| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 499 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 510 ssl_(NULL), | 510 ssl_(NULL), |
| 511 transport_bio_(NULL), | 511 transport_bio_(NULL), |
| 512 transport_(std::move(transport_socket)), | 512 transport_(std::move(transport_socket)), |
| 513 host_and_port_(host_and_port), | 513 host_and_port_(host_and_port), |
| 514 ssl_config_(ssl_config), | 514 ssl_config_(ssl_config), |
| 515 ssl_session_cache_shard_(context.ssl_session_cache_shard), | 515 ssl_session_cache_shard_(context.ssl_session_cache_shard), |
| 516 next_handshake_state_(STATE_NONE), | 516 next_handshake_state_(STATE_NONE), |
| 517 disconnected_(false), | 517 disconnected_(false), |
| 518 npn_status_(kNextProtoUnsupported), | 518 npn_status_(kNextProtoUnsupported), |
| 519 channel_id_sent_(false), | 519 channel_id_sent_(false), |
| 520 session_pending_(false), | |
| 521 certificate_verified_(false), | 520 certificate_verified_(false), |
| 522 signature_result_(kNoPendingResult), | 521 signature_result_(kNoPendingResult), |
| 523 transport_security_state_(context.transport_security_state), | 522 transport_security_state_(context.transport_security_state), |
| 524 policy_enforcer_(context.ct_policy_enforcer), | 523 policy_enforcer_(context.ct_policy_enforcer), |
| 525 pkp_bypassed_(false), | 524 pkp_bypassed_(false), |
| 526 net_log_(transport_->socket()->NetLog()), | 525 net_log_(transport_->socket()->NetLog()), |
| 527 weak_factory_(this) { | 526 weak_factory_(this) { |
| 528 CHECK(cert_verifier_); | 527 CHECK(cert_verifier_); |
| 529 CHECK(transport_security_state_); | 528 CHECK(transport_security_state_); |
| 530 CHECK(cert_transparency_verifier_); | 529 CHECK(cert_transparency_verifier_); |
| (...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 701 cert_authorities_.clear(); | 700 cert_authorities_.clear(); |
| 702 cert_key_types_.clear(); | 701 cert_key_types_.clear(); |
| 703 | 702 |
| 704 start_cert_verification_time_ = base::TimeTicks(); | 703 start_cert_verification_time_ = base::TimeTicks(); |
| 705 | 704 |
| 706 npn_status_ = kNextProtoUnsupported; | 705 npn_status_ = kNextProtoUnsupported; |
| 707 npn_proto_.clear(); | 706 npn_proto_.clear(); |
| 708 | 707 |
| 709 channel_id_sent_ = false; | 708 channel_id_sent_ = false; |
| 710 tb_was_negotiated_ = false; | 709 tb_was_negotiated_ = false; |
| 711 session_pending_ = false; | 710 pending_session_ = nullptr; |
| 712 certificate_verified_ = false; | 711 certificate_verified_ = false; |
| 713 channel_id_request_.Cancel(); | 712 channel_id_request_.Cancel(); |
| 714 | 713 |
| 715 signature_result_ = kNoPendingResult; | 714 signature_result_ = kNoPendingResult; |
| 716 signature_.clear(); | 715 signature_.clear(); |
| 717 } | 716 } |
| 718 | 717 |
| 719 bool SSLClientSocketImpl::IsConnected() const { | 718 bool SSLClientSocketImpl::IsConnected() const { |
| 720 // If the handshake has not yet completed. | 719 // If the handshake has not yet completed. |
| 721 if (!completed_connect_) | 720 if (!completed_connect_) |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 797 ssl_info->channel_id_sent = channel_id_sent_; | 796 ssl_info->channel_id_sent = channel_id_sent_; |
| 798 ssl_info->token_binding_negotiated = tb_was_negotiated_; | 797 ssl_info->token_binding_negotiated = tb_was_negotiated_; |
| 799 ssl_info->token_binding_key_param = tb_negotiated_param_; | 798 ssl_info->token_binding_key_param = tb_negotiated_param_; |
| 800 ssl_info->pinning_failure_log = pinning_failure_log_; | 799 ssl_info->pinning_failure_log = pinning_failure_log_; |
| 801 | 800 |
| 802 AddCTInfoToSSLInfo(ssl_info); | 801 AddCTInfoToSSLInfo(ssl_info); |
| 803 | 802 |
| 804 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | 803 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
| 805 CHECK(cipher); | 804 CHECK(cipher); |
| 806 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | 805 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
| 807 ssl_info->key_exchange_info = | 806 if (SSL_CIPHER_is_ECDHE(cipher)) { |
| 808 SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_)); | 807 ssl_info->key_exchange_info = SSL_get_curve_id(ssl_); |
| 808 } else if (SSL_CIPHER_is_DHE(cipher)) { |
| 809 ssl_info->key_exchange_info = SSL_get_dhe_group_size(ssl_); |
| 810 } |
| 809 | 811 |
| 810 SSLConnectionStatusSetCipherSuite( | 812 SSLConnectionStatusSetCipherSuite( |
