Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 266243004: Clang format slam. Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/base/mime_util_unittest.cc ('K') | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index c95312d1ef9442bcc362524c2e225f07618981ee..3b55f396cb8d32f703594772c4d19d1527fd5e18 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -136,17 +136,17 @@ namespace net {
#define LeaveFunction(x)
#define GotoState(s) next_handshake_state_ = s
#else
-#define EnterFunction(x)\
- VLOG(1) << (void *)this << " " << __FUNCTION__ << " enter " << x\
- << "; next_handshake_state " << next_handshake_state_
-#define LeaveFunction(x)\
- VLOG(1) << (void *)this << " " << __FUNCTION__ << " leave " << x\
- << "; next_handshake_state " << next_handshake_state_
-#define GotoState(s)\
- do {\
- VLOG(1) << (void *)this << " " << __FUNCTION__ << " jump to state " << s;\
- next_handshake_state_ = s;\
- } while (0)
+#define EnterFunction(x) \
+ VLOG(1) << (void*) this << " " << __FUNCTION__ << " enter " << x \
+ << "; next_handshake_state " << next_handshake_state_
+#define LeaveFunction(x) \
+ VLOG(1) << (void*) this << " " << __FUNCTION__ << " leave " << x \
+ << "; next_handshake_state " << next_handshake_state_
+#define GotoState(s) \
+ do { \
+ VLOG(1) << (void*) this << " " << __FUNCTION__ << " jump to state " << s; \
+ next_handshake_state_ = s; \
+ } while (0)
#endif
namespace {
@@ -174,10 +174,12 @@ bool IsOCSPStaplingSupported() {
return true;
}
#elif defined(USE_NSS)
-typedef SECStatus
-(*CacheOCSPResponseFromSideChannelFunction)(
- CERTCertDBHandle *handle, CERTCertificate *cert, PRTime time,
- SECItem *encodedResponse, void *pwArg);
+typedef SECStatus (*CacheOCSPResponseFromSideChannelFunction)(
+ CERTCertDBHandle* handle,
+ CERTCertificate* cert,
+ PRTime time,
+ SECItem* encodedResponse,
+ void* pwArg);
// On Linux, we dynamically link against the system version of libnss3.so. In
// order to continue working on systems without up-to-date versions of NSS we
@@ -201,8 +203,8 @@ class RuntimeLibNSSFunctionPointers {
RuntimeLibNSSFunctionPointers() {
cache_ocsp_response_from_side_channel_ =
- (CacheOCSPResponseFromSideChannelFunction)
- dlsym(RTLD_DEFAULT, "CERT_CacheOCSPResponseFromSideChannel");
+ (CacheOCSPResponseFromSideChannelFunction)dlsym(
+ RTLD_DEFAULT, "CERT_CacheOCSPResponseFromSideChannel");
}
CacheOCSPResponseFromSideChannelFunction
@@ -212,7 +214,7 @@ class RuntimeLibNSSFunctionPointers {
CacheOCSPResponseFromSideChannelFunction
GetCacheOCSPResponseFromSideChannelFunction() {
return RuntimeLibNSSFunctionPointers::GetInstance()
- ->GetCacheOCSPResponseFromSideChannelFunction();
+ ->GetCacheOCSPResponseFromSideChannelFunction();
}
bool IsOCSPStaplingSupported() {
@@ -236,13 +238,13 @@ bool IsOCSPStaplingSupported() {
// This matches our behavior on Mac OS X and that of NSS. It also matches the
// default behavior of IE8. See http://support.microsoft.com/kb/890326 and
// http://blogs.msdn.com/b/askie/archive/2009/06/09/my-expired-client-certificates-no-longer-display-when-connecting-to-my-web-server-using-ie8.aspx
-BOOL WINAPI ClientCertFindCallback(PCCERT_CONTEXT cert_context,
- void* find_arg) {
+BOOL WINAPI
+ClientCertFindCallback(PCCERT_CONTEXT cert_context, void* find_arg) {
VLOG(1) << "Calling ClientCertFindCallback from _nss";
// Verify the certificate's KU is good.
BYTE key_usage;
- if (CertGetIntendedKeyUsage(X509_ASN_ENCODING, cert_context->pCertInfo,
- &key_usage, 1)) {
+ if (CertGetIntendedKeyUsage(
+ X509_ASN_ENCODING, cert_context->pCertInfo, &key_usage, 1)) {
if (!(key_usage & CERT_DIGITAL_SIGNATURE_KEY_USAGE))
return FALSE;
} else {
@@ -300,9 +302,10 @@ void AddLogEventWithCallback(const base::WeakPtr<BoundNetLog>& net_log,
// Instead, provide a signature that accepts an IOBuffer*, so that a reference
// to the owning IOBuffer can be bound to the Callback. This ensures that the
// IOBuffer will stay alive long enough to cross threads if needed.
-void LogByteTransferEvent(
- const base::WeakPtr<BoundNetLog>& net_log, NetLog::EventType event_type,
- int len, IOBuffer* buffer) {
+void LogByteTransferEvent(const base::WeakPtr<BoundNetLog>& net_log,
+ NetLog::EventType event_type,
+ int len,
+ IOBuffer* buffer) {
if (!net_log)
return;
net_log->AddByteTransferEvent(event_type, len, buffer->data());
@@ -340,8 +343,7 @@ class PeerCertificateChain {
std::vector<CERTCertificate*> certs_;
};
-PeerCertificateChain::PeerCertificateChain(
- const PeerCertificateChain& other) {
+PeerCertificateChain::PeerCertificateChain(const PeerCertificateChain& other) {
*this = other;
}
@@ -376,14 +378,15 @@ void PeerCertificateChain::Reset(PRFileDesc* nss_fd) {
return;
for (CERTCertListNode* node = CERT_LIST_HEAD(list);
- !CERT_LIST_END(node, list); node = CERT_LIST_NEXT(node)) {
+ !CERT_LIST_END(node, list);
+ node = CERT_LIST_NEXT(node)) {
certs_.push_back(CERT_DupCertificate(node->cert));
}
CERT_DestroyCertList(list);
}
-std::vector<base::StringPiece>
-PeerCertificateChain::AsStringPieceVector() const {
+std::vector<base::StringPiece> PeerCertificateChain::AsStringPieceVector()
+ const {
std::vector<base::StringPiece> v(certs_.size());
for (unsigned i = 0; i < certs_.size(); i++) {
v[i] = base::StringPiece(
@@ -678,10 +681,10 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
PRBool checksig,
PRBool is_server);
- // Callbacks called by NSS when the peer requests client certificate
- // authentication.
- // See the documentation in third_party/nss/ssl/ssl.h for the meanings of
- // the arguments.
+// Callbacks called by NSS when the peer requests client certificate
+// authentication.
+// See the documentation in third_party/nss/ssl/ssl.h for the meanings of
+// the arguments.
#if defined(NSS_PLATFORM_CLIENT_AUTH)
// When NSS has been integrated with awareness of the underlying system
// cryptographic libraries, this callback allows the caller to supply a
@@ -744,11 +747,10 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
void DoWriteCallback(int result);
// Client channel ID handler.
