Pass both hostname and port into SSLClientSocket

net/socket/ssl_client_socket_mac.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_mac.h"
 
 #include <CoreServices/CoreServices.h>
 #include <netdb.h>
 #include <sys/socket.h>
 #include <sys/types.h>
@@ skipping 481 matching lines @@
     if (ShouldEnableCipherSuite(supported_ciphers[i]))
       ciphers_.push_back(supported_ciphers[i]);
   }
 }
 
 }  // namespace
 
 //-----------------------------------------------------------------------------
 
 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket,
-                                       const std::string& hostname,
+                                       const HostPortPair& host_port_pair,
                                        const SSLConfig& ssl_config)
     : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete),
       transport_read_callback_(this,
                                &SSLClientSocketMac::OnTransportReadComplete),
       transport_write_callback_(this,
                                 &SSLClientSocketMac::OnTransportWriteComplete),
       transport_(transport_socket),
-      hostname_(hostname),
+      host_port_pair_(host_port_pair),
       ssl_config_(ssl_config),
       user_connect_callback_(NULL),
       user_read_callback_(NULL),
       user_write_callback_(NULL),
       user_read_buf_len_(0),
       user_write_buf_len_(0),
       next_handshake_state_(STATE_NONE),
       completed_handshake_(false),
       handshake_interrupted_(false),
       client_cert_requested_(false),
@@ skipping 161 matching lines @@
       CertPrincipal p;
       if (p.ParseDistinguishedName(CFDataGetBytePtr(issuer),
                                    CFDataGetLength(issuer))) {
         valid_issuers.push_back(p);
       }
     }
     CFRelease(valid_issuer_names);
   }
 
   // Now get the available client certs whose issuers are allowed by the server.
-  cert_request_info->host_and_port = hostname_;
+  cert_request_info->host_and_port = host_port_pair_.ToString();
   cert_request_info->client_certs.clear();
-  X509Certificate::GetSSLClientCertificates(hostname_,
+  X509Certificate::GetSSLClientCertificates(host_port_pair_.host(),
                                             valid_issuers,
                                             &cert_request_info->client_certs);
   SSL_LOG << "Asking user to choose between "
           << cert_request_info->client_certs.size() << " client certs...";
 }
 
 SSLClientSocket::NextProtoStatus
 SSLClientSocketMac::GetNextProto(std::string* proto) {
   proto->clear();
   return kNextProtoUnsupported;
@@ skipping 62 matching lines @@
 
   status = SSLSetIOFuncs(ssl_context_, SSLReadCallback, SSLWriteCallback);
   if (status)
     return NetErrorFromOSStatus(status);
 
   status = SSLSetConnection(ssl_context_, this);
   if (status)
     return NetErrorFromOSStatus(status);
 
   // Passing the domain name enables the server_name TLS extension (SNI).
+  const std::string& hostname = host_port_pair_.host();
   status = SSLSetPeerDomainName(ssl_context_,
-                                hostname_.data(),
-                                hostname_.length());
+                                hostname.data(),
+                                hostname.length());
   if (status)
     return NetErrorFromOSStatus(status);
 
   // Disable certificate verification within Secure Transport; we'll
   // be handling that ourselves.
   status = SSLSetEnableCertVerify(ssl_context_, false);
   if (status)
     return NetErrorFromOSStatus(status);
 
   if (ssl_config_.send_client_cert) {
@@ skipping 22 matching lines @@
     // Concatenate the hostname and peer address to use as the peer ID. To
     // resume a session, we must connect to the same server on the same port
     // using the same hostname (i.e., localhost and 127.0.0.1 are considered
     // different peers, which puts us through certificate validation again
     // and catches hostname/certificate name mismatches.
     AddressList address;
     int rv = transport_->socket()->GetPeerAddress(&address);
     if (rv != OK)
       return rv;
     const struct addrinfo* ai = address.head();
-    std::string peer_id(hostname_);
+    std::string peer_id(host_port_pair_.ToString());
     peer_id += std::string(reinterpret_cast<char*>(ai->ai_addr),
                            ai->ai_addrlen);
 
     // SSLSetPeerID() treats peer_id as a binary blob, and makes its
     // own copy.
     status = SSLSetPeerID(ssl_context_, peer_id.data(), peer_id.length());
     if (status)
       return NetErrorFromOSStatus(status);
   } else if (status != unimpErr) {  // it's OK if the API isn't available
     return NetErrorFromOSStatus(status);
@@ skipping 191 matching lines @@
   if (!server_cert_)
     return ERR_UNEXPECTED;
 
   SSL_LOG << "DoVerifyCert...";
   int flags = 0;
   if (ssl_config_.rev_checking_enabled)
     flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
   if (ssl_config_.verify_ev_cert)
     flags |= X509Certificate::VERIFY_EV_CERT;
   verifier_.reset(new CertVerifier);
-  return verifier_->Verify(server_cert_, hostname_, flags,
+  return verifier_->Verify(server_cert_, host_port_pair_.host(), flags,
                            &server_cert_verify_result_,
                            &handshake_io_callback_);
 }
 
 int SSLClientSocketMac::DoVerifyCertComplete(int result) {
   DCHECK(verifier_.get());
   verifier_.reset();
 
   SSL_LOG << "...DoVerifyCertComplete (result=" << result << ")";
   if (IsCertificateError(result) && ssl_config_.IsAllowedBadCert(server_cert_))
@@ skipping 257 matching lines @@
   if (rv < 0 && rv != ERR_IO_PENDING) {
     us->write_io_buf_ = NULL;
     return OSStatusFromNetError(rv);
   }
 
   // always lie to our caller
   return noErr;
 }
 
 }  // namespace net