Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_server_socket_impl.cc

Issue 2728823002: Remove redundant 3-SHAKE mitigation. (Closed)
Patch Set: typo Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/openssl_ssl_util.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_server_socket_impl.h" 5 #include "net/socket/ssl_server_socket_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 486 matching lines...) Expand 10 before | Expand all | Expand 10 after
497 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_.get()); 497 STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_.get());
498 client_cert_ = CreateX509Certificate(cert.get(), chain); 498 client_cert_ = CreateX509Certificate(cert.get(), chain);
499 if (!client_cert_.get()) 499 if (!client_cert_.get())
500 return ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT; 500 return ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT;
501 } 501 }
502 } else { 502 } else {
503 int ssl_error = SSL_get_error(ssl_.get(), rv); 503 int ssl_error = SSL_get_error(ssl_.get(), rv);
504 OpenSSLErrorInfo error_info; 504 OpenSSLErrorInfo error_info;
505 net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); 505 net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info);
506 506
507 // This hack is necessary because the mapping of SSL error codes to 507 // SSL_R_CERTIFICATE_VERIFY_FAILED's mapping is different between client and
508 // net_errors assumes (correctly for client sockets, but erroneously for 508 // server.
509 // server sockets) that peer cert verification failure can only occur if 509 if (ERR_GET_LIB(error_info.error_code) == ERR_LIB_SSL &&
510 // the cert changed during a renego. crbug.com/570351 510 ERR_GET_REASON(error_info.error_code) ==
511 if (net_error == ERR_SSL_SERVER_CERT_CHANGED) 511 SSL_R_CERTIFICATE_VERIFY_FAILED) {
512 net_error = ERR_BAD_SSL_CLIENT_AUTH_CERT; 512 net_error = ERR_BAD_SSL_CLIENT_AUTH_CERT;
513 }
513 514
514 // If not done, stay in this state 515 // If not done, stay in this state
515 if (net_error == ERR_IO_PENDING) { 516 if (net_error == ERR_IO_PENDING) {
516 GotoState(STATE_HANDSHAKE); 517 GotoState(STATE_HANDSHAKE);
517 } else { 518 } else {
518 LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code " 519 LOG(ERROR) << "handshake failed; returned " << rv << ", SSL error code "
519 << ssl_error << ", net_error " << net_error; 520 << ssl_error << ", net_error " << net_error;
520 net_log_.AddEvent( 521 net_log_.AddEvent(
521 NetLogEventType::SSL_HANDSHAKE_ERROR, 522 NetLogEventType::SSL_HANDSHAKE_ERROR,
522 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); 523 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
(...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after
730 SSLServerContextImpl::~SSLServerContextImpl() {} 731 SSLServerContextImpl::~SSLServerContextImpl() {}
731 732
732 std::unique_ptr<SSLServerSocket> SSLServerContextImpl::CreateSSLServerSocket( 733 std::unique_ptr<SSLServerSocket> SSLServerContextImpl::CreateSSLServerSocket(
733 std::unique_ptr<StreamSocket> socket) { 734 std::unique_ptr<StreamSocket> socket) {
734 bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx_.get())); 735 bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx_.get()));
735 return std::unique_ptr<SSLServerSocket>( 736 return std::unique_ptr<SSLServerSocket>(
736 new SSLServerSocketImpl(std::move(socket), std::move(ssl))); 737 new SSLServerSocketImpl(std::move(socket), std::move(ssl)));
737 } 738 }
738 739
739 } // namespace net 740 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/openssl_ssl_util.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698