| Index: net/socket/ssl_client_socket_openssl.cc
|
| diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
|
| index d6345f71501d2acc3e20384943045d90ebdfa846..44decd07e72a695a793989355cb36880327ab6c1 100644
|
| --- a/net/socket/ssl_client_socket_openssl.cc
|
| +++ b/net/socket/ssl_client_socket_openssl.cc
|
| @@ -36,9 +36,11 @@ namespace {
|
|
|
| // Enable this to see logging for state machine state transitions.
|
| #if 0
|
| -#define GotoState(s) do { DVLOG(2) << (void *)this << " " << __FUNCTION__ << \
|
| - " jump to state " << s; \
|
| - next_handshake_state_ = s; } while (0)
|
| +#define GotoState(s) \
|
| + do { \
|
| + DVLOG(2) << (void*) this << " " << __FUNCTION__ << " jump to state " << s; \
|
| + next_handshake_state_ = s; \
|
| + } while (0)
|
| #else
|
| #define GotoState(s) next_handshake_state_ = s
|
| #endif
|
| @@ -53,19 +55,19 @@ const char kDefaultSupportedNPNProtocol[] = "http/1.1";
|
|
|
| #if OPENSSL_VERSION_NUMBER < 0x1000103fL
|
| // This method doesn't seem to have made it into the OpenSSL headers.
|
| -unsigned long SSL_CIPHER_get_id(const SSL_CIPHER* cipher) { return cipher->id; }
|
| +unsigned long SSL_CIPHER_get_id(const SSL_CIPHER* cipher) {
|
| + return cipher->id;
|
| +}
|
| #endif
|
|
|
| // Used for encoding the |connection_status| field of an SSLInfo object.
|
| -int EncodeSSLConnectionStatus(int cipher_suite,
|
| - int compression,
|
| - int version) {
|
| - return ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) <<
|
| - SSL_CONNECTION_CIPHERSUITE_SHIFT) |
|
| - ((compression & SSL_CONNECTION_COMPRESSION_MASK) <<
|
| - SSL_CONNECTION_COMPRESSION_SHIFT) |
|
| - ((version & SSL_CONNECTION_VERSION_MASK) <<
|
| - SSL_CONNECTION_VERSION_SHIFT);
|
| +int EncodeSSLConnectionStatus(int cipher_suite, int compression, int version) {
|
| + return ((cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK)
|
| + << SSL_CONNECTION_CIPHERSUITE_SHIFT) |
|
| + ((compression & SSL_CONNECTION_COMPRESSION_MASK)
|
| + << SSL_CONNECTION_COMPRESSION_SHIFT) |
|
| + ((version & SSL_CONNECTION_VERSION_MASK)
|
| + << SSL_CONNECTION_VERSION_SHIFT);
|
| }
|
|
|
| // Returns the net SSL version number (see ssl_connection_status_flags.h) for
|
| @@ -204,8 +206,7 @@ int MapOpenSSLError(int err, const crypto::OpenSSLErrStackTracer& tracer) {
|
| return ERR_IO_PENDING;
|
| case SSL_ERROR_SYSCALL:
|
| LOG(ERROR) << "OpenSSL SYSCALL error, earliest error code in "
|
| - "error queue: " << ERR_peek_error() << ", errno: "
|
| - << errno;
|
| + "error queue: " << ERR_peek_error() << ", errno: " << errno;
|
| return ERR_SSL_PROTOCOL_ERROR;
|
| case SSL_ERROR_SSL:
|
| return MapOpenSSLErrorSSL();
|
| @@ -274,8 +275,8 @@ class SSLClientSocketOpenSSL::SSLContext {
|
| // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty.
|
| // It would be better if the callback were not a global setting,
|
| // but that is an OpenSSL issue.