- static SECStatus ClientChannelIDHandler(
- void* arg,
- PRFileDesc* socket,
- SECKEYPublicKey **out_public_key,
- SECKEYPrivateKey **out_private_key);
+ static SECStatus ClientChannelIDHandler(void* arg,
+ PRFileDesc* socket,
+ SECKEYPublicKey** out_public_key,
+ SECKEYPrivateKey** out_private_key);
// ImportChannelIDKeys is a helper function for turning a DER-encoded cert and
// key into a SECKEYPublicKey and SECKEYPrivateKey. Returns OK upon success
@@ -788,10 +790,9 @@ class SSLClientSocketNSS::Core : public base::RefCountedThreadSafe<Core> {
void OnNSSBufferUpdated(int amount_in_read_buffer);
void DidNSSRead(int result);
void DidNSSWrite(int result);
- void RecordChannelIDSupportOnNetworkTaskRunner(
- bool negotiated_channel_id,
- bool channel_id_enabled,
- bool supports_ecc) const;
+ void RecordChannelIDSupportOnNetworkTaskRunner(bool negotiated_channel_id,
+ bool channel_id_enabled,
+ bool supports_ecc) const;
////////////////////////////////////////////////////////////////////////////
// Methods that are called on both the network task runner and the NSS
@@ -984,9 +985,10 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,
if (!ssl_config_.next_protos.empty()) {
size_t wire_length = 0;
- for (std::vector<std::string>::const_iterator
- i = ssl_config_.next_protos.begin();
- i != ssl_config_.next_protos.end(); ++i) {
+ for (std::vector<std::string>::const_iterator i =
+ ssl_config_.next_protos.begin();
+ i != ssl_config_.next_protos.end();
+ ++i) {
if (i->size() > 255) {
LOG(WARNING) << "Ignoring overlong NPN/ALPN protocol: " << *i;
continue;
@@ -996,9 +998,10 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,
}
scoped_ptr<uint8[]> wire_protos(new uint8[wire_length]);
uint8* dst = wire_protos.get();
- for (std::vector<std::string>::const_iterator
- i = ssl_config_.next_protos.begin();
- i != ssl_config_.next_protos.end(); i++) {
+ for (std::vector<std::string>::const_iterator i =
+ ssl_config_.next_protos.begin();
+ i != ssl_config_.next_protos.end();
+ i++) {
if (i->size() > 255)
continue;
*dst++ = i->size();
@@ -1026,8 +1029,7 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,
#if defined(NSS_PLATFORM_CLIENT_AUTH)
rv = SSL_GetPlatformClientAuthDataHook(
- nss_fd_, SSLClientSocketNSS::Core::PlatformClientAuthHandler,
- this);
+ nss_fd_, SSLClientSocketNSS::Core::PlatformClientAuthHandler, this);
#else
rv = SSL_GetClientAuthDataHook(
nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this);
@@ -1067,8 +1069,7 @@ int SSLClientSocketNSS::Core::Connect(const CompletionCallback& callback) {
if (!OnNSSTaskRunner()) {
DCHECK(!detached_);
bool posted = nss_task_runner_->PostTask(
- FROM_HERE,
- base::Bind(IgnoreResult(&Core::Connect), this, callback));
+ FROM_HERE, base::Bind(IgnoreResult(&Core::Connect), this, callback));
return posted ? ERR_IO_PENDING : ERR_ABORTED;
}
@@ -1107,7 +1108,8 @@ void SSLClientSocketNSS::Core::Detach() {
domain_bound_cert_request_handle_.Cancel();
}
-int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len,
+int SSLClientSocketNSS::Core::Read(IOBuffer* buf,
+ int buf_len,
const CompletionCallback& callback) {
if (!OnNSSTaskRunner()) {
DCHECK(OnNetworkTaskRunner());
@@ -1116,10 +1118,13 @@ int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len,
DCHECK(!nss_waiting_read_);
nss_waiting_read_ = true;
- bool posted = nss_task_runner_->PostTask(
- FROM_HERE,
- base::Bind(IgnoreResult(&Core::Read), this, make_scoped_refptr(buf),
- buf_len, callback));
+ bool posted =
+ nss_task_runner_->PostTask(FROM_HERE,
+ base::Bind(IgnoreResult(&Core::Read),
+ this,
+ make_scoped_refptr(buf),
+ buf_len,
+ callback));
if (!posted) {
nss_is_closed_ = true;
nss_waiting_read_ = false;
@@ -1164,7 +1169,8 @@ int SSLClientSocketNSS::Core::Read(IOBuffer* buf, int buf_len,
return rv;
}
-int SSLClientSocketNSS::Core::Write(IOBuffer* buf, int buf_len,
+int SSLClientSocketNSS::Core::Write(IOBuffer* buf,
+ int buf_len,
const CompletionCallback& callback) {
if (!OnNSSTaskRunner()) {
DCHECK(OnNetworkTaskRunner());
@@ -1173,10 +1179,13 @@ int SSLClientSocketNSS::Core::Write(IOBuffer* buf, int buf_len,
DCHECK(!nss_waiting_write_);
nss_waiting_write_ = true;
- bool posted = nss_task_runner_->PostTask(
- FROM_HERE,
- base::Bind(IgnoreResult(&Core::Write), this, make_scoped_refptr(buf),
- buf_len, callback));
+ bool posted =
+ nss_task_runner_->PostTask(FROM_HERE,
+ base::Bind(IgnoreResult(&Core::Write),
+ this,
+ make_scoped_refptr(buf),
+ buf_len,
+ callback));
if (!posted) {
nss_is_closed_ = true;
nss_waiting_write_ = false;
@@ -1274,18 +1283,18 @@ bool SSLClientSocketNSS::Core::OnNetworkTaskRunner() const {
}
// static
-SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(
- void* arg,
- PRFileDesc* socket,
- PRBool checksig,
- PRBool is_server) {
+SECStatus SSLClientSocketNSS::Core::OwnAuthCertHandler(void* arg,
+ PRFileDesc* socket,
+ PRBool checksig,
+ PRBool is_server) {
Core* core = reinterpret_cast<Core*>(arg);
if (core->handshake_callback_called_) {
// Disallow the server certificate to change in a renegotiation.
CERTCertificate* old_cert = core->nss_handshake_state_.server_cert_chain[0];
ScopedCERTCertificate new_cert(SSL_PeerCertificate(socket));
if (new_cert->derCert.len != old_cert->derCert.len ||
- memcmp(new_cert->derCert.data, old_cert->derCert.data,
+ memcmp(new_cert->derCert.data,
+ old_cert->derCert.data,
new_cert->derCert.len) != 0) {
// NSS doesn't have an error code that indicates the server certificate
// changed. Borrow SSL_ERROR_WRONG_CERTIFICATE (which NSS isn't using)
@@ -1312,10 +1321,10 @@ SECStatus SSLClientSocketNSS::Core::PlatformClientAuthHandler(
Core* core = reinterpret_cast<Core*>(arg);
DCHECK(core->OnNSSTaskRunner());
- core->PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEvent, core->weak_net_log_,
- NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
+ core->PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEvent,
+ core->weak_net_log_,
+ NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert;
#if defined(OS_WIN)
@@ -1342,7 +1351,7 @@ SECStatus SSLClientSocketNSS::Core::PlatformClientAuthHandler(
SECItem der_cert;
der_cert.type = siDERCertBuffer;
der_cert.data = cert_context->pbCertEncoded;
- der_cert.len = cert_context->cbCertEncoded;
+ der_cert.len = cert_context->cbCertEncoded;
// TODO(rsleevi): Error checking for NSS allocation errors.
