Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(146)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/nss_ssl_util.cc

Issue 27266002: Do not allow the server certificate to change in a renegotiation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/net_error_list.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/nss_ssl_util.h" 5 #include "net/socket/nss_ssl_util.h"
6 6
7 #include <nss.h> 7 #include <nss.h>
8 #include <secerr.h> 8 #include <secerr.h>
9 #include <ssl.h> 9 #include <ssl.h>
10 #include <sslerr.h> 10 #include <sslerr.h>
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after
226 case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE: 226 case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE:
227 // TODO(wtc): the following errors may also occur in contexts unrelated 227 // TODO(wtc): the following errors may also occur in contexts unrelated
228 // to the peer's public key. We should add new error codes for them, or 228 // to the peer's public key. We should add new error codes for them, or
229 // map them to ERR_SSL_BAD_PEER_PUBLIC_KEY only in the right context. 229 // map them to ERR_SSL_BAD_PEER_PUBLIC_KEY only in the right context.
230 // General unsupported/unknown key algorithm error. 230 // General unsupported/unknown key algorithm error.
231 case SEC_ERROR_UNSUPPORTED_KEYALG: 231 case SEC_ERROR_UNSUPPORTED_KEYALG:
232 // General DER decoding errors. 232 // General DER decoding errors.
233 case SEC_ERROR_BAD_DER: 233 case SEC_ERROR_BAD_DER:
234 case SEC_ERROR_EXTRA_INPUT: 234 case SEC_ERROR_EXTRA_INPUT:
235 return ERR_SSL_BAD_PEER_PUBLIC_KEY; 235 return ERR_SSL_BAD_PEER_PUBLIC_KEY;
236 case SSL_ERROR_BAD_CERTIFICATE:
237 return ERR_SSL_SERVER_CERT_CHANGED;
236 238
237 default: { 239 default: {
238 if (IS_SSL_ERROR(err)) { 240 if (IS_SSL_ERROR(err)) {
239 LOG(WARNING) << "Unknown SSL error " << err 241 LOG(WARNING) << "Unknown SSL error " << err
240 << " mapped to net::ERR_SSL_PROTOCOL_ERROR"; 242 << " mapped to net::ERR_SSL_PROTOCOL_ERROR";
241 return ERR_SSL_PROTOCOL_ERROR; 243 return ERR_SSL_PROTOCOL_ERROR;
242 } 244 }
243 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; 245 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
244 return ERR_FAILED; 246 return ERR_FAILED;
245 } 247 }
(...skipping 21 matching lines...) Expand all
267 const char* param) { 269 const char* param) {
268 DCHECK(function); 270 DCHECK(function);
269 DCHECK(param); 271 DCHECK(param);
270 net_log.AddEvent( 272 net_log.AddEvent(
271 NetLog::TYPE_SSL_NSS_ERROR, 273 NetLog::TYPE_SSL_NSS_ERROR,
272 base::Bind(&NetLogSSLFailedNSSFunctionCallback, 274 base::Bind(&NetLogSSLFailedNSSFunctionCallback,
273 function, param, PR_GetError())); 275 function, param, PR_GetError()));
274 } 276 }
275 277
276 } // namespace net 278 } // namespace net
OLDNEW
« no previous file with comments | « net/base/net_error_list.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/socket/ssl_client_socket_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698