|
| - SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback,
|
| - NULL);
|
| + SSL_CTX_set_next_proto_select_cb(
|
| + ssl_ctx_.get(), SelectNextProtoCallback, NULL);
|
| }
|
|
|
| static std::string GetSessionCacheKey(const SSL* ssl) {
|
| @@ -298,7 +299,7 @@ class SSLClientSocketOpenSSL::SSLContext {
|
| socket->ChannelIDRequestCallback(ssl, pkey);
|
| }
|
|
|
| - static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) {
|
| + static int CertVerifyCallback(X509_STORE_CTX* store_ctx, void* arg) {
|
| SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
|
| store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx()));
|
| SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
|
| @@ -308,9 +309,11 @@ class SSLClientSocketOpenSSL::SSLContext {
|
| }
|
|
|
| static int SelectNextProtoCallback(SSL* ssl,
|
| - unsigned char** out, unsigned char* outlen,
|
| + unsigned char** out,
|
| + unsigned char* outlen,
|
| const unsigned char* in,
|
| - unsigned int inlen, void* arg) {
|
| + unsigned int inlen,
|
| + void* arg) {
|
| SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
|
| return socket->SelectNextProtoCallback(out, outlen, in, inlen);
|
| }
|
| @@ -330,7 +333,7 @@ class SSLClientSocketOpenSSL::SSLContext {
|
| // and the other elements are in the order given by the server.
|
| class SSLClientSocketOpenSSL::PeerCertificateChain {
|
| public:
|
| - explicit PeerCertificateChain(STACK_OF(X509)* chain) { Reset(chain); }
|
| + explicit PeerCertificateChain(STACK_OF(X509) * chain) { Reset(chain); }
|
| PeerCertificateChain(const PeerCertificateChain& other) { *this = other; }
|
| ~PeerCertificateChain() {}
|
| PeerCertificateChain& operator=(const PeerCertificateChain& other);
|
| @@ -339,7 +342,7 @@ class SSLClientSocketOpenSSL::PeerCertificateChain {
|
| // which may be NULL, indicating to empty the store certificates.
|
| // Note: If an error occurs, such as being unable to parse the certificates,
|
| // this will behave as if Reset(NULL) was called.
|
| - void Reset(STACK_OF(X509)* chain);
|
| + void Reset(STACK_OF(X509) * chain);
|
|
|
| // Note that when USE_OPENSSL is defined, OSCertHandle is X509*
|
| const scoped_refptr<X509Certificate>& AsOSChain() const { return os_chain_; }
|
| @@ -358,7 +361,7 @@ class SSLClientSocketOpenSSL::PeerCertificateChain {
|
| bool IsValid() { return os_chain_.get() && openssl_chain_.get(); }
|
|
|
| private:
|
| - static void FreeX509Stack(STACK_OF(X509)* cert_chain) {
|
| + static void FreeX509Stack(STACK_OF(X509) * cert_chain) {
|
| sk_X509_pop_free(cert_chain, X509_free);
|
| }
|
|
|
| @@ -370,8 +373,8 @@ class SSLClientSocketOpenSSL::PeerCertificateChain {
|
| };
|
|
|
| SSLClientSocketOpenSSL::PeerCertificateChain&
|
| -SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
|
| - const PeerCertificateChain& other) {
|
| +SSLClientSocketOpenSSL::PeerCertificateChain::
|
| +operator=(const PeerCertificateChain& other) {
|
| if (this == &other)
|
| return *this;
|
|
|
| @@ -390,8 +393,8 @@ SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
|
| #if defined(USE_OPENSSL_CERTS)
|
| // When OSCertHandle is typedef'ed to X509, this implementation does a short cut
|
| // to avoid converting back and forth between der and X509 struct.
