OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
(...skipping 572 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
583 cert_authorities_.push_back(std::string( | 583 cert_authorities_.push_back(std::string( |
584 reinterpret_cast<const char*>(str), | 584 reinterpret_cast<const char*>(str), |
585 static_cast<size_t>(length))); | 585 static_cast<size_t>(length))); |
586 OPENSSL_free(str); | 586 OPENSSL_free(str); |
587 } | 587 } |
588 | 588 |
589 return -1; // Suspends handshake. | 589 return -1; // Suspends handshake. |
590 } | 590 } |
591 | 591 |
592 // Second pass: a client certificate should have been selected. | 592 // Second pass: a client certificate should have been selected. |
593 if (ssl_config_.client_cert) { | 593 if (ssl_config_.client_cert.get()) { |
594 // A note about ownership: FetchClientCertPrivateKey() increments | 594 // A note about ownership: FetchClientCertPrivateKey() increments |
595 // the reference count of the EVP_PKEY. Ownership of this reference | 595 // the reference count of the EVP_PKEY. Ownership of this reference |
596 // is passed directly to OpenSSL, which will release the reference | 596 // is passed directly to OpenSSL, which will release the reference |
597 // using EVP_PKEY_free() when the SSL object is destroyed. | 597 // using EVP_PKEY_free() when the SSL object is destroyed. |
598 OpenSSLClientKeyStore::ScopedEVP_PKEY privkey; | 598 OpenSSLClientKeyStore::ScopedEVP_PKEY privkey; |
599 if (OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey( | 599 if (OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey( |
600 ssl_config_.client_cert.get(), &privkey)) { | 600 ssl_config_.client_cert.get(), &privkey)) { |
601 // TODO(joth): (copied from NSS) We should wait for server certificate | 601 // TODO(joth): (copied from NSS) We should wait for server certificate |
602 // verification before sending our credentials. See http://crbug.com/13934 | 602 // verification before sending our credentials. See http://crbug.com/13934 |
603 *x509 = X509Certificate::DupOSCertHandle( | 603 *x509 = X509Certificate::DupOSCertHandle( |
604 ssl_config_.client_cert->os_cert_handle()); | 604 ssl_config_.client_cert->os_cert_handle()); |
605 *pkey = privkey.release(); | 605 *pkey = privkey.release(); |
606 return 1; | 606 return 1; |
607 } | 607 } |
608 LOG(WARNING) << "Client cert found without private key"; | 608 LOG(WARNING) << "Client cert found without private key"; |
609 } | 609 } |
610 | 610 |
611 // Send no client certificate. | 611 // Send no client certificate. |
612 return 0; | 612 return 0; |
613 } | 613 } |
614 | 614 |
615 // SSLClientSocket methods | 615 // SSLClientSocket methods |
616 | 616 |
617 bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { | 617 bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { |
618 ssl_info->Reset(); | 618 ssl_info->Reset(); |
619 if (!server_cert_) | 619 if (!server_cert_.get()) |
620 return false; | 620 return false; |
621 | 621 |
622 ssl_info->cert = server_cert_verify_result_.verified_cert; | 622 ssl_info->cert = server_cert_verify_result_.verified_cert; |
623 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 623 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
624 ssl_info->is_issued_by_known_root = | 624 ssl_info->is_issued_by_known_root = |
625 server_cert_verify_result_.is_issued_by_known_root; | 625 server_cert_verify_result_.is_issued_by_known_root; |
626 ssl_info->public_key_hashes = | 626 ssl_info->public_key_hashes = |
627 server_cert_verify_result_.public_key_hashes; | 627 server_cert_verify_result_.public_key_hashes; |
628 ssl_info->client_cert_sent = | 628 ssl_info->client_cert_sent = |