| 811 static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), | 813 static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), |
| 812 &ssl_info->connection_status); | 814 &ssl_info->connection_status); |
| 813 SSLConnectionStatusSetVersion(GetNetSSLVersion(ssl_), | 815 SSLConnectionStatusSetVersion(GetNetSSLVersion(ssl_), |
| 814 &ssl_info->connection_status); | 816 &ssl_info->connection_status); |
| 815 | 817 |
| 816 if (!SSL_get_secure_renegotiation_support(ssl_)) | 818 if (!SSL_get_secure_renegotiation_support(ssl_)) |
| 817 ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION; | 819 ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION; |
| 818 | 820 |
| (...skipping 1245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2064 reinterpret_cast<SSLClientSocketImpl*>(BIO_get_callback_arg(bio)); | 2066 reinterpret_cast<SSLClientSocketImpl*>(BIO_get_callback_arg(bio)); |
| 2065 CHECK(socket); | 2067 CHECK(socket); |
| 2066 return socket->MaybeReplayTransportError(bio, cmd, argp, argi, argl, | 2068 return socket->MaybeReplayTransportError(bio, cmd, argp, argi, argl, |
| 2067 retvalue); | 2069 retvalue); |
| 2068 } | 2070 } |
| 2069 | 2071 |
| 2070 void SSLClientSocketImpl::MaybeCacheSession() { | 2072 void SSLClientSocketImpl::MaybeCacheSession() { |
| 2071 // Only cache the session once both a new session has been established and the | 2073 // Only cache the session once both a new session has been established and the |
| 2072 // certificate has been verified. Due to False Start, these events may happen | 2074 // certificate has been verified. Due to False Start, these events may happen |
| 2073 // in either order. | 2075 // in either order. |
| 2074 if (!session_pending_ || !certificate_verified_) | 2076 if (!pending_session_ || !certificate_verified_) |
| 2075 return; | 2077 return; |
| 2076 | 2078 |
| 2077 SSLContext::GetInstance()->session_cache()->Insert(GetSessionCacheKey(), | 2079 SSLContext::GetInstance()->session_cache()->Insert(GetSessionCacheKey(), |
| 2078 SSL_get_session(ssl_)); | 2080 pending_session_.get()); |
| 2079 session_pending_ = false; | 2081 pending_session_ = nullptr; |
| 2080 } | 2082 } |
| 2081 | 2083 |
| 2082 int SSLClientSocketImpl::NewSessionCallback(SSL_SESSION* session) { | 2084 int SSLClientSocketImpl::NewSessionCallback(SSL_SESSION* session) { |
| 2083 DCHECK_EQ(session, SSL_get_session(ssl_)); | 2085 // OpenSSL passes a reference to |session|. |
| 2084 | 2086 pending_session_.reset(session); |
| 2085 // Only sessions from the initial handshake get cached. Note this callback may | |
| 2086 // be signaled on abbreviated handshakes if the ticket was renewed. | |
| 2087 session_pending_ = true; | |
| 2088 MaybeCacheSession(); | 2087 MaybeCacheSession(); |
| 2089 | |
| 2090 // OpenSSL passes a reference to |session|, but the session cache does not | |
| 2091 // take this reference, so release it. | |
| 2092 SSL_SESSION_free(session); | |
| 2093 return 1; | 2088 return 1; |
| 2094 } | 2089 } |
| 2095 | 2090 |
| 2096 void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { | 2091 void SSLClientSocketImpl::AddCTInfoToSSLInfo(SSLInfo* ssl_info) const { |
| 2097 ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); | 2092 ssl_info->UpdateCertificateTransparencyInfo(ct_verify_result_); |
| 2098 } | 2093 } |
| 2099 | 2094 |
| 2100 std::string SSLClientSocketImpl::GetSessionCacheKey() const { | 2095 std::string SSLClientSocketImpl::GetSessionCacheKey() const { |
| 2101 std::string result = host_and_port_.ToString(); | 2096 std::string result = host_and_port_.ToString(); |
| 2102 result.append("/"); | 2097 result.append("/"); |
| (...skipping 220 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2323 if (rv != OK) { | 2318 if (rv != OK) { |
| 2324 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 2319 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 2325 return; | 2320 return; |
| 2326 } | 2321 } |
| 2327 | 2322 |
| 2328 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, | 2323 net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, |
| 2329 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); | 2324 base::Bind(&NetLogSSLInfoCallback, base::Unretained(this))); |
| 2330 } | 2325 } |
| 2331 | 2326 |
| 2332 } // namespace net | 2327 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2189613003:
Stop calling SSL_get_session in SSLClientSocketImpl. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master