|
| -void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
|
| - STACK_OF(X509)* chain) {
|
| +void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(STACK_OF(X509) *
|
| + chain) {
|
| openssl_chain_.reset(NULL);
|
| os_chain_ = NULL;
|
|
|
| @@ -415,9 +418,9 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
|
| CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
|
| }
|
| }
|
| -#else // !defined(USE_OPENSSL_CERTS)
|
| -void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
|
| - STACK_OF(X509)* chain) {
|
| +#else // !defined(USE_OPENSSL_CERTS)
|
| +void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(STACK_OF(X509) *
|
| + chain) {
|
| openssl_chain_.reset(NULL);
|
| os_chain_ = NULL;
|
|
|
| @@ -502,7 +505,8 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
|
| npn_status_(kNextProtoUnsupported),
|
| channel_id_request_return_value_(ERR_UNEXPECTED),
|
| channel_id_xtn_negotiated_(false),
|
| - net_log_(transport_->socket()->NetLog()) {}
|
| + net_log_(transport_->socket()->NetLog()) {
|
| +}
|
|
|
| SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() {
|
| Disconnect();
|
| @@ -515,25 +519,31 @@ void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(
|
| }
|
|
|
| SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto(
|
| - std::string* proto, std::string* server_protos) {
|
| + std::string* proto,
|
| + std::string* server_protos) {
|
| *proto = npn_proto_;
|
| *server_protos = server_protos_;
|
| return npn_status_;
|
| }
|
|
|
| -ServerBoundCertService*
|
| -SSLClientSocketOpenSSL::GetServerBoundCertService() const {
|
| +ServerBoundCertService* SSLClientSocketOpenSSL::GetServerBoundCertService()
|
| + const {
|
| return server_bound_cert_service_;
|
| }
|
|
|
| int SSLClientSocketOpenSSL::ExportKeyingMaterial(
|
| const base::StringPiece& label,
|
| - bool has_context, const base::StringPiece& context,
|
| - unsigned char* out, unsigned int outlen) {
|
| + bool has_context,
|
| + const base::StringPiece& context,
|
| + unsigned char* out,
|
| + unsigned int outlen) {
|
| crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
|
|
| int rv = SSL_export_keying_material(
|
| - ssl_, out, outlen, const_cast<char*>(label.data()),
|
| + ssl_,
|
| + out,
|
| + outlen,
|
| + const_cast<char*>(label.data()),
|
| label.size(),
|
| reinterpret_cast<unsigned char*>(const_cast<char*>(context.data())),
|
| context.length(),
|
| @@ -542,8 +552,7 @@ int SSLClientSocketOpenSSL::ExportKeyingMaterial(
|
| if (rv != 1) {
|
| int ssl_error = SSL_get_error(ssl_, rv);
|
| LOG(ERROR) << "Failed to export keying material;"
|
| - << " returned " << rv
|
| - << ", SSL error code " << ssl_error;
|
| + << " returned " << rv << ", SSL error code " << ssl_error;
|
| return MapOpenSSLError(ssl_error, err_tracer);
|
| }
|
| return OK;
|
| @@ -604,10 +613,10 @@ void SSLClientSocketOpenSSL::Disconnect() {
|
| user_connect_callback_.Reset();
|
| user_read_callback_.Reset();
|
| user_write_callback_.Reset();
|
| - user_read_buf_ = NULL;
|
| - user_read_buf_len_ = 0;
|
| - user_write_buf_ = NULL;
|
| - user_write_buf_len_ = 0;
|
| + user_read_buf_ = NULL;
|
| + user_read_buf_len_ = 0;
|
| + user_write_buf_ = NULL;
|
| + user_write_buf_len_ = 0;
|
|
|
| pending_read_error_ = kNoPendingReadResult;
|
| transport_write_error_ = OK;
|
| @@ -696,8 +705,7 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
|
| ssl_info->cert_status = server_cert_verify_result_.cert_status;
|
| ssl_info->is_issued_by_known_root =
|
| server_cert_verify_result_.is_issued_by_known_root;
|
| - ssl_info->public_key_hashes =
|
| - server_cert_verify_result_.public_key_hashes;
|
| + ssl_info->public_key_hashes = server_cert_verify_result_.public_key_hashes;
|
| ssl_info->client_cert_sent =
|
| ssl_config_.send_client_cert && ssl_config_.client_cert.get();
|
| ssl_info->channel_id_sent = WasChannelIDSent();
|
| @@ -712,27 +720,29 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
|
| ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL);
|
| const COMP_METHOD* compression = SSL_get_current_compression(ssl_);
|
|
|
| - ssl_info->connection_status = EncodeSSLConnectionStatus(
|
| - SSL_CIPHER_get_id(cipher),
|
| - compression ? compression->type : 0,
|
| - GetNetSSLVersion(ssl_));
|
| + ssl_info->connection_status =
|
| + EncodeSSLConnectionStatus(SSL_CIPHER_get_id(cipher),
|
| + compression ? compression->type : 0,
|
| + GetNetSSLVersion(ssl_));
|
|
|
| bool peer_supports_renego_ext = !!SSL_get_secure_renegotiation_support(ssl_);
|
| if (!peer_supports_renego_ext)
|
| ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
|
| UMA_HISTOGRAM_ENUMERATION("Net.RenegotiationExtensionSupported",
|
| - implicit_cast<int>(peer_supports_renego_ext), 2);
|
| + implicit_cast<int>(peer_supports_renego_ext),
|
| + 2);
|
|
|
| if (ssl_config_.version_fallback)
|
| ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK;
|
|
|
| - ssl_info->handshake_type = SSL_session_reused(ssl_) ?