CERTCertDBHandle* db_handle = CERT_GetDefaultCertDB();
@@ -1361,7 +1370,9 @@ SECStatus SSLClientSocketNSS::Core::PlatformClientAuthHandler(
X509Certificate::OSCertHandles intermediates =
core->ssl_config_.client_cert->GetIntermediateCertificates();
for (X509Certificate::OSCertHandles::const_iterator it =
- intermediates.begin(); it != intermediates.end(); ++it) {
+ intermediates.begin();
+ it != intermediates.end();
+ ++it) {
der_cert.data = (*it)->pbCertEncoded;
der_cert.len = (*it)->cbCertEncoded;
@@ -1401,16 +1412,17 @@ SECStatus SSLClientSocketNSS::Core::PlatformClientAuthHandler(
for (int i = 0; i < ca_names->nnames; ++i) {
issuer_list[i].cbData = ca_names->names[i].len;
issuer_list[i].pbData = ca_names->names[i].data;
- core->nss_handshake_state_.cert_authorities.push_back(std::string(
- reinterpret_cast<const char*>(ca_names->names[i].data),
- static_cast<size_t>(ca_names->names[i].len)));
+ core->nss_handshake_state_.cert_authorities.push_back(
+ std::string(reinterpret_cast<const char*>(ca_names->names[i].data),
+ static_cast<size_t>(ca_names->names[i].len)));
}
// Update the network task runner's view of the handshake state now that
// server certificate request has been recorded.
core->PostOrRunCallback(
- FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
- core->nss_handshake_state_));
+ FROM_HERE,
+ base::Bind(
+ &Core::OnHandshakeStateUpdated, core, core->nss_handshake_state_));
// Tell NSS to suspend the client authentication. We will then abort the
// handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
@@ -1494,16 +1506,17 @@ SECStatus SSLClientSocketNSS::Core::PlatformClientAuthHandler(
std::vector<CertPrincipal> valid_issuers;
int n = ca_names->nnames;
for (int i = 0; i < n; i++) {
- core->nss_handshake_state_.cert_authorities.push_back(std::string(
- reinterpret_cast<const char*>(ca_names->names[i].data),
- static_cast<size_t>(ca_names->names[i].len)));
+ core->nss_handshake_state_.cert_authorities.push_back(
+ std::string(reinterpret_cast<const char*>(ca_names->names[i].data),
+ static_cast<size_t>(ca_names->names[i].len)));
}
// Update the network task runner's view of the handshake state now that
// server certificate request has been recorded.
core->PostOrRunCallback(
- FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
- core->nss_handshake_state_));
+ FROM_HERE,
+ base::Bind(
+ &Core::OnHandshakeStateUpdated, core, core->nss_handshake_state_));
// Tell NSS to suspend the client authentication. We will then abort the
// handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
@@ -1524,10 +1537,10 @@ SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
Core* core = reinterpret_cast<Core*>(arg);
DCHECK(core->OnNSSTaskRunner());
- core->PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEvent, core->weak_net_log_,
- NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
+ core->PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEvent,
+ core->weak_net_log_,
+ NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
// TODO(droger): Support client auth on iOS. See http://crbug.com/145954).
LOG(WARNING) << "Client auth is not supported";
@@ -1537,7 +1550,7 @@ SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
return SECFailure;
}
-#else // NSS_PLATFORM_CLIENT_AUTH
+#else // NSS_PLATFORM_CLIENT_AUTH
// static
// Based on Mozilla's NSS_GetClientAuthData.
@@ -1550,14 +1563,14 @@ SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
Core* core = reinterpret_cast<Core*>(arg);
DCHECK(core->OnNSSTaskRunner());
- core->PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEvent, core->weak_net_log_,
- NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
+ core->PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEvent,
+ core->weak_net_log_,
+ NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED));
// Regular client certificate requested.
core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert;
- void* wincx = SSL_RevealPinArg(socket);
+ void* wincx = SSL_RevealPinArg(socket);
if (core->ssl_config_.send_client_cert) {
// Second pass: a client certificate should have been selected.
@@ -1590,16 +1603,17 @@ SECStatus SSLClientSocketNSS::Core::ClientAuthHandler(
// Retrieve the DER-encoded DistinguishedName of the cert issuers accepted by
// the server and save them in |cert_authorities|.
for (int i = 0; i < ca_names->nnames; i++) {
- core->nss_handshake_state_.cert_authorities.push_back(std::string(
- reinterpret_cast<const char*>(ca_names->names[i].data),
- static_cast<size_t>(ca_names->names[i].len)));
+ core->nss_handshake_state_.cert_authorities.push_back(
+ std::string(reinterpret_cast<const char*>(ca_names->names[i].data),
+ static_cast<size_t>(ca_names->names[i].len)));
}
// Update the network task runner's view of the handshake state now that
// server certificate request has been recorded.
core->PostOrRunCallback(
- FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, core,
- core->nss_handshake_state_));
+ FROM_HERE,
+ base::Bind(
+ &Core::OnHandshakeStateUpdated, core, core->nss_handshake_state_));
// Tell NSS to suspend the client authentication. We will then abort the
// handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
@@ -1615,13 +1629,11 @@ SECStatus SSLClientSocketNSS::Core::CanFalseStartCallback(
// If the server doesn't support NPN or ALPN, then we don't do False
// Start with it.
PRBool negotiated_extension;
- SECStatus rv = SSL_HandshakeNegotiatedExtension(socket,
- ssl_app_layer_protocol_xtn,
- &negotiated_extension);
+ SECStatus rv = SSL_HandshakeNegotiatedExtension(
+ socket, ssl_app_layer_protocol_xtn, &negotiated_extension);
if (rv != SECSuccess || !negotiated_extension) {
- rv = SSL_HandshakeNegotiatedExtension(socket,
- ssl_next_proto_nego_xtn,
- &negotiated_extension);
+ rv = SSL_HandshakeNegotiatedExtension(
+ socket, ssl_next_proto_nego_xtn, &negotiated_extension);
}
if (rv != SECSuccess || !negotiated_extension) {
*can_false_start = PR_FALSE;
@@ -1632,9 +1644,8 @@ SECStatus SSLClientSocketNSS::Core::CanFalseStartCallback(
}
// static
-void SSLClientSocketNSS::Core::HandshakeCallback(
- PRFileDesc* socket,
- void* arg) {
+void SSLClientSocketNSS::Core::HandshakeCallback(PRFileDesc* socket,
+ void* arg) {
Core* core = reinterpret_cast<Core*>(arg);
DCHECK(core->OnNSSTaskRunner());
@@ -1678,16 +1689,16 @@ void SSLClientSocketNSS::Core::HandshakeSucceeded() {
// Update the network task runners view of the handshake state whenever
// a handshake has completed.
