR_CONNECTION_REFUSED: | 898 case ERR_CONNECTION_REFUSED: |
892 return PR_CONNECT_REFUSED_ERROR; | 899 return PR_CONNECT_REFUSED_ERROR; |
893 case ERR_ADDRESS_UNREACHABLE: | 900 case ERR_ADDRESS_UNREACHABLE: |
894 return PR_HOST_UNREACHABLE_ERROR; // Also PR_NETWORK_UNREACHABLE_ERROR. | 901 return PR_HOST_UNREACHABLE_ERROR; // Also PR_NETWORK_UNREACHABLE_ERROR. |
895 case ERR_ADDRESS_INVALID: | 902 case ERR_ADDRESS_INVALID: |
896 return PR_ADDRESS_NOT_AVAILABLE_ERROR; | 903 return PR_ADDRESS_NOT_AVAILABLE_ERROR; |
| 904 case ERR_NAME_NOT_RESOLVED: |
| 905 return PR_DIRECTORY_LOOKUP_ERROR; |
897 default: | 906 default: |
898 LOG(WARNING) << "MapErrorToNSS " << result | 907 LOG(WARNING) << "MapErrorToNSS " << result |
899 << " mapped to PR_UNKNOWN_ERROR"; | 908 << " mapped to PR_UNKNOWN_ERROR"; |
900 return PR_UNKNOWN_ERROR; | 909 return PR_UNKNOWN_ERROR; |
901 } | 910 } |
902 } | 911 } |
903 | 912 |
904 // Do network I/O between the given buffer and the given socket. | 913 // Do network I/O between the given buffer and the given socket. |
905 // Return true if some I/O performed, false otherwise (error or ERR_IO_PENDING) | 914 // Return true if some I/O performed, false otherwise (error or ERR_IO_PENDING) |
906 bool SSLClientSocketNSS::DoTransportIO() { | 915 bool SSLClientSocketNSS::DoTransportIO() { |
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1216 CERT_GetDefaultCertDB(), SEC_CERT_NICKNAMES_USER, wincx); | 1225 CERT_GetDefaultCertDB(), SEC_CERT_NICKNAMES_USER, wincx); |
1217 if (names) { | 1226 if (names) { |
1218 for (int i = 0; i < names->numnicknames; ++i) { | 1227 for (int i = 0; i < names->numnicknames; ++i) { |
1219 cert = CERT_FindUserCertByUsage( | 1228 cert = CERT_FindUserCertByUsage( |
1220 CERT_GetDefaultCertDB(), names->nicknames[i], | 1229 CERT_GetDefaultCertDB(), names->nicknames[i], |
1221 certUsageSSLClient, PR_FALSE, wincx); | 1230 certUsageSSLClient, PR_FALSE, wincx); |
1222 if (!cert) | 1231 if (!cert) |
1223 continue; | 1232 continue; |
1224 // Only check unexpired certs. | 1233 // Only check unexpired certs. |
1225 if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) == | 1234 if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) == |
1226 secCertTimeValid && | 1235 secCertTimeValid && (!ca_names->nnames || |
1227 NSS_CmpCertChainWCANames(cert, ca_names) == SECSuccess) { | 1236 NSS_CmpCertChainWCANames(cert, ca_names) == SECSuccess)) { |
1228 privkey = PK11_FindKeyByAnyCert(cert, wincx); | 1237 privkey = PK11_FindKeyByAnyCert(cert, wincx); |
1229 if (privkey) { | 1238 if (privkey) { |
1230 X509Certificate* x509_cert = X509Certificate::CreateFromHandle( | 1239 X509Certificate* x509_cert = X509Certificate::CreateFromHandle( |
1231 cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, | 1240 cert, X509Certificate::SOURCE_LONE_CERT_IMPORT, |
1232 net::X509Certificate::OSCertHandles()); | 1241 net::X509Certificate::OSCertHandles()); |
1233 that->client_certs_.push_back(x509_cert); | 1242 that->client_certs_.push_back(x509_cert); |
1234 SECKEY_DestroyPrivateKey(privkey); | 1243 SECKEY_DestroyPrivateKey(privkey); |
1235 continue; | 1244 continue; |
1236 } | 1245 } |
1237 } | 1246 } |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1415 EnterFunction(user_write_buf_len_); | 1424 EnterFunction(user_write_buf_len_); |
1416 DCHECK(user_write_buf_); | 1425 DCHECK(user_write_buf_); |
1417 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); | 1426 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); |
1418 if (rv >= 0) { | 1427 if (rv >= 0) { |
1419 LogData(user_write_buf_->data(), rv); | 1428 LogData(user_write_buf_->data(), rv); |
1420 LeaveFunction(""); | 1429 LeaveFunction(""); |
1421 return rv; | 1430 return rv; |
1422 } | 1431 } |
1423 PRErrorCode prerr = PR_GetError(); | 1432 PRErrorCode prerr = PR_GetError(); |
1424 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1433 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 1434 LeaveFunction(""); |
1425 return ERR_IO_PENDING; | 1435 return ERR_IO_PENDING; |
1426 } | 1436 } |
1427 LeaveFunction(""); | 1437 LeaveFunction(""); |
1428 return MapNSPRError(prerr); | 1438 return MapNSPRError(prerr); |
1429 } | 1439 } |
1430 | 1440 |
1431 } // namespace net | 1441 } // namespace net |
OLD | NEW |