629 ssl_config_.send_client_cert && ssl_config_.client_cert; | 629 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
630 ssl_info->channel_id_sent = WasChannelIDSent(); | 630 ssl_info->channel_id_sent = WasChannelIDSent(); |
631 | 631 |
632 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | 632 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
633 CHECK(cipher); | 633 CHECK(cipher); |
634 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | 634 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
635 const COMP_METHOD* compression = SSL_get_current_compression(ssl_); | 635 const COMP_METHOD* compression = SSL_get_current_compression(ssl_); |
636 | 636 |
637 ssl_info->connection_status = EncodeSSLConnectionStatus( | 637 ssl_info->connection_status = EncodeSSLConnectionStatus( |
638 SSL_CIPHER_get_id(cipher), | 638 SSL_CIPHER_get_id(cipher), |
639 compression ? compression->type : 0, | 639 compression ? compression->type : 0, |
(...skipping 280 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
920 } | 920 } |
921 | 921 |
922 npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen); | 922 npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen); |
923 server_protos_.assign(reinterpret_cast<const char*>(in), inlen); | 923 server_protos_.assign(reinterpret_cast<const char*>(in), inlen); |
924 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; | 924 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; |
925 #endif | 925 #endif |
926 return SSL_TLSEXT_ERR_OK; | 926 return SSL_TLSEXT_ERR_OK; |
927 } | 927 } |
928 | 928 |
929 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { | 929 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { |
930 DCHECK(server_cert_); | 930 DCHECK(server_cert_.get()); |
931 GotoState(STATE_VERIFY_CERT_COMPLETE); | 931 GotoState(STATE_VERIFY_CERT_COMPLETE); |
932 | 932 |
933 CertStatus cert_status; | 933 CertStatus cert_status; |
934 if (ssl_config_.IsAllowedBadCert(server_cert_, &cert_status)) { | 934 if (ssl_config_.IsAllowedBadCert(server_cert_.get(), &cert_status)) { |
935 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | 935 VLOG(1) << "Received an expected bad cert with status: " << cert_status; |
936 server_cert_verify_result_.Reset(); | 936 server_cert_verify_result_.Reset(); |
937 server_cert_verify_result_.cert_status = cert_status; | 937 server_cert_verify_result_.cert_status = cert_status; |
938 server_cert_verify_result_.verified_cert = server_cert_; | 938 server_cert_verify_result_.verified_cert = server_cert_; |
939 return OK; | 939 return OK; |
940 } | 940 } |
941 | 941 |
942 int flags = 0; | 942 int flags = 0; |
943 if (ssl_config_.rev_checking_enabled) | 943 if (ssl_config_.rev_checking_enabled) |
944 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | 944 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; |
945 if (ssl_config_.verify_ev_cert) | 945 if (ssl_config_.verify_ev_cert) |
946 flags |= CertVerifier::VERIFY_EV_CERT; | 946 flags |= CertVerifier::VERIFY_EV_CERT; |
947 if (ssl_config_.cert_io_enabled) | 947 if (ssl_config_.cert_io_enabled) |
948 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 948 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
949 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | 949 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
950 return verifier_->Verify( | 950 return verifier_->Verify( |
951 server_cert_, host_and_port_.host(), flags, | 951 server_cert_.get(), |
| 952 host_and_port_.host(), |
| 953 flags, |
952 NULL /* no CRL set */, | 954 NULL /* no CRL set */, |
953 &server_cert_verify_result_, | 955 &server_cert_verify_result_, |