PostOrRunCallback(
- FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this,
- nss_handshake_state_));
+ FROM_HERE,
+ base::Bind(&Core::OnHandshakeStateUpdated, this, nss_handshake_state_));
}
int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error,
bool handshake_error) {
DCHECK(OnNSSTaskRunner());
- int net_error = handshake_error ? MapNSSClientHandshakeError(nss_error) :
- MapNSSClientError(nss_error);
+ int net_error = handshake_error ? MapNSSClientHandshakeError(nss_error)
+ : MapNSSClientError(nss_error);
#if defined(OS_WIN)
// On Windows, a handle to the HCRYPTPROV is cached in the X509Certificate
@@ -1707,9 +1718,10 @@ int SSLClientSocketNSS::Core::HandleNSSError(PRErrorCode nss_error,
if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY ||
net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) &&
ssl_config_.send_client_cert && ssl_config_.client_cert) {
- CertSetCertificateContextProperty(
- ssl_config_.client_cert->os_cert_handle(),
- CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL);
+ CertSetCertificateContextProperty(ssl_config_.client_cert->os_cert_handle(),
+ CERT_KEY_PROV_HANDLE_PROP_ID,
+ 0,
+ NULL);
}
#endif
@@ -1763,11 +1775,11 @@ int SSLClientSocketNSS::Core::DoReadLoop(int result) {
if (!nss_bufs_) {
LOG(DFATAL) << "!nss_bufs_";
int rv = ERR_UNEXPECTED;
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
- NetLog::TYPE_SSL_READ_ERROR,
- CreateNetLogSSLErrorCallback(rv, 0)));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
+ NetLog::TYPE_SSL_READ_ERROR,
+ CreateNetLogSSLErrorCallback(rv, 0)));
return rv;
}
@@ -1792,11 +1804,11 @@ int SSLClientSocketNSS::Core::DoWriteLoop(int result) {
if (!nss_bufs_) {
LOG(DFATAL) << "!nss_bufs_";
int rv = ERR_UNEXPECTED;
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
- NetLog::TYPE_SSL_READ_ERROR,
- CreateNetLogSSLErrorCallback(rv, 0)));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
+ NetLog::TYPE_SSL_READ_ERROR,
+ CreateNetLogSSLErrorCallback(rv, 0)));
return rv;
}
@@ -1825,11 +1837,11 @@ int SSLClientSocketNSS::Core::DoHandshake() {
net_error = ERR_IO_PENDING;
} else if (client_auth_cert_needed_) {
net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
- NetLog::TYPE_SSL_HANDSHAKE_ERROR,
- CreateNetLogSSLErrorCallback(net_error, 0)));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
+ NetLog::TYPE_SSL_HANDSHAKE_ERROR,
+ CreateNetLogSSLErrorCallback(net_error, 0)));
// If the handshake already succeeded (because the server requests but
// doesn't require a client cert), we need to invalidate the SSL session
@@ -1870,7 +1882,8 @@ int SSLClientSocketNSS::Core::DoHandshake() {
} else {
PostOrRunCallback(
FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
NetLog::TYPE_SSL_HANDSHAKE_ERROR,
CreateNetLogSSLErrorCallback(net_error, prerr)));
}
@@ -1881,10 +1894,11 @@ int SSLClientSocketNSS::Core::DoHandshake() {
int SSLClientSocketNSS::Core::DoGetDBCertComplete(int result) {
SECStatus rv;
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&BoundNetLog::EndEventWithNetErrorCode, weak_net_log_,
- NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, result));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&BoundNetLog::EndEventWithNetErrorCode,
+ weak_net_log_,
+ NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT,
+ result));
channel_id_needed_ = false;
@@ -1922,17 +1936,18 @@ int SSLClientSocketNSS::Core::DoPayloadRead() {
pending_read_nss_error_ = 0;
if (rv == 0) {
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&LogByteTransferEvent, weak_net_log_,
- NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
- scoped_refptr<IOBuffer>(user_read_buf_)));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&LogByteTransferEvent,
+ weak_net_log_,
+ NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED,
+ rv,
+ scoped_refptr<IOBuffer>(user_read_buf_)));
} else {
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
- NetLog::TYPE_SSL_READ_ERROR,
- CreateNetLogSSLErrorCallback(rv, prerr)));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
+ NetLog::TYPE_SSL_READ_ERROR,
+ CreateNetLogSSLErrorCallback(rv, prerr)));
}
return rv;
}
@@ -1951,14 +1966,16 @@ int SSLClientSocketNSS::Core::DoPayloadRead() {
// data was read, it's safe to return the error or EOF immediately.
int total_bytes_read = 0;
do {
- rv = PR_Read(nss_fd_, user_read_buf_->data() + total_bytes_read,
+ rv = PR_Read(nss_fd_,
+ user_read_buf_->data() + total_bytes_read,
user_read_buf_len_ - total_bytes_read);
if (rv > 0)
total_bytes_read += rv;
} while (total_bytes_read < user_read_buf_len_ && rv > 0);
int amount_in_read_buffer = memio_GetReadableBufferSize(nss_bufs_);
- PostOrRunCallback(FROM_HERE, base::Bind(&Core::OnNSSBufferUpdated, this,
- amount_in_read_buffer));
+ PostOrRunCallback(
+ FROM_HERE,
+ base::Bind(&Core::OnNSSBufferUpdated, this, amount_in_read_buffer));
if (total_bytes_read == user_read_buf_len_) {
// The caller's entire request was satisfied without error. No further
@@ -2007,15 +2024,17 @@ int SSLClientSocketNSS::Core::DoPayloadRead() {
DCHECK_NE(ERR_IO_PENDING, pending_read_result_);
if (rv >= 0) {
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&LogByteTransferEvent, weak_net_log_,
- NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
- scoped_refptr<IOBuffer>(user_read_buf_)));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&LogByteTransferEvent,
+ weak_net_log_,
+ NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED,
+ rv,
+ scoped_refptr<IOBuffer>(user_read_buf_)));
} else if (rv != ERR_IO_PENDING) {
PostOrRunCallback(
FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
NetLog::TYPE_SSL_READ_ERROR,
CreateNetLogSSLErrorCallback(rv, pending_read_nss_error_)));
pending_read_nss_error_ = 0;
@@ -2040,11 +2059,12 @@ int SSLClientSocketNSS::Core::DoPayloadWrite() {
base::Bind(&Core::OnNSSBufferUpdated, this, new_amount_in_read_buffer));
}
if (rv >= 0) {
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&LogByteTransferEvent, weak_net_log_,
- NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
- scoped_refptr<IOBuffer>(user_write_buf_)));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&LogByteTransferEvent,
+ weak_net_log_,
+ NetLog::TYPE_SSL_SOCKET_BYTES_SENT,
+ rv,
+ scoped_refptr<IOBuffer>(user_write_buf_)));
return rv;
}
PRErrorCode prerr = PR_GetError();
@@ -2052,11 +2072,11 @@ int SSLClientSocketNSS::Core::DoPayloadWrite() {
return ERR_IO_PENDING;
rv = HandleNSSError(prerr, false);
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
- NetLog::TYPE_SSL_WRITE_ERROR,
- CreateNetLogSSLErrorCallback(rv, prerr)));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
+ NetLog::TYPE_SSL_WRITE_ERROR,
+ CreateNetLogSSLErrorCallback(rv, prerr)));
return rv;
}