|
| - SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
|
| + ssl_info->handshake_type = SSL_session_reused(ssl_)
|
| + ? SSLInfo::HANDSHAKE_RESUME
|
| + : SSLInfo::HANDSHAKE_FULL;
|
|
|
| DVLOG(3) << "Encoded connection status: cipher suite = "
|
| - << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
|
| - << " version = "
|
| - << SSLConnectionStatusToVersion(ssl_info->connection_status);
|
| + << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
|
| + << " version = "
|
| + << SSLConnectionStatusToVersion(ssl_info->connection_status);
|
| return true;
|
| }
|
|
|
| @@ -856,8 +866,9 @@ bool SSLClientSocketOpenSSL::Init() {
|
| // disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256
|
| // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384
|
| // as the handshake hash.
|
| - std::string command("DEFAULT:!NULL:!aNULL:!IDEA:!FZA:!SRP:!SHA256:!SHA384:"
|
| - "!aECDH:!AESGCM+AES256");
|
| + std::string command(
|
| + "DEFAULT:!NULL:!aNULL:!IDEA:!FZA:!SRP:!SHA256:!SHA384:"
|
| + "!aECDH:!AESGCM+AES256");
|
| // Walk through all the installed ciphers, seeing if any need to be
|
| // appended to the cipher removal |command|.
|
| for (int i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) {
|
| @@ -870,23 +881,24 @@ bool SSLClientSocketOpenSSL::Init() {
|
| bool disable = SSL_CIPHER_get_bits(cipher, NULL) < 80;
|
| if (!disable) {
|
| disable = std::find(ssl_config_.disabled_cipher_suites.begin(),
|
| - ssl_config_.disabled_cipher_suites.end(), id) !=
|
| - ssl_config_.disabled_cipher_suites.end();
|
| + ssl_config_.disabled_cipher_suites.end(),
|
| + id) != ssl_config_.disabled_cipher_suites.end();
|
| }
|
| if (disable) {
|
| - const char* name = SSL_CIPHER_get_name(cipher);
|
| - DVLOG(3) << "Found cipher to remove: '" << name << "', ID: " << id
|
| - << " strength: " << SSL_CIPHER_get_bits(cipher, NULL);
|
| - command.append(":!");
|
| - command.append(name);
|
| - }
|
| + const char* name = SSL_CIPHER_get_name(cipher);
|
| + DVLOG(3) << "Found cipher to remove: '" << name << "', ID: " << id
|
| + << " strength: " << SSL_CIPHER_get_bits(cipher, NULL);
|
| + command.append(":!");
|
| + command.append(name);
|
| + }
|
| }
|
| int rv = SSL_set_cipher_list(ssl_, command.c_str());
|
| // If this fails (rv = 0) it means there are no ciphers enabled on this SSL.
|
| // This will almost certainly result in the socket failing to complete the
|
| // handshake at which point the appropriate error is bubbled up to the client.
|
| LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
|
| - "returned " << rv;
|
| + "returned "
|
| + << rv;
|
|
|
| // TLS channel ids.
|
| if (IsChannelIDEnabled(ssl_config_, server_bound_cert_service_)) {
|
| @@ -959,10 +971,9 @@ int SSLClientSocketOpenSSL::DoHandshake() {
|
| // SSL handshake is completed. Let's verify the certificate.