954 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | 956 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, |
955 base::Unretained(this)), | 957 base::Unretained(this)), |
956 net_log_); | 958 net_log_); |
957 } | 959 } |
958 | 960 |
959 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { | 961 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { |
960 verifier_.reset(); | 962 verifier_.reset(); |
961 | 963 |
962 if (result == OK) { | 964 if (result == OK) { |
963 // TODO(joth): Work out if we need to remember the intermediate CA certs | 965 // TODO(joth): Work out if we need to remember the intermediate CA certs |
964 // when the server sends them to us, and do so here. | 966 // when the server sends them to us, and do so here. |
965 } else { | 967 } else { |
966 DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result) | 968 DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result) |
967 << " (" << result << ")"; | 969 << " (" << result << ")"; |
968 } | 970 } |
969 | 971 |
970 completed_handshake_ = true; | 972 completed_handshake_ = true; |
971 // Exit DoHandshakeLoop and return the result to the caller to Connect. | 973 // Exit DoHandshakeLoop and return the result to the caller to Connect. |
972 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 974 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
973 return result; | 975 return result; |
974 } | 976 } |
975 | 977 |
976 X509Certificate* SSLClientSocketOpenSSL::UpdateServerCert() { | 978 X509Certificate* SSLClientSocketOpenSSL::UpdateServerCert() { |
977 if (server_cert_) | 979 if (server_cert_.get()) |
978 return server_cert_; | 980 return server_cert_.get(); |
979 | 981 |
980 crypto::ScopedOpenSSL<X509, X509_free> cert(SSL_get_peer_certificate(ssl_)); | 982 crypto::ScopedOpenSSL<X509, X509_free> cert(SSL_get_peer_certificate(ssl_)); |
981 if (!cert.get()) { | 983 if (!cert.get()) { |
982 LOG(WARNING) << "SSL_get_peer_certificate returned NULL"; | 984 LOG(WARNING) << "SSL_get_peer_certificate returned NULL"; |
983 return NULL; | 985 return NULL; |
984 } | 986 } |
985 | 987 |
986 // Unlike SSL_get_peer_certificate, SSL_get_peer_cert_chain does not | 988 // Unlike SSL_get_peer_certificate, SSL_get_peer_cert_chain does not |
987 // increment the reference so sk_X509_free does not need to be called. | 989 // increment the reference so sk_X509_free does not need to be called. |
988 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_); | 990 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_); |
989 X509Certificate::OSCertHandles intermediates; | 991 X509Certificate::OSCertHandles intermediates; |
990 if (chain) { | 992 if (chain) { |
991 for (int i = 0; i < sk_X509_num(chain); ++i) | 993 for (int i = 0; i < sk_X509_num(chain); ++i) |
992 intermediates.push_back(sk_X509_value(chain, i)); | 994 intermediates.push_back(sk_X509_value(chain, i)); |
993 } | 995 } |
994 server_cert_ = X509Certificate::CreateFromHandle(cert.get(), intermediates); | 996 server_cert_ = X509Certificate::CreateFromHandle(cert.get(), intermediates); |
995 DCHECK(server_cert_); | 997 DCHECK(server_cert_.get()); |
996 | 998 |
997 return server_cert_; | 999 return server_cert_.get(); |
998 } | 1000 } |
999 | 1001 |
1000 bool SSLClientSocketOpenSSL::DoTransportIO() { | 1002 bool SSLClientSocketOpenSSL::DoTransportIO() { |
1001 bool network_moved = false; | 1003 bool network_moved = false; |
1002 int rv; | 1004 int rv; |
1003 // Read and write as much data as possible. The loop is necessary because | 1005 // Read and write as much data as possible. The loop is necessary because |