@@ -2112,8 +2132,7 @@ int SSLClientSocketNSS::Core::BufferRecv() {
} else {
bool posted = network_task_runner_->PostTask(
FROM_HERE,
- base::Bind(IgnoreResult(&Core::DoBufferRecv), this, read_buffer,
- nb));
+ base::Bind(IgnoreResult(&Core::DoBufferRecv), this, read_buffer, nb));
rv = posted ? ERR_IO_PENDING : ERR_ABORTED;
}
@@ -2157,8 +2176,8 @@ int SSLClientSocketNSS::Core::BufferSend() {
} else {
bool posted = network_task_runner_->PostTask(
FROM_HERE,
- base::Bind(IgnoreResult(&Core::DoBufferSend), this, send_buffer,
- len));
+ base::Bind(
+ IgnoreResult(&Core::DoBufferSend), this, send_buffer, len));
rv = posted ? ERR_IO_PENDING : ERR_ABORTED;
}
@@ -2239,9 +2258,8 @@ void SSLClientSocketNSS::Core::DoConnectCallback(int rv) {
DCHECK_NE(rv, ERR_IO_PENDING);
DCHECK(!user_connect_callback_.is_null());
- base::Closure c = base::Bind(
- base::ResetAndReturn(&user_connect_callback_),
- rv > OK ? OK : rv);
+ base::Closure c = base::Bind(base::ResetAndReturn(&user_connect_callback_),
+ rv > OK ? OK : rv);
PostOrRunCallback(FROM_HERE, c);
}
@@ -2258,12 +2276,9 @@ void SSLClientSocketNSS::Core::DoReadCallback(int rv) {
PostOrRunCallback(
FROM_HERE,
base::Bind(&Core::OnNSSBufferUpdated, this, amount_in_read_buffer));
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&Core::DidNSSRead, this, rv));
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(base::ResetAndReturn(&user_read_callback_), rv));
+ PostOrRunCallback(FROM_HERE, base::Bind(&Core::DidNSSRead, this, rv));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(base::ResetAndReturn(&user_read_callback_), rv));
}
void SSLClientSocketNSS::Core::DoWriteCallback(int rv) {
@@ -2283,26 +2298,23 @@ void SSLClientSocketNSS::Core::DoWriteCallback(int rv) {
PostOrRunCallback(
FROM_HERE,
base::Bind(&Core::OnNSSBufferUpdated, this, amount_in_read_buffer));
+ PostOrRunCallback(FROM_HERE, base::Bind(&Core::DidNSSWrite, this, rv));
PostOrRunCallback(
- FROM_HERE,
- base::Bind(&Core::DidNSSWrite, this, rv));
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(base::ResetAndReturn(&user_write_callback_), rv));
+ FROM_HERE, base::Bind(base::ResetAndReturn(&user_write_callback_), rv));
}
SECStatus SSLClientSocketNSS::Core::ClientChannelIDHandler(
void* arg,
PRFileDesc* socket,
- SECKEYPublicKey **out_public_key,
- SECKEYPrivateKey **out_private_key) {
+ SECKEYPublicKey** out_public_key,
+ SECKEYPrivateKey** out_private_key) {
Core* core = reinterpret_cast<Core*>(arg);
DCHECK(core->OnNSSTaskRunner());
- core->PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEvent, core->weak_net_log_,
- NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED));
+ core->PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEvent,
+ core->weak_net_log_,
+ NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED));
// We have negotiated the TLS channel ID extension.
core->channel_id_xtn_negotiated_ = true;
@@ -2313,9 +2325,7 @@ SECStatus SSLClientSocketNSS::Core::ClientChannelIDHandler(
} else {
bool posted = core->network_task_runner_->PostTask(
FROM_HERE,
- base::Bind(
- IgnoreResult(&Core::DoGetDomainBoundCert),
- core, host));
+ base::Bind(IgnoreResult(&Core::DoGetDomainBoundCert), core, host));
error = posted ? ERR_IO_PENDING : ERR_ABORTED;
}
@@ -2325,10 +2335,11 @@ SECStatus SSLClientSocketNSS::Core::ClientChannelIDHandler(
return SECWouldBlock;
}
- core->PostOrRunCallback(
- FROM_HERE,
- base::Bind(&BoundNetLog::EndEventWithNetErrorCode, core->weak_net_log_,
- NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT, error));
+ core->PostOrRunCallback(FROM_HERE,
+ base::Bind(&BoundNetLog::EndEventWithNetErrorCode,
+ core->weak_net_log_,
+ NetLog::TYPE_SSL_GET_DOMAIN_BOUND_CERT,
+ error));
SECStatus rv = SECSuccess;
if (error == OK) {
// Synchronous success.
@@ -2348,13 +2359,10 @@ int SSLClientSocketNSS::Core::ImportChannelIDKeys(SECKEYPublicKey** public_key,
SECKEYPrivateKey** key) {
// Set the certificate.
SECItem cert_item;
- cert_item.data = (unsigned char*) domain_bound_cert_.data();
+ cert_item.data = (unsigned char*)domain_bound_cert_.data();
cert_item.len = domain_bound_cert_.size();
- ScopedCERTCertificate cert(CERT_NewTempCertificate(CERT_GetDefaultCertDB(),
- &cert_item,
- NULL,
- PR_FALSE,
- PR_TRUE));
+ ScopedCERTCertificate cert(CERT_NewTempCertificate(
+ CERT_GetDefaultCertDB(), &cert_item, NULL, PR_FALSE, PR_TRUE));
if (cert == NULL)
return MapNSSError(PORT_GetError());
@@ -2385,48 +2393,45 @@ void SSLClientSocketNSS::Core::UpdateServerCert() {
if (nss_handshake_state_.server_cert.get()) {
// Since this will be called asynchronously on another thread, it needs to
// own a reference to the certificate.
- NetLog::ParametersCallback net_log_callback =
- base::Bind(&NetLogX509CertificateCallback,
- nss_handshake_state_.server_cert);
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
- NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
- net_log_callback));
+ NetLog::ParametersCallback net_log_callback = base::Bind(
+ &NetLogX509CertificateCallback, nss_handshake_state_.server_cert);
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
+ NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
+ net_log_callback));
}
}
void SSLClientSocketNSS::Core::UpdateSignedCertTimestamps() {
- const SECItem* signed_cert_timestamps =
- SSL_PeerSignedCertTimestamps(nss_fd_);
+ const SECItem* signed_cert_timestamps = SSL_PeerSignedCertTimestamps(nss_fd_);
if (!signed_cert_timestamps || !signed_cert_timestamps->len)
return;
- nss_handshake_state_.sct_list_from_tls_extension = std::string(
- reinterpret_cast<char*>(signed_cert_timestamps->data),
- signed_cert_timestamps->len);
+ nss_handshake_state_.sct_list_from_tls_extension =
+ std::string(reinterpret_cast<char*>(signed_cert_timestamps->data),
+ signed_cert_timestamps->len);
}
void SSLClientSocketNSS::Core::UpdateStapledOCSPResponse() {
PRBool ocsp_requested = PR_FALSE;
SSL_OptionGet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, &ocsp_requested);
- const SECItemArray* ocsp_responses =
- SSL_PeerStapledOCSPResponses(nss_fd_);
+ const SECItemArray* ocsp_responses = SSL_PeerStapledOCSPResponses(nss_fd_);
bool ocsp_responses_present = ocsp_responses && ocsp_responses->len;
if (ocsp_requested)
UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_responses_present);
if (!ocsp_responses_present)
return;
- nss_handshake_state_.stapled_ocsp_response = std::string(
- reinterpret_cast<char*>(ocsp_responses->items[0].data),
- ocsp_responses->items[0].len);
+ nss_handshake_state_.stapled_ocsp_response =
+ std::string(reinterpret_cast<char*>(ocsp_responses->items[0].data),
+ ocsp_responses->items[0].len);
// TODO(agl): figure out how to plumb an OCSP response into the Mac
// system library and update IsOCSPStaplingSupported for Mac.
