| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 46 #include "net/ssl/ssl_info.h" | 46 #include "net/ssl/ssl_info.h" |
| 47 #include "net/ssl/ssl_private_key.h" | 47 #include "net/ssl/ssl_private_key.h" |
| 48 #include "net/ssl/token_binding.h" | 48 #include "net/ssl/token_binding.h" |
| 49 #include "third_party/boringssl/src/include/openssl/bio.h" | 49 #include "third_party/boringssl/src/include/openssl/bio.h" |
| 50 #include "third_party/boringssl/src/include/openssl/bytestring.h" | 50 #include "third_party/boringssl/src/include/openssl/bytestring.h" |
| 51 #include "third_party/boringssl/src/include/openssl/err.h" | 51 #include "third_party/boringssl/src/include/openssl/err.h" |
| 52 #include "third_party/boringssl/src/include/openssl/evp.h" | 52 #include "third_party/boringssl/src/include/openssl/evp.h" |
| 53 #include "third_party/boringssl/src/include/openssl/mem.h" | 53 #include "third_party/boringssl/src/include/openssl/mem.h" |
| 54 #include "third_party/boringssl/src/include/openssl/ssl.h" | 54 #include "third_party/boringssl/src/include/openssl/ssl.h" |
| 55 | 55 |
| 56 #include "base/trace_event/memory_dump_manager.h" |
| 57 #include "base/strings/stringprintf.h" |
| 58 |
| 56 #if !defined(OS_NACL) | 59 #if !defined(OS_NACL) |
| 57 #include "net/ssl/ssl_key_logger.h" | 60 #include "net/ssl/ssl_key_logger.h" |
| 58 #endif | 61 #endif |
| 59 | 62 |
| 60 #if defined(USE_NSS_CERTS) | 63 #if defined(USE_NSS_CERTS) |
| 61 #include "net/cert_net/nss_ocsp.h" | 64 #include "net/cert_net/nss_ocsp.h" |
| 62 #endif | 65 #endif |
| 63 | 66 |
| 64 namespace net { | 67 namespace net { |
| 65 | 68 |
| (...skipping 194 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 260 ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); | 263 ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); |
| 261 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL); | 264 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL); |
| 262 SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL); | 265 SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL); |
| 263 SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL); | 266 SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL); |
| 264 | 267 |
| 265 // Disable the internal session cache. Session caching is handled | 268 // Disable the internal session cache. Session caching is handled |
| 266 // externally (i.e. by SSLClientSessionCache). | 269 // externally (i.e. by SSLClientSessionCache). |
| 267 SSL_CTX_set_session_cache_mode( | 270 SSL_CTX_set_session_cache_mode( |
| 268 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); | 271 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); |
| 269 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); | 272 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); |
| 270 SSL_CTX_set_timeout(ssl_ctx_.get(), 1 * 60 * 60 /* one hour */); | |
| 271 | 273 |
| 272 SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1); | 274 SSL_CTX_set_grease_enabled(ssl_ctx_.get(), 1); |
| 273 | 275 |
| 274 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, | 276 if (!SSL_CTX_add_client_custom_ext(ssl_ctx_.get(), kTbExtNum, |
| 275 &TokenBindingAddCallback, | 277 &TokenBindingAddCallback, |
| 276 &TokenBindingFreeCallback, nullptr, | 278 &TokenBindingFreeCallback, nullptr, |
| 277 &TokenBindingParseCallback, nullptr)) { | 279 &TokenBindingParseCallback, nullptr)) { |
| 278 NOTREACHED(); | 280 NOTREACHED(); |
| 279 } | 281 } |