1004 // Write() may return synchronously. | 1006 // Write() may return synchronously. |
1005 do { | 1007 do { |
1006 rv = BufferSend(); | 1008 rv = BufferSend(); |
1007 if (rv != ERR_IO_PENDING && rv != 0) | 1009 if (rv != ERR_IO_PENDING && rv != 0) |
1008 network_moved = true; | 1010 network_moved = true; |
1009 } while (rv > 0); | 1011 } while (rv > 0); |
1010 if (!transport_recv_eof_ && BufferRecv() != ERR_IO_PENDING) | 1012 if (!transport_recv_eof_ && BufferRecv() != ERR_IO_PENDING) |
1011 network_moved = true; | 1013 network_moved = true; |
1012 return network_moved; | 1014 return network_moved; |
1013 } | 1015 } |
1014 | 1016 |
1015 int SSLClientSocketOpenSSL::BufferSend(void) { | 1017 int SSLClientSocketOpenSSL::BufferSend(void) { |
1016 if (transport_send_busy_) | 1018 if (transport_send_busy_) |
1017 return ERR_IO_PENDING; | 1019 return ERR_IO_PENDING; |
1018 | 1020 |
1019 if (!send_buffer_) { | 1021 if (!send_buffer_.get()) { |
1020 // Get a fresh send buffer out of the send BIO. | 1022 // Get a fresh send buffer out of the send BIO. |
1021 size_t max_read = BIO_ctrl_pending(transport_bio_); | 1023 size_t max_read = BIO_ctrl_pending(transport_bio_); |
1022 if (!max_read) | 1024 if (!max_read) |
1023 return 0; // Nothing pending in the OpenSSL write BIO. | 1025 return 0; // Nothing pending in the OpenSSL write BIO. |
1024 send_buffer_ = new DrainableIOBuffer(new IOBuffer(max_read), max_read); | 1026 send_buffer_ = new DrainableIOBuffer(new IOBuffer(max_read), max_read); |
1025 int read_bytes = BIO_read(transport_bio_, send_buffer_->data(), max_read); | 1027 int read_bytes = BIO_read(transport_bio_, send_buffer_->data(), max_read); |
1026 DCHECK_GT(read_bytes, 0); | 1028 DCHECK_GT(read_bytes, 0); |
1027 CHECK_EQ(static_cast<int>(max_read), read_bytes); | 1029 CHECK_EQ(static_cast<int>(max_read), read_bytes); |
1028 } | 1030 } |
1029 | 1031 |
1030 int rv = transport_->socket()->Write( | 1032 int rv = transport_->socket()->Write( |
1031 send_buffer_, | 1033 send_buffer_.get(), |
1032 send_buffer_->BytesRemaining(), | 1034 send_buffer_->BytesRemaining(), |
1033 base::Bind(&SSLClientSocketOpenSSL::BufferSendComplete, | 1035 base::Bind(&SSLClientSocketOpenSSL::BufferSendComplete, |
1034 base::Unretained(this))); | 1036 base::Unretained(this))); |
1035 if (rv == ERR_IO_PENDING) { | 1037 if (rv == ERR_IO_PENDING) { |
1036 transport_send_busy_ = true; | 1038 transport_send_busy_ = true; |
1037 } else { | 1039 } else { |
1038 TransportWriteComplete(rv); | 1040 TransportWriteComplete(rv); |
1039 } | 1041 } |
1040 return rv; | 1042 return rv; |
1041 } | 1043 } |
1042 | 1044 |
1043 void SSLClientSocketOpenSSL::BufferSendComplete(int result) { | 1045 void SSLClientSocketOpenSSL::BufferSendComplete(int result) { |
1044 transport_send_busy_ = false; | 1046 transport_send_busy_ = false; |
1045 TransportWriteComplete(result); | 1047 TransportWriteComplete(result); |
1046 OnSendComplete(result); | 1048 OnSendComplete(result); |
1047 } | 1049 } |
1048 | 1050 |
1049 void SSLClientSocketOpenSSL::TransportWriteComplete(int result) { | 1051 void SSLClientSocketOpenSSL::TransportWriteComplete(int result) { |
1050 DCHECK(ERR_IO_PENDING != result); | 1052 DCHECK(ERR_IO_PENDING != result); |
1051 if (result < 0) { | 1053 if (result < 0) { |
1052 // Got a socket write error; close the BIO to indicate this upward. | 1054 // Got a socket write error; close the BIO to indicate this upward. |
1053 DVLOG(1) << "TransportWriteComplete error " << result; | 1055 DVLOG(1) << "TransportWriteComplete error " << result; |
1054 (void)BIO_shutdown_wr(transport_bio_); | 1056 (void)BIO_shutdown_wr(transport_bio_); |