if (IsOCSPStaplingSupported()) {
- #if defined(OS_WIN)
+#if defined(OS_WIN)
if (nss_handshake_state_.server_cert) {
CRYPT_DATA_BLOB ocsp_response_blob;
ocsp_response_blob.cbData = ocsp_responses->items[0].len;
@@ -2437,38 +2442,37 @@ void SSLClientSocketNSS::Core::UpdateStapledOCSPResponse() {
CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG,
&ocsp_response_blob);
if (!ok) {
- VLOG(1) << "Failed to set OCSP response property: "
- << GetLastError();
+ VLOG(1) << "Failed to set OCSP response property: " << GetLastError();
}
}
- #elif defined(USE_NSS)
+#elif defined(USE_NSS)
CacheOCSPResponseFromSideChannelFunction cache_ocsp_response =
GetCacheOCSPResponseFromSideChannelFunction();
- cache_ocsp_response(
- CERT_GetDefaultCertDB(),
- nss_handshake_state_.server_cert_chain[0], PR_Now(),
- &ocsp_responses->items[0], NULL);
- #endif
+ cache_ocsp_response(CERT_GetDefaultCertDB(),
+ nss_handshake_state_.server_cert_chain[0],
+ PR_Now(),
+ &ocsp_responses->items[0],
+ NULL);
+#endif
} // IsOCSPStaplingSupported()
}
void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
SSLChannelInfo channel_info;
- SECStatus ok = SSL_GetChannelInfo(nss_fd_,
- &channel_info, sizeof(channel_info));
- if (ok == SECSuccess &&
- channel_info.length == sizeof(channel_info) &&
+ SECStatus ok =
+ SSL_GetChannelInfo(nss_fd_, &channel_info, sizeof(channel_info));
+ if (ok == SECSuccess && channel_info.length == sizeof(channel_info) &&
channel_info.cipherSuite) {
nss_handshake_state_.ssl_connection_status |=
(static_cast<int>(channel_info.cipherSuite) &
- SSL_CONNECTION_CIPHERSUITE_MASK) <<
- SSL_CONNECTION_CIPHERSUITE_SHIFT;
+ SSL_CONNECTION_CIPHERSUITE_MASK)
+ << SSL_CONNECTION_CIPHERSUITE_SHIFT;
nss_handshake_state_.ssl_connection_status |=
(static_cast<int>(channel_info.compressionMethod) &
- SSL_CONNECTION_COMPRESSION_MASK) <<
- SSL_CONNECTION_COMPRESSION_SHIFT;
+ SSL_CONNECTION_COMPRESSION_MASK)
+ << SSL_CONNECTION_COMPRESSION_SHIFT;
// NSS 3.14.x doesn't have a version macro for TLS 1.2 (because NSS didn't
// support it yet), so use 0x0303 directly.
@@ -2487,13 +2491,12 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
version = SSL_CONNECTION_VERSION_TLS1_2;
}
nss_handshake_state_.ssl_connection_status |=
- (version & SSL_CONNECTION_VERSION_MASK) <<
- SSL_CONNECTION_VERSION_SHIFT;
+ (version & SSL_CONNECTION_VERSION_MASK) << SSL_CONNECTION_VERSION_SHIFT;
}
PRBool peer_supports_renego_ext;
- ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
- &peer_supports_renego_ext);
+ ok = SSL_HandshakeNegotiatedExtension(
+ nss_fd_, ssl_renegotiation_info_xtn, &peer_supports_renego_ext);
if (ok == SECSuccess) {
if (!peer_supports_renego_ext) {
nss_handshake_state_.ssl_connection_status |=
@@ -2503,8 +2506,8 @@ void SSLClientSocketNSS::Core::UpdateConnectionStatus() {
VLOG(1) << "The server " << host_and_port_.ToString()
<< " does not support the TLS renegotiation_info extension.";
}
- UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported",
- peer_supports_renego_ext, 2);
+ UMA_HISTOGRAM_ENUMERATION(
+ "Net.RenegotiationExtensionSupported", peer_supports_renego_ext, 2);
// We would like to eliminate fallback to SSLv3 for non-buggy servers
// because of security concerns. For example, Google offers forward
@@ -2567,13 +2570,12 @@ void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNSSTaskRunner() {
// Copy the NSS task runner-only state to the network task runner and
// log histograms from there, since the histograms also need access to the
// network task runner state.
- PostOrRunCallback(
- FROM_HERE,
- base::Bind(&Core::RecordChannelIDSupportOnNetworkTaskRunner,
- this,
- channel_id_xtn_negotiated_,
- ssl_config_.channel_id_enabled,
- crypto::ECPrivateKey::IsSupported()));
+ PostOrRunCallback(FROM_HERE,
+ base::Bind(&Core::RecordChannelIDSupportOnNetworkTaskRunner,
+ this,
+ channel_id_xtn_negotiated_,
+ ssl_config_.channel_id_enabled,
+ crypto::ECPrivateKey::IsSupported()));
}
void SSLClientSocketNSS::Core::RecordChannelIDSupportOnNetworkTaskRunner(
@@ -2596,14 +2598,18 @@ int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) {
return ERR_ABORTED;
int rv = transport_->socket()->Read(
- read_buffer, len,
- base::Bind(&Core::BufferRecvComplete, base::Unretained(this),
+ read_buffer,
+ len,
+ base::Bind(&Core::BufferRecvComplete,
+ base::Unretained(this),
scoped_refptr<IOBuffer>(read_buffer)));
if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) {
- nss_task_runner_->PostTask(
- FROM_HERE, base::Bind(&Core::BufferRecvComplete, this,
- scoped_refptr<IOBuffer>(read_buffer), rv));
+ nss_task_runner_->PostTask(FROM_HERE,
+ base::Bind(&Core::BufferRecvComplete,
+ this,
+ scoped_refptr<IOBuffer>(read_buffer),
+ rv));
return rv;
}
@@ -2618,14 +2624,13 @@ int SSLClientSocketNSS::Core::DoBufferSend(IOBuffer* send_buffer, int len) {
return ERR_ABORTED;
int rv = transport_->socket()->Write(
- send_buffer, len,
- base::Bind(&Core::BufferSendComplete,
- base::Unretained(this)));
+ send_buffer,
+ len,
+ base::Bind(&Core::BufferSendComplete, base::Unretained(this)));
if (!OnNSSTaskRunner() && rv != ERR_IO_PENDING) {
- nss_task_runner_->PostTask(
- FROM_HERE,
- base::Bind(&Core::BufferSendComplete, this, rv));
+ nss_task_runner_->PostTask(FROM_HERE,
+ base::Bind(&Core::BufferSendComplete, this, rv));
return rv;
}
@@ -2649,8 +2654,7 @@ int SSLClientSocketNSS::Core::DoGetDomainBoundCert(const std::string& host) {
if (rv != ERR_IO_PENDING && !OnNSSTaskRunner()) {
