| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <openssl/bio.h> | 8 #include <openssl/bio.h> |
| 9 #include <openssl/bytestring.h> | 9 #include <openssl/bytestring.h> |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 46 #include "net/log/net_log_event_type.h" | 46 #include "net/log/net_log_event_type.h" |
| 47 #include "net/log/net_log_parameters_callback.h" | 47 #include "net/log/net_log_parameters_callback.h" |
| 48 #include "net/ssl/ssl_cert_request_info.h" | 48 #include "net/ssl/ssl_cert_request_info.h" |
| 49 #include "net/ssl/ssl_cipher_suite_names.h" | 49 #include "net/ssl/ssl_cipher_suite_names.h" |
| 50 #include "net/ssl/ssl_client_session_cache.h" | 50 #include "net/ssl/ssl_client_session_cache.h" |
| 51 #include "net/ssl/ssl_connection_status_flags.h" | 51 #include "net/ssl/ssl_connection_status_flags.h" |
| 52 #include "net/ssl/ssl_info.h" | 52 #include "net/ssl/ssl_info.h" |
| 53 #include "net/ssl/ssl_private_key.h" | 53 #include "net/ssl/ssl_private_key.h" |
| 54 #include "net/ssl/token_binding.h" | 54 #include "net/ssl/token_binding.h" |
| 55 | 55 |
| 56 #include "base/trace_event/memory_dump_manager.h" |
| 57 #include "base/strings/stringprintf.h" |
| 58 |
| 56 #if !defined(OS_NACL) | 59 #if !defined(OS_NACL) |
| 57 #include "net/ssl/ssl_key_logger.h" | 60 #include "net/ssl/ssl_key_logger.h" |
| 58 #endif | 61 #endif |
| 59 | 62 |
| 60 #if defined(USE_NSS_CERTS) | 63 #if defined(USE_NSS_CERTS) |
| 61 #include "net/cert_net/nss_ocsp.h" | 64 #include "net/cert_net/nss_ocsp.h" |
| 62 #endif | 65 #endif |
| 63 | 66 |
| 64 namespace net { | 67 namespace net { |
| 65 | 68 |
| (...skipping 427 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 493 disconnected_(false), | 496 disconnected_(false), |
| 494 negotiated_protocol_(kProtoUnknown), | 497 negotiated_protocol_(kProtoUnknown), |
| 495 channel_id_sent_(false), | 498 channel_id_sent_(false), |
| 496 certificate_verified_(false), | 499 certificate_verified_(false), |
| 497 certificate_requested_(false), | 500 certificate_requested_(false), |
| 498 signature_result_(kNoPendingResult), | 501 signature_result_(kNoPendingResult), |
| 499 transport_security_state_(context.transport_security_state), | 502 transport_security_state_(context.transport_security_state), |
| 500 policy_enforcer_(context.ct_policy_enforcer), | 503 policy_enforcer_(context.ct_policy_enforcer), |
| 501 pkp_bypassed_(false), | 504 pkp_bypassed_(false), |
| 502 net_log_(transport_->socket()->NetLog()), | 505 net_log_(transport_->socket()->NetLog()), |
| 506 in_pool_(false), |
| 503 weak_factory_(this) { | 507 weak_factory_(this) { |
| 504 CHECK(cert_verifier_); | 508 CHECK(cert_verifier_); |
| 505 CHECK(transport_security_state_); | 509 CHECK(transport_security_state_); |
| 506 CHECK(cert_transparency_verifier_); | 510 CHECK(cert_transparency_verifier_); |
| 507 CHECK(policy_enforcer_); | 511 CHECK(policy_enforcer_); |
| 508 } | 512 } |
| 509 | 513 |
| 510 SSLClientSocketImpl::~SSLClientSocketImpl() { | 514 SSLClientSocketImpl::~SSLClientSocketImpl() { |
| 511 Disconnect(); | 515 Disconnect(); |
| 512 } | 516 } |
| (...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 667 // Note that this does not check |BIO_pending|, whether there is ciphertext | 671 // Note that this does not check |BIO_pending|, whether there is ciphertext |
| 668 // that has not yet been flushed to the network. |Write| returns early, so | 672 // that has not yet been flushed to the network. |Write| returns early, so |
| 669 // this can cause race conditions which cause a socket to not be treated | 673 // this can cause race conditions which cause a socket to not be treated |
| 670 // reusable when it should be. See https://crbug.com/466147. | 674 // reusable when it should be. See https://crbug.com/466147. |
| 671 if (BIO_wpending(transport_bio_.get()) > 0) | 675 if (BIO_wpending(transport_bio_.get()) > 0) |
| 672 return false; | 676 return false; |
| 673 | 677 |
| 674 return transport_->socket()->IsConnectedAndIdle(); | 678 return transport_->socket()->IsConnectedAndIdle(); |
| 675 } | 679 } |
| 676 | 680 |
| 681 void SSLClientSocketImpl::OnAddedToPool() { |
| 682 in_pool_ = true; |
| 683 } |
| 684 |
| 685 void SSLClientSocketImpl::OnRemovedFromPool() { |
| 686 in_pool_ = false; |
| 687 } |
| 688 |