1055 BIO_set_mem_eof_return(transport_bio_, 0); | 1057 BIO_set_mem_eof_return(transport_bio_, 0); |
1056 send_buffer_ = NULL; | 1058 send_buffer_ = NULL; |
1057 } else { | 1059 } else { |
1058 DCHECK(send_buffer_); | 1060 DCHECK(send_buffer_.get()); |
1059 send_buffer_->DidConsume(result); | 1061 send_buffer_->DidConsume(result); |
1060 DCHECK_GE(send_buffer_->BytesRemaining(), 0); | 1062 DCHECK_GE(send_buffer_->BytesRemaining(), 0); |
1061 if (send_buffer_->BytesRemaining() <= 0) | 1063 if (send_buffer_->BytesRemaining() <= 0) |
1062 send_buffer_ = NULL; | 1064 send_buffer_ = NULL; |
1063 } | 1065 } |
1064 } | 1066 } |
1065 | 1067 |
1066 int SSLClientSocketOpenSSL::BufferRecv(void) { | 1068 int SSLClientSocketOpenSSL::BufferRecv(void) { |
1067 if (transport_recv_busy_) | 1069 if (transport_recv_busy_) |
1068 return ERR_IO_PENDING; | 1070 return ERR_IO_PENDING; |
(...skipping 15 matching lines...) Expand all Loading... |
1084 // (and constantly allocating new IOBuffers), a single Read() request to | 1086 // (and constantly allocating new IOBuffers), a single Read() request to |
1085 // fill |transport_bio_| is issued. As long as an SSL client socket cannot | 1087 // fill |transport_bio_| is issued. As long as an SSL client socket cannot |
1086 // be gracefully shutdown (via SSL close alerts) and re-used for non-SSL | 1088 // be gracefully shutdown (via SSL close alerts) and re-used for non-SSL |
1087 // traffic, this over-subscribed Read()ing will not cause issues. | 1089 // traffic, this over-subscribed Read()ing will not cause issues. |
1088 size_t max_write = BIO_ctrl_get_write_guarantee(transport_bio_); | 1090 size_t max_write = BIO_ctrl_get_write_guarantee(transport_bio_); |
1089 if (!max_write) | 1091 if (!max_write) |
1090 return ERR_IO_PENDING; | 1092 return ERR_IO_PENDING; |
1091 | 1093 |
1092 recv_buffer_ = new IOBuffer(max_write); | 1094 recv_buffer_ = new IOBuffer(max_write); |
1093 int rv = transport_->socket()->Read( | 1095 int rv = transport_->socket()->Read( |
1094 recv_buffer_, max_write, | 1096 recv_buffer_.get(), |
| 1097 max_write, |
1095 base::Bind(&SSLClientSocketOpenSSL::BufferRecvComplete, | 1098 base::Bind(&SSLClientSocketOpenSSL::BufferRecvComplete, |
1096 base::Unretained(this))); | 1099 base::Unretained(this))); |
1097 if (rv == ERR_IO_PENDING) { | 1100 if (rv == ERR_IO_PENDING) { |
1098 transport_recv_busy_ = true; | 1101 transport_recv_busy_ = true; |
1099 } else { | 1102 } else { |
1100 TransportReadComplete(rv); | 1103 TransportReadComplete(rv); |
1101 } | 1104 } |
1102 return rv; | 1105 return rv; |
1103 } | 1106 } |
1104 | 1107 |
1105 void SSLClientSocketOpenSSL::BufferRecvComplete(int result) { | 1108 void SSLClientSocketOpenSSL::BufferRecvComplete(int result) { |
1106 TransportReadComplete(result); | 1109 TransportReadComplete(result); |
1107 OnRecvComplete(result); | 1110 OnRecvComplete(result); |
1108 } | 1111 } |
1109 | 1112 |
1110 void SSLClientSocketOpenSSL::TransportReadComplete(int result) { | 1113 void SSLClientSocketOpenSSL::TransportReadComplete(int result) { |
1111 DCHECK(ERR_IO_PENDING != result); | 1114 DCHECK(ERR_IO_PENDING != result); |
1112 if (result <= 0) { | 1115 if (result <= 0) { |
1113 DVLOG(1) << "TransportReadComplete result " << result; | 1116 DVLOG(1) << "TransportReadComplete result " << result; |
1114 // Received 0 (end of file) or an error. Either way, bubble it up to the | 1117 // Received 0 (end of file) or an error. Either way, bubble it up to the |
1115 // SSL layer via the BIO. TODO(joth): consider stashing the error code, to | 1118 // SSL layer via the BIO. TODO(joth): consider stashing the error code, to |