|
| const bool got_cert = !!UpdateServerCert();
|
| DCHECK(got_cert);
|
| - net_log_.AddEvent(
|
| - NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
|
| - base::Bind(&NetLogX509CertificateCallback,
|
| - base::Unretained(server_cert_.get())));
|
| + net_log_.AddEvent(NetLog::TYPE_SSL_CERTIFICATES_RECEIVED,
|
| + base::Bind(&NetLogX509CertificateCallback,
|
| + base::Unretained(server_cert_.get())));
|
| GotoState(STATE_VERIFY_CERT);
|
| } else {
|
| int ssl_error = SSL_get_error(ssl_, rv);
|
| @@ -979,12 +990,10 @@ int SSLClientSocketOpenSSL::DoHandshake() {
|
| if (net_error == ERR_IO_PENDING) {
|
| GotoState(STATE_HANDSHAKE);
|
| } else {
|
| - LOG(ERROR) << "handshake failed; returned " << rv
|
| - << ", SSL error code " << ssl_error
|
| - << ", net_error " << net_error;
|
| - net_log_.AddEvent(
|
| - NetLog::TYPE_SSL_HANDSHAKE_ERROR,
|
| - CreateNetLogSSLErrorCallback(net_error, ssl_error));
|
| + LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code "
|
| + << ssl_error << ", net_error " << net_error;
|
| + net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR,
|
| + CreateNetLogSSLErrorCallback(net_error, ssl_error));
|
| }
|
| }
|
| return net_error;
|
| @@ -1032,8 +1041,8 @@ int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
|
| // when the server sends them to us, and do so here.
|
| SSLContext::GetInstance()->session_cache()->MarkSSLSessionAsGood(ssl_);
|
| } else {
|
| - DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result)
|
| - << " (" << result << ")";
|
| + DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result) << " ("
|
| + << result << ")";
|
| }
|
|
|
| completed_handshake_ = true;
|
| @@ -1137,7 +1146,7 @@ int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) {
|
| case STATE_VERIFY_CERT:
|
| DCHECK(rv == OK);
|
| rv = DoVerifyCert(rv);
|
| - break;
|
| + break;
|
| case STATE_VERIFY_CERT_COMPLETE:
|
| rv = DoVerifyCertComplete(rv);
|
| break;
|
| @@ -1195,15 +1204,16 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
|
| rv = pending_read_error_;
|
| pending_read_error_ = kNoPendingReadResult;
|
| if (rv == 0) {
|
| - net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED,
|
| - rv, user_read_buf_->data());
|
| + net_log_.AddByteTransferEvent(
|
| + NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, user_read_buf_->data());
|
| }
|
| return rv;
|
| }
|
|
|
| int total_bytes_read = 0;
|
| do {
|
| - rv = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read,
|
| + rv = SSL_read(ssl_,
|
| + user_read_buf_->data() + total_bytes_read,
|
| user_read_buf_len_ - total_bytes_read);
|
| if (rv > 0)
|
| total_bytes_read += rv;
|
| @@ -1222,7 +1232,7 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
|
| // this function. If at least some data was read, |*next_result| will point
|
| // to |pending_read_error_|, to be returned in a future call to
|
| // DoPayloadRead() (e.g.: after the current data is handled).
|
| - int *next_result = &rv;
|
| + int* next_result = &rv;
|
| if (total_bytes_read > 0) {
|
| pending_read_error_ = rv;
|
| rv = total_bytes_read;
|
| @@ -1235,21 +1245,21 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
|
| int err = SSL_get_error(ssl_, *next_result);
|
| *next_result = MapOpenSSLError(err, err_tracer);
|
| if (rv > 0 && *next_result == ERR_IO_PENDING) {
|
| - // If at least some data was read from SSL_read(), do not treat
|
| - // insufficient data as an error to return in the next call to
|
| - // DoPayloadRead() - instead, let the call fall through to check
|
| - // SSL_read() again. This is because DoTransportIO() may complete
|
| - // in between the next call to DoPayloadRead(), and thus it is
|
| - // important to check SSL_read() on subsequent invocations to see
|
| - // if a complete record may now be read.
