| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 579 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 590 int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label, | 590 int SSLClientSocketImpl::ExportKeyingMaterial(const base::StringPiece& label, |
| 591 bool has_context, | 591 bool has_context, |
| 592 const base::StringPiece& context, | 592 const base::StringPiece& context, |
| 593 unsigned char* out, | 593 unsigned char* out, |
| 594 unsigned int outlen) { | 594 unsigned int outlen) { |
| 595 if (!IsConnected()) | 595 if (!IsConnected()) |
| 596 return ERR_SOCKET_NOT_CONNECTED; | 596 return ERR_SOCKET_NOT_CONNECTED; |
| 597 | 597 |
| 598 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 598 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 599 | 599 |
| 600 int rv = SSL_export_keying_material( | 600 if (!SSL_export_keying_material( |
| 601 ssl_, out, outlen, label.data(), label.size(), | 601 ssl_, out, outlen, label.data(), label.size(), |
| 602 reinterpret_cast<const unsigned char*>(context.data()), context.length(), | 602 reinterpret_cast<const unsigned char*>(context.data()), |
| 603 has_context ? 1 : 0); | 603 context.length(), has_context ? 1 : 0)) { |
| 604 LOG(ERROR) << "Failed to export keying material."; |
| 605 return ERR_FAILED; |
| 606 } |
| 604 | 607 |
| 605 if (rv != 1) { | |
| 606 int ssl_error = SSL_get_error(ssl_, rv); | |
| 607 LOG(ERROR) << "Failed to export keying material;" | |
| 608 << " returned " << rv << ", SSL error code " << ssl_error; | |
| 609 return MapOpenSSLError(ssl_error, err_tracer); | |
| 610 } | |
| 611 return OK; | 608 return OK; |
| 612 } | 609 } |
| 613 | 610 |
| 614 int SSLClientSocketImpl::Connect(const CompletionCallback& callback) { | 611 int SSLClientSocketImpl::Connect(const CompletionCallback& callback) { |
| 615 // Although StreamSocket does allow calling Connect() after Disconnect(), | 612 // Although StreamSocket does allow calling Connect() after Disconnect(), |
| 616 // this has never worked for layered sockets. CHECK to detect any consumers | 613 // this has never worked for layered sockets. CHECK to detect any consumers |
| 617 // reconnecting an SSL socket. | 614 // reconnecting an SSL socket. |
| 618 // | 615 // |
| 619 // TODO(davidben,mmenke): Remove this API feature. See | 616 // TODO(davidben,mmenke): Remove this API feature. See |
| 620 // https://crbug.com/499289. | 617 // https://crbug.com/499289. |
| (...skipping 644 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1265 net_log_.EndEvent(NetLogEventType::SSL_GET_CHANNEL_ID, | 1262 net_log_.EndEvent(NetLogEventType::SSL_GET_CHANNEL_ID, |
| 1266 base::Bind(&NetLogChannelIDLookupCompleteCallback, | 1263 base::Bind(&NetLogChannelIDLookupCompleteCallback, |
| 1267 channel_id_key_.get(), result)); | 1264 channel_id_key_.get(), result)); |
| 1268 if (result < 0) | 1265 if (result < 0) |
| 1269 return result; | 1266 return result; |
| 1270 | 1267 |
| 1271 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key | 1268 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key |
| 1272 // type. | 1269 // type. |
| 1273 DCHECK(channel_id_key_); | 1270 DCHECK(channel_id_key_); |
| 1274 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 1271 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 1275 int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key()); | 1272 if (!SSL_set1_tls_channel_id(ssl_, channel_id_key_->key())) { |
| 1276 if (!rv) { | |
| 1277 LOG(ERROR) << "Failed to set Channel ID."; | 1273 LOG(ERROR) << "Failed to set Channel ID."; |
| 1278 int err = SSL_get_error(ssl_, rv); | 1274 return ERR_FAILED; |
| 1279 return MapOpenSSLError(err, err_tracer); | |
| 1280 } | 1275 } |
| 1281 | 1276 |
| 1282 // Return to the handshake. | 1277 // Return to the handshake. |
| 1283 channel_id_sent_ = true; | 1278 channel_id_sent_ = true; |
| 1284 next_handshake_state_ = STATE_HANDSHAKE; | 1279 next_handshake_state_ = STATE_HANDSHAKE; |
| 1285 return OK; | 1280 return OK; |
| 1286 } | 1281 } |
| 1287 | 1282 |
| 1288 int SSLClientSocketImpl::DoVerifyCert(int result) { | 1283 int SSLClientSocketImpl::DoVerifyCert(int result) { |
| 1289 DCHECK(!server_cert_chain_->empty()); | 1284 DCHECK(!server_cert_chain_->empty()); |
| (...skipping 1092 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2382 } | 2377 } |
| 2383 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 2378 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
| 2384 CHANNEL_ID_USAGE_MAX); | 2379 CHANNEL_ID_USAGE_MAX); |
| 2385 } | 2380 } |
| 2386 | 2381 |
| 2387 bool SSLClientSocketImpl::IsChannelIDEnabled() const { | 2382 bool SSLClientSocketImpl::IsChannelIDEnabled() const { |
| 2388 return ssl_config_.channel_id_enabled && channel_id_service_; | 2383 return ssl_config_.channel_id_enabled && channel_id_service_; |
| 2389 } | 2384 } |
| 2390 | 2385 |
| 2391 } // namespace net | 2386 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2342123002:
Fix error-handling for non-SSL_get_error functions. (Closed)