1116 // relay up to the SSL socket client (i.e. via DoReadCallback). | 1119 // relay up to the SSL socket client (i.e. via DoReadCallback). |
1117 if (result == 0) | 1120 if (result == 0) |
1118 transport_recv_eof_ = true; | 1121 transport_recv_eof_ = true; |
1119 BIO_set_mem_eof_return(transport_bio_, 0); | 1122 BIO_set_mem_eof_return(transport_bio_, 0); |
1120 (void)BIO_shutdown_wr(transport_bio_); | 1123 (void)BIO_shutdown_wr(transport_bio_); |
1121 } else { | 1124 } else { |
1122 DCHECK(recv_buffer_); | 1125 DCHECK(recv_buffer_.get()); |
1123 int ret = BIO_write(transport_bio_, recv_buffer_->data(), result); | 1126 int ret = BIO_write(transport_bio_, recv_buffer_->data(), result); |
1124 // A write into a memory BIO should always succeed. | 1127 // A write into a memory BIO should always succeed. |
1125 CHECK_EQ(result, ret); | 1128 CHECK_EQ(result, ret); |
1126 } | 1129 } |
1127 recv_buffer_ = NULL; | 1130 recv_buffer_ = NULL; |
1128 transport_recv_busy_ = false; | 1131 transport_recv_busy_ = false; |
1129 } | 1132 } |
1130 | 1133 |
1131 void SSLClientSocketOpenSSL::DoConnectCallback(int rv) { | 1134 void SSLClientSocketOpenSSL::DoConnectCallback(int rv) { |
1132 if (!user_connect_callback_.is_null()) { | 1135 if (!user_connect_callback_.is_null()) { |
(...skipping 17 matching lines...) Expand all Loading... |
1150 OnHandshakeIOComplete(result); | 1153 OnHandshakeIOComplete(result); |
1151 return; | 1154 return; |
1152 } | 1155 } |
1153 | 1156 |
1154 // OnSendComplete may need to call DoPayloadRead while the renegotiation | 1157 // OnSendComplete may need to call DoPayloadRead while the renegotiation |
1155 // handshake is in progress. | 1158 // handshake is in progress. |
1156 int rv_read = ERR_IO_PENDING; | 1159 int rv_read = ERR_IO_PENDING; |
1157 int rv_write = ERR_IO_PENDING; | 1160 int rv_write = ERR_IO_PENDING; |
1158 bool network_moved; | 1161 bool network_moved; |
1159 do { | 1162 do { |
1160 if (user_read_buf_) | 1163 if (user_read_buf_.get()) |
1161 rv_read = DoPayloadRead(); | 1164 rv_read = DoPayloadRead(); |
1162 if (user_write_buf_) | 1165 if (user_write_buf_.get()) |
1163 rv_write = DoPayloadWrite(); | 1166 rv_write = DoPayloadWrite(); |
1164 network_moved = DoTransportIO(); | 1167 network_moved = DoTransportIO(); |
1165 } while (rv_read == ERR_IO_PENDING && | 1168 } while (rv_read == ERR_IO_PENDING && rv_write == ERR_IO_PENDING && |
1166 rv_write == ERR_IO_PENDING && | 1169 (user_read_buf_.get() || user_write_buf_.get()) && network_moved); |
1167 (user_read_buf_ || user_write_buf_) && | |
1168 network_moved); | |
1169 | 1170 |
1170 // Performing the Read callback may cause |this| to be deleted. If this | 1171 // Performing the Read callback may cause |this| to be deleted. If this |
1171 // happens, the Write callback should not be invoked. Guard against this by | 1172 // happens, the Write callback should not be invoked. Guard against this by |
1172 // holding a WeakPtr to |this| and ensuring it's still valid. | 1173 // holding a WeakPtr to |this| and ensuring it's still valid. |
1173 base::WeakPtr<SSLClientSocketOpenSSL> guard(weak_factory_.GetWeakPtr()); | 1174 base::WeakPtr<SSLClientSocketOpenSSL> guard(weak_factory_.GetWeakPtr()); |
1174 if (user_read_buf_ && rv_read != ERR_IO_PENDING) | 1175 if (user_read_buf_.get() && rv_read != ERR_IO_PENDING) |
1175 DoReadCallback(rv_read); | 1176 DoReadCallback(rv_read); |
1176 | 1177 |
1177 if (!guard.get()) | 1178 if (!guard.get()) |
1178 return; | 1179 return; |
1179 | 1180 |
1180 if (user_write_buf_ && rv_write != ERR_IO_PENDING) | 1181 if (user_write_buf_.get() && rv_write != ERR_IO_PENDING) |
