net/socket/ssl_client_socket_nss.cc - Issue 1589034: If the server's CertificateRequest message contains an empty...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 1589034: If the server's CertificateRequest message contains an empty... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: More error code mapping improvements. Created 10 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_nss.cc

===================================================================

--- net/socket/ssl_client_socket_nss.cc (revision 44420)

+++ net/socket/ssl_client_socket_nss.cc (working copy)

@@ -113,6 +113,9 @@

// Use late binding to avoid scary but benign warning

// "Symbol `SSL_ImplementedCiphers' has different size in shared object,

// consider re-linking"

+ // TODO(wtc): Use the new SSL_GetImplementedCiphers and

+ // SSL_GetNumImplementedCiphers functions when we require NSS 3.12.6.

+ // See https://bugzilla.mozilla.org/show_bug.cgi?id=496993.

const PRUint16* pSSL_ImplementedCiphers = static_cast<const PRUint16*>(

dlsym(RTLD_DEFAULT, "SSL_ImplementedCiphers"));

if (pSSL_ImplementedCiphers == NULL) {

@@ -177,10 +180,14 @@

case PR_ADDRESS_NOT_AVAILABLE_ERROR:

return ERR_ADDRESS_INVALID;

+ case SSL_ERROR_SSL_DISABLED:

+ return ERR_NO_SSL_VERSIONS_ENABLED;

case SSL_ERROR_NO_CYPHER_OVERLAP:

case SSL_ERROR_UNSUPPORTED_VERSION:

return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;

case SSL_ERROR_HANDSHAKE_FAILURE_ALERT:

+ case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT:

+ case SSL_ERROR_ILLEGAL_PARAMETER_ALERT:

return ERR_SSL_PROTOCOL_ERROR;

default: {

@@ -894,6 +901,8 @@

return PR_HOST_UNREACHABLE_ERROR; // Also PR_NETWORK_UNREACHABLE_ERROR.

case ERR_ADDRESS_INVALID:

return PR_ADDRESS_NOT_AVAILABLE_ERROR;

+ case ERR_NAME_NOT_RESOLVED:

+ return PR_DIRECTORY_LOOKUP_ERROR;

default:

LOG(WARNING) << "MapErrorToNSS " << result

<< " mapped to PR_UNKNOWN_ERROR";

@@ -1223,8 +1232,8 @@

continue;

// Only check unexpired certs.

if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_TRUE) ==

- secCertTimeValid &&

- NSS_CmpCertChainWCANames(cert, ca_names) == SECSuccess) {

+ secCertTimeValid && (!ca_names->nnames ||

+ NSS_CmpCertChainWCANames(cert, ca_names) == SECSuccess)) {

privkey = PK11_FindKeyByAnyCert(cert, wincx);

if (privkey) {

X509Certificate* x509_cert = X509Certificate::CreateFromHandle(

@@ -1422,6 +1431,7 @@

}

PRErrorCode prerr = PR_GetError();

if (prerr == PR_WOULD_BLOCK_ERROR) {

+ LeaveFunction("");

return ERR_IO_PENDING;

}

LeaveFunction("");

« no previous file with comments | « no previous file | no next file » | no next file with comments »