| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/openssl_ssl_util.h" | 5 #include "net/ssl/openssl_ssl_util.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/err.h> | 8 #include <openssl/err.h> |
| 9 #include <openssl/ssl.h> | 9 #include <openssl/ssl.h> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 91 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: | 91 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: |
| 92 return ERR_SSL_DECRYPT_ERROR_ALERT; | 92 return ERR_SSL_DECRYPT_ERROR_ALERT; |
| 93 case SSL_R_TLSV1_UNRECOGNIZED_NAME: | 93 case SSL_R_TLSV1_UNRECOGNIZED_NAME: |
| 94 return ERR_SSL_UNRECOGNIZED_NAME_ALERT; | 94 return ERR_SSL_UNRECOGNIZED_NAME_ALERT; |
| 95 case SSL_R_BAD_DH_P_LENGTH: | 95 case SSL_R_BAD_DH_P_LENGTH: |
| 96 return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY; | 96 return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY; |
| 97 case SSL_R_CERTIFICATE_VERIFY_FAILED: | 97 case SSL_R_CERTIFICATE_VERIFY_FAILED: |
| 98 // The only way that the certificate verify callback can fail is if | 98 // The only way that the certificate verify callback can fail is if |
| 99 // the leaf certificate changed during a renegotiation. | 99 // the leaf certificate changed during a renegotiation. |
| 100 return ERR_SSL_SERVER_CERT_CHANGED; | 100 return ERR_SSL_SERVER_CERT_CHANGED; |
| 101 case SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK: | |
| 102 return ERR_SSL_INAPPROPRIATE_FALLBACK; | |
| 103 // SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the server after | 101 // SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the server after |
| 104 // receiving ClientHello if there's no common supported cipher. Map that | 102 // receiving ClientHello if there's no common supported cipher. Map that |
| 105 // specific case to ERR_SSL_VERSION_OR_CIPHER_MISMATCH to match the NSS | 103 // specific case to ERR_SSL_VERSION_OR_CIPHER_MISMATCH to match the NSS |
| 106 // implementation. See https://goo.gl/oMtZW and https://crbug.com/446505. | 104 // implementation. See https://goo.gl/oMtZW and https://crbug.com/446505. |
| 107 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: { | 105 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: { |
| 108 uint32_t previous = ERR_peek_error(); | 106 uint32_t previous = ERR_peek_error(); |
| 109 if (previous != 0 && ERR_GET_LIB(previous) == ERR_LIB_SSL && | 107 if (previous != 0 && ERR_GET_LIB(previous) == ERR_LIB_SSL && |
| 110 ERR_GET_REASON(previous) == SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO) { | 108 ERR_GET_REASON(previous) == SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO) { |
| 111 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; | 109 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; |
| 112 } | 110 } |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 240 for (size_t i = 0; i < os_handles.size(); i++) { | 238 for (size_t i = 0; i < os_handles.size(); i++) { |
| 241 ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]); | 239 ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]); |
| 242 if (!x509) | 240 if (!x509) |
| 243 return nullptr; | 241 return nullptr; |
| 244 sk_X509_push(stack.get(), x509.release()); | 242 sk_X509_push(stack.get(), x509.release()); |
| 245 } | 243 } |
| 246 return stack; | 244 return stack; |
| 247 } | 245 } |
| 248 | 246 |
| 249 } // namespace net | 247 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2382983002:
Remove the last of the TLS fallback code. (Closed)