1181 DoWriteCallback(rv_write); | 1182 DoWriteCallback(rv_write); |
1182 } | 1183 } |
1183 | 1184 |
1184 void SSLClientSocketOpenSSL::OnRecvComplete(int result) { | 1185 void SSLClientSocketOpenSSL::OnRecvComplete(int result) { |
1185 if (next_handshake_state_ == STATE_HANDSHAKE) { | 1186 if (next_handshake_state_ == STATE_HANDSHAKE) { |
1186 // In handshake phase. | 1187 // In handshake phase. |
1187 OnHandshakeIOComplete(result); | 1188 OnHandshakeIOComplete(result); |
1188 return; | 1189 return; |
1189 } | 1190 } |
1190 | 1191 |
1191 // Network layer received some data, check if client requested to read | 1192 // Network layer received some data, check if client requested to read |
1192 // decrypted data. | 1193 // decrypted data. |
1193 if (!user_read_buf_) | 1194 if (!user_read_buf_.get()) |
1194 return; | 1195 return; |
1195 | 1196 |
1196 int rv = DoReadLoop(result); | 1197 int rv = DoReadLoop(result); |
1197 if (rv != ERR_IO_PENDING) | 1198 if (rv != ERR_IO_PENDING) |
1198 DoReadCallback(rv); | 1199 DoReadCallback(rv); |
1199 } | 1200 } |
1200 | 1201 |
1201 bool SSLClientSocketOpenSSL::IsConnected() const { | 1202 bool SSLClientSocketOpenSSL::IsConnected() const { |
1202 // If the handshake has not yet completed. | 1203 // If the handshake has not yet completed. |
1203 if (!completed_handshake_) | 1204 if (!completed_handshake_) |
1204 return false; | 1205 return false; |
1205 // If an asynchronous operation is still pending. | 1206 // If an asynchronous operation is still pending. |
1206 if (user_read_buf_ || user_write_buf_) | 1207 if (user_read_buf_.get() || user_write_buf_.get()) |
1207 return true; | 1208 return true; |
1208 | 1209 |
1209 return transport_->socket()->IsConnected(); | 1210 return transport_->socket()->IsConnected(); |
1210 } | 1211 } |
1211 | 1212 |
1212 bool SSLClientSocketOpenSSL::IsConnectedAndIdle() const { | 1213 bool SSLClientSocketOpenSSL::IsConnectedAndIdle() const { |
1213 // If the handshake has not yet completed. | 1214 // If the handshake has not yet completed. |
1214 if (!completed_handshake_) | 1215 if (!completed_handshake_) |
1215 return false; | 1216 return false; |
1216 // If an asynchronous operation is still pending. | 1217 // If an asynchronous operation is still pending. |
1217 if (user_read_buf_ || user_write_buf_) | 1218 if (user_read_buf_.get() || user_write_buf_.get()) |
1218 return false; | 1219 return false; |
1219 // If there is data waiting to be sent, or data read from the network that | 1220 // If there is data waiting to be sent, or data read from the network that |
1220 // has not yet been consumed. | 1221 // has not yet been consumed. |
1221 if (BIO_ctrl_pending(transport_bio_) > 0 || | 1222 if (BIO_ctrl_pending(transport_bio_) > 0 || |
1222 BIO_ctrl_wpending(transport_bio_) > 0) { | 1223 BIO_ctrl_wpending(transport_bio_) > 0) { |
1223 return false; | 1224 return false; |
1224 } | 1225 } |
1225 | 1226 |
1226 return transport_->socket()->IsConnectedAndIdle(); | 1227 return transport_->socket()->IsConnectedAndIdle(); |
1227 } | 1228 } |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1419 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 1420 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
1420 user_write_buf_->data()); | 1421 user_write_buf_->data()); |
1421 return rv; | 1422 return rv; |
1422 } | 1423 } |
1423 | 1424 |
1424 int err = SSL_get_error(ssl_, rv); | 1425 int err = SSL_get_error(ssl_, rv); |
1425 return MapOpenSSLError(err, err_tracer); | 1426 return MapOpenSSLError(err, err_tracer); |
1426 } | 1427 } |
1427 | 1428 |
1428 } // namespace net | 1429 } // namespace net |
OLD | NEW |