| 677 int SSLClientSocketImpl::GetPeerAddress(IPEndPoint* addressList) const { | 689 int SSLClientSocketImpl::GetPeerAddress(IPEndPoint* addressList) const { |
| 678 return transport_->socket()->GetPeerAddress(addressList); | 690 return transport_->socket()->GetPeerAddress(addressList); |
| 679 } | 691 } |
| 680 | 692 |
| 681 int SSLClientSocketImpl::GetLocalAddress(IPEndPoint* addressList) const { | 693 int SSLClientSocketImpl::GetLocalAddress(IPEndPoint* addressList) const { |
| 682 return transport_->socket()->GetLocalAddress(addressList); | 694 return transport_->socket()->GetLocalAddress(addressList); |
| 683 } | 695 } |
| 684 | 696 |
| 685 const NetLogWithSource& SSLClientSocketImpl::NetLog() const { | 697 const NetLogWithSource& SSLClientSocketImpl::NetLog() const { |
| 686 return net_log_; | 698 return net_log_; |
| (...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 759 } | 771 } |
| 760 | 772 |
| 761 void SSLClientSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const { | 773 void SSLClientSocketImpl::GetConnectionAttempts(ConnectionAttempts* out) const { |
| 762 out->clear(); | 774 out->clear(); |
| 763 } | 775 } |
| 764 | 776 |
| 765 int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const { | 777 int64_t SSLClientSocketImpl::GetTotalReceivedBytes() const { |
| 766 return transport_->socket()->GetTotalReceivedBytes(); | 778 return transport_->socket()->GetTotalReceivedBytes(); |
| 767 } | 779 } |
| 768 | 780 |
| 781 void SSLClientSocketImpl::PopulateAllocatorDump( |
| 782 base::trace_event::MemoryAllocatorDump* dump) const { |
| 783 base::trace_event::MemoryAllocatorDump* socket_dump = |
| 784 dump->process_memory_dump()->CreateAllocatorDump(base::StringPrintf( |
| 785 "%s/ssl_socket/%p", dump->absolute_name().c_str(), this)); |
| 786 size_t total_buffer_size = |
| 787 send_buffer_->capacity() + recv_buffer_->capacity(); |
| 788 size_t buffer_count = 2; |
| 789 socket_dump->AddScalar("buffers_size", |
| 790 base::trace_event::MemoryAllocatorDump::kUnitsBytes, |
| 791 total_buffer_size); |
| 792 socket_dump->AddScalar("buffer_count", |
| 793 base::trace_event::MemoryAllocatorDump::kUnitsObjects, |
| 794 buffer_count); |
| 795 |
| 796 size_t total_cert_size = 0; |
| 797 size_t cert_count = 0; |
| 798 auto cert_chain = ssl_ ? SSL_get_peer_cert_chain(ssl_.get()) : nullptr; |
| 799 if (cert_chain) { |
| 800 cert_count = sk_X509_num(cert_chain); |
| 801 for (size_t i = 0; i != cert_count; ++i) { |
| 802 X509* cert = sk_X509_value(cert_chain, i); |
| 803 total_cert_size += i2d_X509(cert, nullptr); |
| 804 } |
| 805 } |
| 806 socket_dump->AddScalar("certs_size", |
| 807 base::trace_event::MemoryAllocatorDump::kUnitsBytes, |
| 808 total_cert_size); |
| 809 socket_dump->AddScalar("cert_count", |
| 810 base::trace_event::MemoryAllocatorDump::kUnitsObjects, |
| 811 cert_count); |
| 812 |
| 813 size_t total_size = total_buffer_size + total_cert_size; |
| 814 socket_dump->AddScalar(base::trace_event::MemoryAllocatorDump::kNameSize, |
| 815 base::trace_event::MemoryAllocatorDump::kUnitsBytes, |
| 816 total_size); |
| 817 |
| 818 socket_dump->AddScalar( |
| 819 "socket_count", base::trace_event::MemoryAllocatorDump::kUnitsObjects, 1); |
| 820 } |
| 821 |
| 769 int SSLClientSocketImpl::Read(IOBuffer* buf, | 822 int SSLClientSocketImpl::Read(IOBuffer* buf, |
| 770 int buf_len, | 823 int buf_len, |
| 771 const CompletionCallback& callback) { | 824 const CompletionCallback& callback) { |
| 772 user_read_buf_ = buf; | 825 user_read_buf_ = buf; |
| 773 user_read_buf_len_ = buf_len; | 826 user_read_buf_len_ = buf_len; |
| 774 | 827 |
| 775 int rv = DoReadLoop(); | 828 int rv = DoReadLoop(); |
| 776 | 829 |
| 777 if (rv == ERR_IO_PENDING) { | 830 if (rv == ERR_IO_PENDING) { |
| 778 user_read_callback_ = callback; | 831 user_read_callback_ = callback; |
| (...skipping 1466 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2245 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2298 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 2246 !certificate_requested_) { | 2299 !certificate_requested_) { |
| 2247 net_error = ERR_SSL_PROTOCOL_ERROR; | 2300 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 2248 } | 2301 } |
| 2249 } | 2302 } |
| 2250 | 2303 |
| 2251 return net_error; | 2304 return net_error; |
| 2252 } | 2305 } |
| 2253 | 2306 |
| 2254 } // namespace net | 2307 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2414883005:
TEMP DO NOT LAND (Closed)
