| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/nss_ssl_util.h" | 5 #include "net/socket/nss_ssl_util.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <secerr.h> | 8 #include <secerr.h> |
| 9 #include <ssl.h> | 9 #include <ssl.h> |
| 10 #include <sslerr.h> | 10 #include <sslerr.h> |
| (...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 226 case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE: | 226 case SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE: |
| 227 // TODO(wtc): the following errors may also occur in contexts unrelated | 227 // TODO(wtc): the following errors may also occur in contexts unrelated |
| 228 // to the peer's public key. We should add new error codes for them, or | 228 // to the peer's public key. We should add new error codes for them, or |
| 229 // map them to ERR_SSL_BAD_PEER_PUBLIC_KEY only in the right context. | 229 // map them to ERR_SSL_BAD_PEER_PUBLIC_KEY only in the right context. |
| 230 // General unsupported/unknown key algorithm error. | 230 // General unsupported/unknown key algorithm error. |
| 231 case SEC_ERROR_UNSUPPORTED_KEYALG: | 231 case SEC_ERROR_UNSUPPORTED_KEYALG: |
| 232 // General DER decoding errors. | 232 // General DER decoding errors. |
| 233 case SEC_ERROR_BAD_DER: | 233 case SEC_ERROR_BAD_DER: |
| 234 case SEC_ERROR_EXTRA_INPUT: | 234 case SEC_ERROR_EXTRA_INPUT: |
| 235 return ERR_SSL_BAD_PEER_PUBLIC_KEY; | 235 return ERR_SSL_BAD_PEER_PUBLIC_KEY; |
| 236 // During renegotiation, the server presented a different certificate than |
| 237 // was used earlier. |
| 238 case SSL_ERROR_WRONG_CERTIFICATE: |
| 239 return ERR_SSL_SERVER_CERT_CHANGED; |
| 236 | 240 |
| 237 default: { | 241 default: { |
| 238 if (IS_SSL_ERROR(err)) { | 242 if (IS_SSL_ERROR(err)) { |
| 239 LOG(WARNING) << "Unknown SSL error " << err | 243 LOG(WARNING) << "Unknown SSL error " << err |
| 240 << " mapped to net::ERR_SSL_PROTOCOL_ERROR"; | 244 << " mapped to net::ERR_SSL_PROTOCOL_ERROR"; |
| 241 return ERR_SSL_PROTOCOL_ERROR; | 245 return ERR_SSL_PROTOCOL_ERROR; |
| 242 } | 246 } |
| 243 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; | 247 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; |
| 244 return ERR_FAILED; | 248 return ERR_FAILED; |
| 245 } | 249 } |
| (...skipping 21 matching lines...) Expand all Loading... |
| 267 const char* param) { | 271 const char* param) { |
| 268 DCHECK(function); | 272 DCHECK(function); |
| 269 DCHECK(param); | 273 DCHECK(param); |
| 270 net_log.AddEvent( | 274 net_log.AddEvent( |
| 271 NetLog::TYPE_SSL_NSS_ERROR, | 275 NetLog::TYPE_SSL_NSS_ERROR, |
| 272 base::Bind(&NetLogSSLFailedNSSFunctionCallback, | 276 base::Bind(&NetLogSSLFailedNSSFunctionCallback, |
| 273 function, param, PR_GetError())); | 277 function, param, PR_GetError())); |
| 274 } | 278 } |
| 275 | 279 |
| 276 } // namespace net | 280 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 27266002:
Do not allow the server certificate to change in a renegotiation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/