nss_task_runner_->PostTask(
- FROM_HERE,
- base::Bind(&Core::OnHandshakeIOComplete, this, rv));
+ FROM_HERE, base::Bind(&Core::OnHandshakeIOComplete, this, rv));
return ERR_IO_PENDING;
}
@@ -2731,18 +2735,19 @@ void SSLClientSocketNSS::Core::OnGetDomainBoundCertComplete(int result) {
OnHandshakeIOComplete(result);
}
-void SSLClientSocketNSS::Core::BufferRecvComplete(
- IOBuffer* read_buffer,
- int result) {
+void SSLClientSocketNSS::Core::BufferRecvComplete(IOBuffer* read_buffer,
+ int result) {
DCHECK(read_buffer);
if (!OnNSSTaskRunner()) {
if (detached_)
return;
- nss_task_runner_->PostTask(
- FROM_HERE, base::Bind(&Core::BufferRecvComplete, this,
- scoped_refptr<IOBuffer>(read_buffer), result));
+ nss_task_runner_->PostTask(FROM_HERE,
+ base::Bind(&Core::BufferRecvComplete,
+ this,
+ scoped_refptr<IOBuffer>(read_buffer),
+ result));
return;
}
@@ -2767,8 +2772,7 @@ void SSLClientSocketNSS::Core::PostOrRunCallback(
const base::Closure& task) {
if (!OnNetworkTaskRunner()) {
network_task_runner_->PostTask(
- FROM_HERE,
- base::Bind(&Core::PostOrRunCallback, this, location, task));
+ FROM_HERE, base::Bind(&Core::PostOrRunCallback, this, location, task));
return;
}
@@ -2780,21 +2784,23 @@ void SSLClientSocketNSS::Core::PostOrRunCallback(
void SSLClientSocketNSS::Core::AddCertProvidedEvent(int cert_count) {
PostOrRunCallback(
FROM_HERE,
- base::Bind(&AddLogEventWithCallback, weak_net_log_,
+ base::Bind(&AddLogEventWithCallback,
+ weak_net_log_,
NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED,
NetLog::IntegerCallback("cert_count", cert_count)));
}
void SSLClientSocketNSS::Core::SetChannelIDProvided() {
PostOrRunCallback(
- FROM_HERE, base::Bind(&AddLogEvent, weak_net_log_,
- NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED));
+ FROM_HERE,
+ base::Bind(
+ &AddLogEvent, weak_net_log_, NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED));
nss_handshake_state_.channel_id_sent = true;
// Update the network task runner's view of the handshake state now that
// channel id has been sent.
PostOrRunCallback(
- FROM_HERE, base::Bind(&Core::OnHandshakeStateUpdated, this,
- nss_handshake_state_));
+ FROM_HERE,
+ base::Bind(&Core::OnHandshakeStateUpdated, this, nss_handshake_state_));
}
SSLClientSocketNSS::SSLClientSocketNSS(
@@ -2851,8 +2857,7 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
AddSCTInfoToSSLInfo(ssl_info);
- ssl_info->connection_status =
- core_->state().ssl_connection_status;
+ ssl_info->connection_status = core_->state().ssl_connection_status;
ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
ssl_info->is_issued_by_known_root =
server_cert_verify_result_.is_issued_by_known_root;
@@ -2861,11 +2866,11 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->channel_id_sent = WasChannelIDSent();
ssl_info->pinning_failure_log = pinning_failure_log_;
- PRUint16 cipher_suite = SSLConnectionStatusToCipherSuite(
- core_->state().ssl_connection_status);
+ PRUint16 cipher_suite =
+ SSLConnectionStatusToCipherSuite(core_->state().ssl_connection_status);
SSLCipherSuiteInfo cipher_info;
- SECStatus ok = SSL_GetCipherSuiteInfo(cipher_suite,
- &cipher_info, sizeof(cipher_info));
+ SECStatus ok =
+ SSL_GetCipherSuiteInfo(cipher_suite, &cipher_info, sizeof(cipher_info));
if (ok == SECSuccess) {
ssl_info->security_bits = cipher_info.effectiveKeyBits;
} else {
@@ -2874,8 +2879,9 @@ bool SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
<< " for cipherSuite " << cipher_suite;
}
- ssl_info->handshake_type = core_->state().resumed_handshake ?
- SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
+ ssl_info->handshake_type = core_->state().resumed_handshake
+ ? SSLInfo::HANDSHAKE_RESUME
+ : SSLInfo::HANDSHAKE_FULL;
LeaveFunction("");
return true;
@@ -2900,9 +2906,14 @@ int SSLClientSocketNSS::ExportKeyingMaterial(const base::StringPiece& label,
// SSL_ExportKeyingMaterial may block the current thread if |core_| is in
// the midst of a handshake.
SECStatus result = SSL_ExportKeyingMaterial(
- nss_fd_, label.data(), label.size(), has_context,
+ nss_fd_,
+ label.data(),
+ label.size(),
+ has_context,
reinterpret_cast<const unsigned char*>(context.data()),
- context.length(), out, outlen);
+ context.length(),
+ out,
+ outlen);
if (result != SECSuccess) {
LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", "");
return MapNSSError(PORT_GetError());
@@ -2915,9 +2926,8 @@ int SSLClientSocketNSS::GetTLSUniqueChannelBinding(std::string* out) {
return ERR_SOCKET_NOT_CONNECTED;
unsigned char buf[64];
unsigned int len;
- SECStatus result = SSL_GetChannelBinding(nss_fd_,
- SSL_CHANNEL_BINDING_TLS_UNIQUE,
- buf, &len, arraysize(buf));
+ SECStatus result = SSL_GetChannelBinding(
+ nss_fd_, SSL_CHANNEL_BINDING_TLS_UNIQUE, buf, &len, arraysize(buf));
if (result != SECSuccess) {
LogFailedNSSFunction(net_log_, "SSL_GetChannelBinding", "");
return MapNSSError(PORT_GetError());
@@ -2926,9 +2936,9 @@ int SSLClientSocketNSS::GetTLSUniqueChannelBinding(std::string* out) {
return OK;
}
-SSLClientSocket::NextProtoStatus
-SSLClientSocketNSS::GetNextProto(std::string* proto,
- std::string* server_protos) {
+SSLClientSocket::NextProtoStatus SSLClientSocketNSS::GetNextProto(
+ std::string* proto,
+ std::string* server_protos) {
*proto = core_->state().next_proto;
*server_protos = core_->state().server_protos;
return core_->state().next_proto_status;
@@ -2992,7 +3002,7 @@ void SSLClientSocketNSS::Disconnect() {
// Reset object state.
