Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(794)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 280853002: Preserve transport errors for OpenSSL sockets. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: USE_NSS -> USE_OPENSSL for Windows and Mac Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/openssl_ssl_util.cc ('k') | net/socket/ssl_client_socket_openssl.h » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 1829 matching lines...) Expand 10 before | Expand all | Expand 10 after
1840 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); 1840 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError();
1841 } else if (rv == SECSuccess) { 1841 } else if (rv == SECSuccess) {
1842 if (!handshake_callback_called_) { 1842 if (!handshake_callback_called_) {
1843 false_started_ = true; 1843 false_started_ = true;
1844 HandshakeSucceeded(); 1844 HandshakeSucceeded();
1845 } 1845 }
1846 } else { 1846 } else {
1847 PRErrorCode prerr = PR_GetError(); 1847 PRErrorCode prerr = PR_GetError();
1848 net_error = HandleNSSError(prerr, true); 1848 net_error = HandleNSSError(prerr, true);
1849 1849
1850 // Some network devices that inspect application-layer packets seem to
1851 // inject TCP reset packets to break the connections when they see
1852 // TLS 1.1 in ClientHello or ServerHello. See http://crbug.com/130293.
1853 //
1854 // Only allow ERR_CONNECTION_RESET to trigger a fallback from TLS 1.1 or
1855 // 1.2. We don't lose much in this fallback because the explicit IV for CBC
1856 // mode in TLS 1.1 is approximated by record splitting in TLS 1.0. The
1857 // fallback will be more painful for TLS 1.2 when we have GCM support.
1858 //
1859 // ERR_CONNECTION_RESET is a common network error, so we don't want it
1860 // to trigger a version fallback in general, especially the TLS 1.0 ->
1861 // SSL 3.0 fallback, which would drop TLS extensions.
1862 if (prerr == PR_CONNECT_RESET_ERROR &&
1863 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_1) {
1864 net_error = ERR_SSL_PROTOCOL_ERROR;
1865 }
1866
1867 // If not done, stay in this state 1850 // If not done, stay in this state
1868 if (net_error == ERR_IO_PENDING) { 1851 if (net_error == ERR_IO_PENDING) {
1869 GotoState(STATE_HANDSHAKE); 1852 GotoState(STATE_HANDSHAKE);
1870 } else { 1853 } else {
1871 PostOrRunCallback( 1854 PostOrRunCallback(
1872 FROM_HERE, 1855 FROM_HERE,
1873 base::Bind(&AddLogEventWithCallback, weak_net_log_, 1856 base::Bind(&AddLogEventWithCallback, weak_net_log_,
1874 NetLog::TYPE_SSL_HANDSHAKE_ERROR, 1857 NetLog::TYPE_SSL_HANDSHAKE_ERROR,
1875 CreateNetLogSSLErrorCallback(net_error, prerr))); 1858 CreateNetLogSSLErrorCallback(net_error, prerr)));
1876 } 1859 }
(...skipping 1737 matching lines...) Expand 10 before | Expand all | Expand 10 after
3614 scoped_refptr<X509Certificate> 3597 scoped_refptr<X509Certificate>
3615 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { 3598 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
3616 return core_->state().server_cert.get(); 3599 return core_->state().server_cert.get();
3617 } 3600 }
3618 3601
3619 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { 3602 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
3620 return server_bound_cert_service_; 3603 return server_bound_cert_service_;
3621 } 3604 }
3622 3605
3623 } // namespace net 3606 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/openssl_ssl_util.cc ('k') | net/socket/ssl_client_socket_openssl.h » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698