OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
(...skipping 779 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
790 ssl_info->pkp_bypassed = pkp_bypassed_; | 790 ssl_info->pkp_bypassed = pkp_bypassed_; |
791 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; | 791 ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes; |
792 ssl_info->client_cert_sent = | 792 ssl_info->client_cert_sent = |
793 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | 793 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
794 ssl_info->channel_id_sent = channel_id_sent_; | 794 ssl_info->channel_id_sent = channel_id_sent_; |
795 ssl_info->token_binding_negotiated = tb_was_negotiated_; | 795 ssl_info->token_binding_negotiated = tb_was_negotiated_; |
796 ssl_info->token_binding_key_param = tb_negotiated_param_; | 796 ssl_info->token_binding_key_param = tb_negotiated_param_; |
797 ssl_info->pinning_failure_log = pinning_failure_log_; | 797 ssl_info->pinning_failure_log = pinning_failure_log_; |
798 | 798 |
799 AddCTInfoToSSLInfo(ssl_info); | 799 AddCTInfoToSSLInfo(ssl_info); |
| 800 ssl_info->ocsp = server_cert_verify_result_.ocsp; |
800 | 801 |
801 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | 802 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
802 CHECK(cipher); | 803 CHECK(cipher); |
803 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | 804 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
804 ssl_info->key_exchange_info = | 805 ssl_info->key_exchange_info = |
805 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); | 806 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); |
806 | 807 |
807 SSLConnectionStatusSetCipherSuite( | 808 SSLConnectionStatusSetCipherSuite( |
808 static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), | 809 static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), |
809 &ssl_info->connection_status); | 810 &ssl_info->connection_status); |
(...skipping 540 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1350 // Do nothing. | 1351 // Do nothing. |
1351 break; | 1352 break; |
1352 } | 1353 } |
1353 } | 1354 } |
1354 | 1355 |
1355 if (result == OK) { | 1356 if (result == OK) { |
1356 // Only check Certificate Transparency if there were no other errors with | 1357 // Only check Certificate Transparency if there were no other errors with |
1357 // the connection. | 1358 // the connection. |
1358 VerifyCT(); | 1359 VerifyCT(); |
1359 | 1360 |
| 1361 ReportOCSP(); |
| 1362 |
1360 DCHECK(!certificate_verified_); | 1363 DCHECK(!certificate_verified_); |
1361 certificate_verified_ = true; | 1364 certificate_verified_ = true; |
1362 MaybeCacheSession(); | 1365 MaybeCacheSession(); |
1363 } | 1366 } |
1364 | 1367 |
1365 completed_connect_ = true; | 1368 completed_connect_ = true; |
1366 // Exit DoHandshakeLoop and return the result to the caller to Connect. | 1369 // Exit DoHandshakeLoop and return the result to the caller to Connect. |
1367 DCHECK_EQ(STATE_NONE, next_handshake_state_); | 1370 DCHECK_EQ(STATE_NONE, next_handshake_state_); |
1368 return result; | 1371 return result; |
1369 } | 1372 } |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1431 CERT_STATUS_CT_COMPLIANCE_FAILED; | 1434 CERT_STATUS_CT_COMPLIANCE_FAILED; |
1432 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1435 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
1433 } | 1436 } |
1434 } | 1437 } |
1435 ct_verify_result_.cert_policy_compliance = | 1438 ct_verify_result_.cert_policy_compliance = |
1436 policy_enforcer_->DoesConformToCertPolicy( | 1439 policy_enforcer_->DoesConformToCertPolicy( |
1437 server_cert_verify_result_.verified_cert.get(), | 1440 server_cert_verify_result_.verified_cert.get(), |
1438 ct_verify_result_.verified_scts, net_log_); | 1441 ct_verify_result_.verified_scts, net_log_); |
1439 } | 1442 } |
1440 | 1443 |
| 1444 void SSLClientSocketImpl::ReportOCSP() { |
| 1445 transport_security_state_->CheckExpectStaple( |
| 1446 host_and_port_, *server_cert_verify_result_.verified_cert, *server_cert_, |
| 1447 server_cert_verify_result_.is_issued_by_known_root, |
| 1448 server_cert_verify_result_.ocsp); |
| 1449 } |
| 1450 |
1441 void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { | 1451 void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { |
1442 int rv = DoHandshakeLoop(result); | 1452 int rv = DoHandshakeLoop(result); |
1443 if (rv != ERR_IO_PENDING) { | 1453 if (rv != ERR_IO_PENDING) { |
1444 LogConnectEndEvent(rv); | 1454 LogConnectEndEvent(rv); |
1445 DoConnectCallback(rv); | 1455 DoConnectCallback(rv); |
1446 } | 1456 } |
1447 } | 1457 } |
1448 | 1458 |
1449 void SSLClientSocketImpl::OnSendComplete(int result) { | 1459 void SSLClientSocketImpl::OnSendComplete(int result) { |
1450 if (next_handshake_state_ == STATE_HANDSHAKE) { | 1460 if (next_handshake_state_ == STATE_HANDSHAKE) { |
(...skipping 862 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2313 if (rv != OK) { | 2323 if (rv != OK) { |
2314 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2324 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
2315 return; | 2325 return; |
2316 } | 2326 } |
2317 | 2327 |
2318 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2328 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
2319 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2329 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
2320 } | 2330 } |
2321 | 2331 |
2322 } // namespace net | 2332 } // namespace net |
OLD | NEW |