user_connect_callback_.Reset();
server_cert_verify_result_.Reset();
- completed_handshake_ = false;
+ completed_handshake_ = false;
start_cert_verification_time_ = base::TimeTicks();
InitCore();
@@ -3011,8 +3021,7 @@ bool SSLClientSocketNSS::IsConnected() const {
bool SSLClientSocketNSS::IsConnectedAndIdle() const {
EnterFunction("");
- bool ret = completed_handshake_ &&
- !core_->HasPendingAsyncOperation() &&
+ bool ret = completed_handshake_ && !core_->HasPendingAsyncOperation() &&
!(core_->IsConnected() && core_->HasUnhandledReceivedData()) &&
transport_->socket()->IsConnectedAndIdle();
LeaveFunction("");
@@ -3061,7 +3070,8 @@ bool SSLClientSocketNSS::UsingTCPFastOpen() const {
return false;
}
-int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len,
+int SSLClientSocketNSS::Read(IOBuffer* buf,
+ int buf_len,
const CompletionCallback& callback) {
DCHECK(core_.get());
DCHECK(!callback.is_null());
@@ -3073,7 +3083,8 @@ int SSLClientSocketNSS::Read(IOBuffer* buf, int buf_len,
return rv;
}
-int SSLClientSocketNSS::Write(IOBuffer* buf, int buf_len,
+int SSLClientSocketNSS::Write(IOBuffer* buf,
+ int buf_len,
const CompletionCallback& callback) {
DCHECK(core_.get());
DCHECK(!callback.is_null());
@@ -3183,7 +3194,8 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
for (std::vector<uint16>::const_iterator it =
ssl_config_.disabled_cipher_suites.begin();
- it != ssl_config_.disabled_cipher_suites.end(); ++it) {
+ it != ssl_config_.disabled_cipher_suites.end();
+ ++it) {
// This will fail if the specified cipher is not implemented by NSS, but
// the failure is harmless.
SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
@@ -3196,8 +3208,8 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
}
- rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
- ssl_config_.false_start_enabled);
+ rv = SSL_OptionSet(
+ nss_fd_, SSL_ENABLE_FALSE_START, ssl_config_.false_start_enabled);
if (rv != SECSuccess)
LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
@@ -3206,11 +3218,10 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
// position to prevent renegotiation attacks.
// http://extendedsubset.com/?p=8
- rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION,
- SSL_RENEGOTIATE_TRANSITIONAL);
+ rv = SSL_OptionSet(
+ nss_fd_, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_TRANSITIONAL);
if (rv != SECSuccess) {
- LogFailedNSSFunction(
- net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
+ LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
}
rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, PR_TRUE);
@@ -3221,20 +3232,21 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
#ifdef SSL_ENABLE_OCSP_STAPLING
// Request OCSP stapling even on platforms that don't support it, in
// order to extract Certificate Transparency information.
- rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING,
+ rv = SSL_OptionSet(nss_fd_,
+ SSL_ENABLE_OCSP_STAPLING,
(IsOCSPStaplingSupported() ||
ssl_config_.signed_cert_timestamps_enabled));
if (rv != SECSuccess) {
- LogFailedNSSFunction(net_log_, "SSL_OptionSet",
- "SSL_ENABLE_OCSP_STAPLING");
+ LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_OCSP_STAPLING");
}
#endif
- rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
+ rv = SSL_OptionSet(nss_fd_,
+ SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
ssl_config_.signed_cert_timestamps_enabled);
if (rv != SECSuccess) {
- LogFailedNSSFunction(net_log_, "SSL_OptionSet",
- "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS");
+ LogFailedNSSFunction(
+ net_log_, "SSL_OptionSet", "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS");
}
rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);
@@ -3269,8 +3281,8 @@ int SSLClientSocketNSS::InitializeSSLPeerName() {
PRNetAddr peername;
memset(&peername, 0, sizeof(peername));
DCHECK_LE(static_cast<size_t>(storage.addr_len), sizeof(peername));
- size_t len = std::min(static_cast<size_t>(storage.addr_len),
- sizeof(peername));
+ size_t len =
+ std::min(static_cast<size_t>(storage.addr_len), sizeof(peername));
memcpy(&peername, storage.addr, len);
// Adjust the address family field for BSD, whose sockaddr
@@ -3356,9 +3368,8 @@ int SSLClientSocketNSS::DoHandshakeLoop(int last_io_result) {
int SSLClientSocketNSS::DoHandshake() {
EnterFunction("");
- int rv = core_->Connect(
- base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
- base::Unretained(this)));
+ int rv = core_->Connect(base::Bind(&SSLClientSocketNSS::OnHandshakeIOComplete,
+ base::Unretained(this)));
GotoState(STATE_HANDSHAKE_COMPLETE);
LeaveFunction(rv);
@@ -3445,9 +3456,9 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
base::TimeDelta verify_time =
base::TimeTicks::Now() - start_cert_verification_time_;
if (result == OK)
- UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time);
+ UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time);
else
- UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
+ UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
}
// We used to remember the intermediate CA certs in the NSS database
@@ -3492,14 +3503,13 @@ int SSLClientSocketNSS::DoVerifyCertComplete(int result) {
(IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
server_cert_verify_result_.is_issued_by_known_root &&
TransportSecurityState::IsBuildTimely()) {
- bool sni_available =
- ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 ||
- ssl_config_.version_fallback;
+ bool sni_available = ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 ||
+ ssl_config_.version_fallback;
const std::string& host = host_and_port_.host();
TransportSecurityState::DomainState domain_state;
- if (transport_security_state_->GetDomainState(host, sni_available,
- &domain_state) &&
+ if (transport_security_state_->GetDomainState(
+ host, sni_available, &domain_state) &&
domain_state.HasPublicKeyPins()) {
if (!domain_state.CheckPublicKeyPins(
server_cert_verify_result_.public_key_hashes,
@@ -3556,8 +3566,8 @@ void SSLClientSocketNSS::VerifyCT() {
void SSLClientSocketNSS::LogConnectionTypeMetrics() const {
UpdateConnectionTypeHistograms(CONNECTION_SSL);
- int ssl_version = SSLConnectionStatusToVersion(
- core_->state().ssl_connection_status);
+ int ssl_version =
+ SSLConnectionStatusToVersion(core_->state().ssl_connection_status);
switch (ssl_version) {
case SSL_CONNECTION_VERSION_SSL2:
UpdateConnectionTypeHistograms(CONNECTION_SSL_SSL2);
@@ -3592,23 +3602,25 @@ bool SSLClientSocketNSS::CalledOnValidThread() const {
void SSLClientSocketNSS::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const {
for (ct::SCTList::const_iterator iter =
- ct_verify_result_.verified_scts.begin();
- iter != ct_verify_result_.verified_scts.end(); ++iter) {
+ ct_verify_result_.verified_scts.begin();
+ iter != ct_verify_result_.verified_scts.end();
+ ++iter) {
ssl_info->signed_certificate_timestamps.push_back(
SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_OK));
}
for (ct::SCTList::const_iterator iter =
- ct_verify_result_.invalid_scts.begin();
- iter != ct_verify_result_.invalid_scts.end(); ++iter) {
+ ct_verify_result_.invalid_scts.begin();
+ iter != ct_verify_result_.invalid_scts.end();
+ ++iter) {
ssl_info->signed_certificate_timestamps.push_back(
SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_INVALID));
}
for (ct::SCTList::const_iterator iter =
- ct_verify_result_.unknown_logs_scts.begin();
- iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) {
+ ct_verify_result_.unknown_logs_scts.begin();
+ iter != ct_verify_result_.unknown_logs_scts.end();
+ ++iter) {
ssl_info->signed_certificate_timestamps.push_back(
- SignedCertificateTimestampAndStatus(*iter,
- ct::SCT_STATUS_LOG_UNKNOWN));
+ SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_LOG_UNKNOWN));
}
}
« net/base/mime_util_unittest.cc ('K') | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698