OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
(...skipping 508 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
519 next_handshake_state_(STATE_NONE), | 519 next_handshake_state_(STATE_NONE), |
520 disconnected_(false), | 520 disconnected_(false), |
521 npn_status_(kNextProtoUnsupported), | 521 npn_status_(kNextProtoUnsupported), |
522 channel_id_sent_(false), | 522 channel_id_sent_(false), |
523 session_pending_(false), | 523 session_pending_(false), |
524 certificate_verified_(false), | 524 certificate_verified_(false), |
525 ssl_failure_state_(SSL_FAILURE_NONE), | 525 ssl_failure_state_(SSL_FAILURE_NONE), |
526 signature_result_(kNoPendingResult), | 526 signature_result_(kNoPendingResult), |
527 transport_security_state_(context.transport_security_state), | 527 transport_security_state_(context.transport_security_state), |
528 policy_enforcer_(context.ct_policy_enforcer), | 528 policy_enforcer_(context.ct_policy_enforcer), |
| 529 pkp_bypassed_(false), |
529 net_log_(transport_->socket()->NetLog()), | 530 net_log_(transport_->socket()->NetLog()), |
530 weak_factory_(this) { | 531 weak_factory_(this) { |
531 DCHECK(cert_verifier_); | 532 DCHECK(cert_verifier_); |
532 } | 533 } |
533 | 534 |
534 SSLClientSocketImpl::~SSLClientSocketImpl() { | 535 SSLClientSocketImpl::~SSLClientSocketImpl() { |
535 Disconnect(); | 536 Disconnect(); |
536 } | 537 } |
537 | 538 |
538 #if !defined(OS_NACL) | 539 #if !defined(OS_NACL) |
(...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
792 bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { | 793 bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) { |
793 ssl_info->Reset(); | 794 ssl_info->Reset(); |
794 if (server_cert_chain_->empty()) | 795 if (server_cert_chain_->empty()) |
795 return false; | 796 return false; |
796 | 797 |
797 ssl_info->cert = server_cert_verify_result_.verified_cert; | 798 ssl_info->cert = server_cert_verify_result_.verified_cert; |
798 ssl_info->unverified_cert = server_cert_; | 799 ssl_info->unverified_cert = server_cert_; |
799 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 800 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
800 ssl_info->is_issued_by_known_root = | 801 ssl_info->is_issued_by_known_root = |
801 server_cert_verify_result_.is_issued_by_known_root; | 802 server_cert_verify_result_.is_issued_by_known_root; |
| 803 ssl_info->pkp_bypassed = pkp_bypassed_; |
802 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; | 804 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
803 ssl_info->client_cert_sent = | 805 ssl_info->client_cert_sent = |
804 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | 806 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
805 ssl_info->channel_id_sent = channel_id_sent_; | 807 ssl_info->channel_id_sent = channel_id_sent_; |
806 ssl_info->token_binding_negotiated = tb_was_negotiated_; | 808 ssl_info->token_binding_negotiated = tb_was_negotiated_; |
807 ssl_info->token_binding_key_param = tb_negotiated_param_; | 809 ssl_info->token_binding_key_param = tb_negotiated_param_; |
808 ssl_info->pinning_failure_log = pinning_failure_log_; | 810 ssl_info->pinning_failure_log = pinning_failure_log_; |
809 | 811 |
810 AddCTInfoToSSLInfo(ssl_info); | 812 AddCTInfoToSSLInfo(ssl_info); |
811 | 813 |
(...skipping 532 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1344 | 1346 |
1345 const CertStatus cert_status = server_cert_verify_result_.cert_status; | 1347 const CertStatus cert_status = server_cert_verify_result_.cert_status; |
1346 if (transport_security_state_ && | 1348 if (transport_security_state_ && |
1347 (result == OK || | 1349 (result == OK || |
1348 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 1350 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
1349 !transport_security_state_->CheckPublicKeyPins( | 1351 !transport_security_state_->CheckPublicKeyPins( |
1350 host_and_port_, server_cert_verify_result_.is_issued_by_known_root, | 1352 host_and_port_, server_cert_verify_result_.is_issued_by_known_root, |
1351 server_cert_verify_result_.public_key_hashes, server_cert_.get(), | 1353 server_cert_verify_result_.public_key_hashes, server_cert_.get(), |
1352 server_cert_verify_result_.verified_cert.get(), | 1354 server_cert_verify_result_.verified_cert.get(), |
1353 TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) { | 1355 TransportSecurityState::ENABLE_PIN_REPORTS, &pinning_failure_log_)) { |
1354 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 1356 if (server_cert_verify_result_.is_issued_by_known_root) |
| 1357 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 1358 else |
| 1359 pkp_bypassed_ = true; |
1355 } | 1360 } |
1356 | 1361 |
1357 if (result == OK) { | 1362 if (result == OK) { |
1358 // Only check Certificate Transparency if there were no other errors with | 1363 // Only check Certificate Transparency if there were no other errors with |
1359 // the connection. | 1364 // the connection. |
1360 VerifyCT(); | 1365 VerifyCT(); |
1361 | 1366 |
1362 DCHECK(!certificate_verified_); | 1367 DCHECK(!certificate_verified_); |
1363 certificate_verified_ = true; | 1368 certificate_verified_ = true; |
1364 MaybeCacheSession(); | 1369 MaybeCacheSession(); |
(...skipping 966 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2331 if (rv != OK) { | 2336 if (rv != OK) { |
2332 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2337 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
2333 return; | 2338 return; |
2334 } | 2339 } |
2335 | 2340 |
2336 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2341 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
2337 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2342 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
2338 } | 2343 } |
2339 | 2344 |
2340 } // namespace net | 2345 } // namespace net |
OLD | NEW |