| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 779 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 790 ssl_info->pkp_bypassed = pkp_bypassed_; | 790 ssl_info->pkp_bypassed = pkp_bypassed_; |
| 791 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; | 791 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
| 792 ssl_info->client_cert_sent = | 792 ssl_info->client_cert_sent = |
| 793 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | 793 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
| 794 ssl_info->channel_id_sent = channel_id_sent_; | 794 ssl_info->channel_id_sent = channel_id_sent_; |
| 795 ssl_info->token_binding_negotiated = tb_was_negotiated_; | 795 ssl_info->token_binding_negotiated = tb_was_negotiated_; |
| 796 ssl_info->token_binding_key_param = tb_negotiated_param_; | 796 ssl_info->token_binding_key_param = tb_negotiated_param_; |
| 797 ssl_info->pinning_failure_log = pinning_failure_log_; | 797 ssl_info->pinning_failure_log = pinning_failure_log_; |
| 798 | 798 |
| 799 AddCTInfoToSSLInfo(ssl_info); | 799 AddCTInfoToSSLInfo(ssl_info); |
| 800 ssl_info->ocsp = server_cert_verify_result_.ocsp; |
| 800 | 801 |
| 801 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | 802 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
| 802 CHECK(cipher); | 803 CHECK(cipher); |
| 803 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | 804 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
| 804 ssl_info->key_exchange_info = | 805 ssl_info->key_exchange_info = |
| 805 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); | 806 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); |
| 806 | 807 |
| 807 SSLConnectionStatusSetCipherSuite( | 808 SSLConnectionStatusSetCipherSuite( |
| 808 static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), | 809 static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), |
| 809 &ssl_info->connection_status); | 810 &ssl_info->connection_status); |
| (...skipping 540 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1350 // Do nothing. | 1351 // Do nothing. |
| 1351 break; | 1352 break; |
| 1352 } | 1353 } |
| 1353 } | 1354 } |
| 1354 | 1355 |
| 1355 if (result == OK) { | 1356 if (result == OK) { |
| 1356 // Only check Certificate Transparency if there were no other errors with | 1357 // Only check Certificate Transparency if there were no other errors with |
| 1357 // the connection. | 1358 // the connection. |
| 1358 VerifyCT(); | 1359 VerifyCT(); |
| 1359 | 1360 |
| 1361 ReportOCSP(); |
| 1362 |
| 1360 DCHECK(!certificate_verified_); | 1363 DCHECK(!certificate_verified_); |
| 1361 certificate_verified_ = true; | 1364 certificate_verified_ = true; |
| 1362 MaybeCacheSession(); | 1365 MaybeCacheSession(); |
| 1363 } | 1366 } |
| 1364 | 1367 |
| 1365 completed_connect_ = true; | 1368 completed_connect_ = true; |
| 1366 // Exit DoHandshakeLoop and return the result to the caller to Connect. | 1369 // Exit DoHandshakeLoop and return the result to the caller to Connect. |
| 1367 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 1370 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
| 1368 return result; | 1371 return result; |
| 1369 } | 1372 } |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1431 CERT_STATUS_CT_COMPLIANCE_FAILED; | 1434 CERT_STATUS_CT_COMPLIANCE_FAILED; |
| 1432 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1435 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 1433 } | 1436 } |
| 1434 } | 1437 } |
| 1435 ct_verify_result_.cert_policy_compliance = | 1438 ct_verify_result_.cert_policy_compliance = |
| 1436 policy_enforcer_->DoesConformToCertPolicy( | 1439 policy_enforcer_->DoesConformToCertPolicy( |
| 1437 server_cert_verify_result_.verified_cert.get(), | 1440 server_cert_verify_result_.verified_cert.get(), |
| 1438 ct_verify_result_.verified_scts, net_log_); | 1441 ct_verify_result_.verified_scts, net_log_); |
| 1439 } | 1442 } |
| 1440 | 1443 |
| 1444 void SSLClientSocketImpl::ReportOCSP() { |
| 1445 transport_security_state_->CheckExpectStaple( |
| 1446 host_and_port_, *server_cert_verify_result_.verified_cert, *server_cert_, |
| 1447 server_cert_verify_result_.is_issued_by_known_root, |
| 1448 server_cert_verify_result_.ocsp); |
| 1449 } |
| 1450 |
| 1441 void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { | 1451 void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { |
| 1442 int rv = DoHandshakeLoop(result); | 1452 int rv = DoHandshakeLoop(result); |
| 1443 if (rv != ERR_IO_PENDING) { | 1453 if (rv != ERR_IO_PENDING) { |
| 1444 LogConnectEndEvent(rv); | 1454 LogConnectEndEvent(rv); |
| 1445 DoConnectCallback(rv); | 1455 DoConnectCallback(rv); |
| 1446 } | 1456 } |
| 1447 } | 1457 } |
| 1448 | 1458 |
| 1449 void SSLClientSocketImpl::OnSendComplete(int result) { | 1459 void SSLClientSocketImpl::OnSendComplete(int result) { |
| 1450 if (next_handshake_state_ == STATE_HANDSHAKE) { | 1460 if (next_handshake_state_ == STATE_HANDSHAKE) { |
| (...skipping 862 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2313 if (rv != OK) { | 2323 if (rv != OK) { |
| 2314 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2324 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 2315 return; | 2325 return; |
| 2316 } | 2326 } |
| 2317 | 2327 |
| 2318 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2328 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
| 2319 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2329 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
| 2320 } | 2330 } |
| 2321 | 2331 |
| 2322 } // namespace net | 2332 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2040513003:
Implement Expect-Staple (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master