|
| + // If at least some data was read from SSL_read(), do not treat
|
| + // insufficient data as an error to return in the next call to
|
| + // DoPayloadRead() - instead, let the call fall through to check
|
| + // SSL_read() again. This is because DoTransportIO() may complete
|
| + // in between the next call to DoPayloadRead(), and thus it is
|
| + // important to check SSL_read() on subsequent invocations to see
|
| + // if a complete record may now be read.
|
| *next_result = kNoPendingReadResult;
|
| }
|
| }
|
| }
|
|
|
| if (rv >= 0) {
|
| - net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
|
| - user_read_buf_->data());
|
| + net_log_.AddByteTransferEvent(
|
| + NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, user_read_buf_->data());
|
| }
|
| return rv;
|
| }
|
| @@ -1259,8 +1269,8 @@ int SSLClientSocketOpenSSL::DoPayloadWrite() {
|
| int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
|
|
|
| if (rv >= 0) {
|
| - net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
|
| - user_write_buf_->data());
|
| + net_log_.AddByteTransferEvent(
|
| + NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, user_write_buf_->data());
|
| return rv;
|
| }
|
|
|
| @@ -1415,14 +1425,13 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
|
| // First pass: we know that a client certificate is needed, but we do not
|
| // have one at hand.
|
| client_auth_cert_needed_ = true;
|
| - STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl);
|
| + STACK_OF(X509_NAME)* authorities = SSL_get_client_CA_list(ssl);
|
| for (int i = 0; i < sk_X509_NAME_num(authorities); i++) {
|
| - X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i);
|
| + X509_NAME* ca_name = (X509_NAME*)sk_X509_NAME_value(authorities, i);
|
| unsigned char* str = NULL;
|
| int length = i2d_X509_NAME(ca_name, &str);
|
| cert_authorities_.push_back(std::string(
|
| - reinterpret_cast<const char*>(str),
|
| - static_cast<size_t>(length)));
|
| + reinterpret_cast<const char*>(str), static_cast<size_t>(length)));
|
| OPENSSL_free(str);
|
| }
|
|
|
| @@ -1447,7 +1456,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
|
| }
|
| LOG(WARNING) << "Client cert found without private key";
|
| }
|
| -#else // !defined(USE_OPENSSL_CERTS)
|
| +#else // !defined(USE_OPENSSL_CERTS)
|
| // OS handling of client certificates is not yet implemented.
|
| NOTIMPLEMENTED();
|
| #endif // defined(USE_OPENSSL_CERTS)
|
| @@ -1536,12 +1545,12 @@ int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
|
| npn_status_ = kNextProtoNoOverlap;
|
|
|
| // For each protocol in server preference order, see if we support it.
|
| - for (unsigned int i = 0; i < inlen; i += in[i] + 1) {
|
| - for (std::vector<std::string>::const_iterator
|
| - j = ssl_config_.next_protos.begin();
|
| - j != ssl_config_.next_protos.end(); ++j) {
|
| - if (in[i] == j->size() &&
|
| - memcmp(&in[i + 1], j->data(), in[i]) == 0) {
|
| + for (unsigned int i = 0; i < inlen; i += in [i] + 1) {
|
| + for (std::vector<std::string>::const_iterator j =
|
| + ssl_config_.next_protos.begin();
|
| + j != ssl_config_.next_protos.end();
|
| + ++j) {
|
| + if (in[i] == j->size() && memcmp(&in[i + 1], j->data(), in[i]) == 0) {
|
| // We found a match.
|
| *out = const_cast<unsigned char*>(in) + i + 1;
|
| *outlen = in[i];
|
| @@ -1555,8 +1564,8 @@ int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
|
|
|
| // If we didn't find a protocol, we select the first one from our list.
|
| if (npn_status_ == kNextProtoNoOverlap) {
|
| - *out = reinterpret_cast<uint8*>(const_cast<char*>(
|
| - ssl_config_.next_protos[0].data()));
|
| + *out = reinterpret_cast<uint8*>(
|
| + const_cast<char*>(ssl_config_.next_protos[0].data()));
|
| *outlen = ssl_config_.next_protos[0].size();
|
| }
|
|
|
|
|
Chromium Code Reviews