| 280 } | 282 } |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 517 signature_result_(kNoPendingResult), | 519 signature_result_(kNoPendingResult), |
| 518 transport_security_state_(context.transport_security_state), | 520 transport_security_state_(context.transport_security_state), |
| 519 policy_enforcer_(context.ct_policy_enforcer), | 521 policy_enforcer_(context.ct_policy_enforcer), |
| 520 pkp_bypassed_(false), | 522 pkp_bypassed_(false), |
| 521 net_log_(transport_->socket()->NetLog()), | 523 net_log_(transport_->socket()->NetLog()), |
| 522 weak_factory_(this) { | 524 weak_factory_(this) { |
| 523 CHECK(cert_verifier_); | 525 CHECK(cert_verifier_); |
| 524 CHECK(transport_security_state_); | 526 CHECK(transport_security_state_); |
| 525 CHECK(cert_transparency_verifier_); | 527 CHECK(cert_transparency_verifier_); |
| 526 CHECK(policy_enforcer_); | 528 CHECK(policy_enforcer_); |
| 529 |
| 527 } | 530 } |
| 528 | 531 |
| 529 SSLClientSocketImpl::~SSLClientSocketImpl() { | 532 SSLClientSocketImpl::~SSLClientSocketImpl() { |
| 530 Disconnect(); | 533 Disconnect(); |
| 531 } | 534 } |
| 532 | 535 |
| 533 #if !defined(OS_NACL) | 536 #if !defined(OS_NACL) |
| 534 void SSLClientSocketImpl::SetSSLKeyLogFile( | 537 void SSLClientSocketImpl::SetSSLKeyLogFile( |
| 535 const base::FilePath& ssl_keylog_file, | 538 const base::FilePath& ssl_keylog_file, |
| 536 const scoped_refptr<base::SequencedTaskRunner>& task_runner) { | 539 const scoped_refptr<base::SequencedTaskRunner>& task_runner) { |
| (...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 779 } | 782 } |
| 780 | 783 |
| 781 void SSLClientSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const { | 784 void SSLClientSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const { |
| 782 out->clear(); | 785 out->clear(); |
| 783 } | 786 } |
| 784 | 787 |
| 785 int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const { | 788 int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const { |
| 786 return transport_->socket()->GetTotalReceivedBytes(); | 789 return transport_->socket()->GetTotalReceivedBytes(); |
| 787 } | 790 } |
| 788 | 791 |
| 792 void SSLClientSocketImpl::PopulateAllocatorDump( |
| 793 base::trace_event::MemoryAllocatorDump* dump) const { |
| 794 size_t total_size = 0; |
| 795 base::trace_event::MemoryAllocatorDump* socket_dump = |
| 796 dump->process_memory_dump()->CreateAllocatorDump(base::StringPrintf( |
| 797 "%s/ssl_socket_%p", dump->absolute_name().c_str(), this)); |
| 798 if (transport_adapter_) { |
| 799 size_t bio_buffers_size = transport_adapter_->GetEffectiveSize(); |
| 800 socket_dump->AddScalar("buffer_size", |
| 801 base::trace_event::MemoryAllocatorDump::kUnitsBytes, |
| 802 bio_buffers_size); |
| 803 total_size+= bio_buffers_size; |
| 804 } |
| 805 size_t total_cert_size = 0; |
| 806 size_t certs_count = 0; |
| 807 if (server_cert_chain_) { |
| 808 certs_count = server_cert_chain_->size(); |
| 809 for (size_t i = 0; i < certs_count; ++i) { |
| 810 X509* cert = server_cert_chain_->Get(i); |
| 811 total_cert_size += i2d_X509(cert, nullptr); |
| 812 } |
| 813 } |
| 814 socket_dump->AddScalar("cert_size", |
| 815 base::trace_event::MemoryAllocatorDump::kUnitsBytes, |
| 816 total_cert_size); |
| 817 socket_dump->AddScalar("cert_count", |
| 818 base::trace_event::MemoryAllocatorDump::kUnitsObjects, |
| 819 certs_count); |
| 820 // FIXME |
| 821 socket_dump->AddString( |
| 822 "host and port", "", |
| 823 base::StringPrintf("%s:%d", host_and_port_.host().c_str(), |
| 824 host_and_port_.port())); |
| 825 total_size += total_cert_size; |
| 826 socket_dump->AddScalar( |
| 827 base::trace_event::MemoryAllocatorDump::kNameSize, |
| 828 base::trace_event::MemoryAllocatorDump::kUnitsBytes, |
| 829 total_size); |
| 830 } |
| 831 |
| 832 // static |
| 833 void SSLClientSocketImpl::PopulateSSLClientSessionAllocatorDump( |
| 834 base::trace_event::MemoryAllocatorDump* dump) { |
| 835 SSLContext::GetInstance()->session_cache()->PopulateAllocatorDump(dump); |
| 836 } |
| 837 |
| 789 int SSLClientSocketImpl::Read(IOBuffer* buf, | 838 int SSLClientSocketImpl::Read(IOBuffer* buf, |
| 790 int buf_len, | 839 int buf_len, |
| 791 const CompletionCallback& callback) { | 840 const CompletionCallback& callback) { |
| 792 user_read_buf_ = buf; | 841 user_read_buf_ = buf; |
| 793 user_read_buf_len_ = buf_len; | 842 user_read_buf_len_ = buf_len; |
| 794 | 843 |
| 795 int rv = DoPayloadRead(); | 844 int rv = DoPayloadRead(); |
| 796 | 845 |
| 797 if (rv == ERR_IO_PENDING) { | 846 if (rv == ERR_IO_PENDING) { |
| 798 user_read_callback_ = callback; | 847 user_read_callback_ = callback; |
| (...skipping 505 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1304 | 1353 |
| 1305 void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { | 1354 void SSLClientSocketImpl::OnHandshakeIOComplete(int result) { |
| 1306 int rv = DoHandshakeLoop(result); | 1355 int rv = DoHandshakeLoop(result); |
| 1307 if (rv != ERR_IO_PENDING) { | 1356 if (rv != ERR_IO_PENDING) { |
| 1308 LogConnectEndEvent(rv); | 1357 LogConnectEndEvent(rv); |
| 1309 DoConnectCallback(rv); | 1358 DoConnectCallback(rv); |
| 1310 } | 1359 } |
| 1311 } | 1360 } |
| 1312 | 1361 |
| 1313 int SSLClientSocketImpl::DoHandshakeLoop(int last_io_result) { | 1362 int SSLClientSocketImpl::DoHandshakeLoop(int last_io_result) { |
| 1363 TRACE_HEAP_PROFILER_API_SCOPED_TASK_EXECUTION a("net/do_hand_shake"); |
| 1364 |
| 1314 TRACE_EVENT0("net", "SSLClientSocketImpl::DoHandshakeLoop"); | 1365 TRACE_EVENT0("net", "SSLClientSocketImpl::DoHandshakeLoop"); |
| 1315 int rv = last_io_result; | 1366 int rv = last_io_result; |
| 1316 do { | 1367 do { |
| 1317 // Default to STATE_NONE for next state. | 1368 // Default to STATE_NONE for next state. |
| 1318 // (This is a quirk carried over from the windows | 1369 // (This is a quirk carried over from the windows |
| 1319 // implementation. It makes reading the logs a bit harder.) | 1370 // implementation. It makes reading the logs a bit harder.) |
| 1320 // State handlers can and often do call GotoState just | 1371 // State handlers can and often do call GotoState just |
| 1321 // to stay in the current state. | 1372 // to stay in the current state. |
| 1322 State state = next_handshake_state_; | 1373 State state = next_handshake_state_; |
| 1323 next_handshake_state_ = STATE_NONE; | 1374 next_handshake_state_ = STATE_NONE; |
| (...skipping 674 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1998 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2049 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 1999 !certificate_requested_) { | 2050 !certificate_requested_) { |
| 2000 net_error = ERR_SSL_PROTOCOL_ERROR; | 2051 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 2001 } | 2052 } |
| 2002 } | 2053 } |
| 2003 | 2054 |
| 2004 return net_error; | 2055 return net_error; |
| 2005 } | 2056 } |
| 2006 | 2057 |
| 2007 } // namespace net | 2058 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2414883005:
TEMP DO NOT LAND (Closed)
