| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_win.h" | 5 #include "net/socket/ssl_client_socket_win.h" |
| 6 | 6 |
| 7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
| 8 | 8 |
| 9 #include "base/compiler_specific.h" | 9 #include "base/compiler_specific.h" |
| 10 #include "base/lock.h" | 10 #include "base/lock.h" |
| (...skipping 313 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 324 // | 324 // |
| 325 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to | 325 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to |
| 326 // have room for a full SSL record, with the header and trailer. Here is the | 326 // have room for a full SSL record, with the header and trailer. Here is the |
| 327 // breakdown of the size: | 327 // breakdown of the size: |
| 328 // 5: SSL record header | 328 // 5: SSL record header |
| 329 // 16K: SSL record maximum size | 329 // 16K: SSL record maximum size |
| 330 // 64: >= SSL record trailer (16 or 20 have been observed) | 330 // 64: >= SSL record trailer (16 or 20 have been observed) |
| 331 static const int kRecvBufferSize = (5 + 16*1024 + 64); | 331 static const int kRecvBufferSize = (5 + 16*1024 + 64); |
| 332 | 332 |
| 333 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket, | 333 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket, |
| 334 const std::string& hostname, | 334 const HostPortPair& host_port_pair, |
| 335 const SSLConfig& ssl_config) | 335 const SSLConfig& ssl_config) |
| 336 : ALLOW_THIS_IN_INITIALIZER_LIST( | 336 : ALLOW_THIS_IN_INITIALIZER_LIST( |
| 337 handshake_io_callback_(this, | 337 handshake_io_callback_(this, |
| 338 &SSLClientSocketWin::OnHandshakeIOComplete)), | 338 &SSLClientSocketWin::OnHandshakeIOComplete)), |
| 339 ALLOW_THIS_IN_INITIALIZER_LIST( | 339 ALLOW_THIS_IN_INITIALIZER_LIST( |
| 340 read_callback_(this, &SSLClientSocketWin::OnReadComplete)), | 340 read_callback_(this, &SSLClientSocketWin::OnReadComplete)), |
| 341 ALLOW_THIS_IN_INITIALIZER_LIST( | 341 ALLOW_THIS_IN_INITIALIZER_LIST( |
| 342 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)), | 342 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)), |
| 343 transport_(transport_socket), | 343 transport_(transport_socket), |
| 344 hostname_(hostname), | 344 host_port_pair_(host_port_pair), |
| 345 ssl_config_(ssl_config), | 345 ssl_config_(ssl_config), |
| 346 user_connect_callback_(NULL), | 346 user_connect_callback_(NULL), |
| 347 user_read_callback_(NULL), | 347 user_read_callback_(NULL), |
| 348 user_read_buf_len_(0), | 348 user_read_buf_len_(0), |
| 349 user_write_callback_(NULL), | 349 user_write_callback_(NULL), |
| 350 user_write_buf_len_(0), | 350 user_write_buf_len_(0), |
| 351 next_state_(STATE_NONE), | 351 next_state_(STATE_NONE), |
| 352 creds_(NULL), | 352 creds_(NULL), |
| 353 isc_status_(SEC_E_OK), | 353 isc_status_(SEC_E_OK), |
| 354 payload_send_buffer_len_(0), | 354 payload_send_buffer_len_(0), |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 406 // SChannel doesn't support TLS compression, so cipher_info doesn't have | 406 // SChannel doesn't support TLS compression, so cipher_info doesn't have |
| 407 // any field related to the compression method. | 407 // any field related to the compression method. |
| 408 } | 408 } |
| 409 | 409 |
| 410 if (ssl_config_.ssl3_fallback) | 410 if (ssl_config_.ssl3_fallback) |
| 411 ssl_info->connection_status |= SSL_CONNECTION_SSL3_FALLBACK; | 411 ssl_info->connection_status |= SSL_CONNECTION_SSL3_FALLBACK; |
| 412 } | 412 } |
| 413 | 413 |
| 414 void SSLClientSocketWin::GetSSLCertRequestInfo( | 414 void SSLClientSocketWin::GetSSLCertRequestInfo( |
| 415 SSLCertRequestInfo* cert_request_info) { | 415 SSLCertRequestInfo* cert_request_info) { |
| 416 cert_request_info->host_and_port = hostname_; // TODO(wtc): no port! | 416 cert_request_info->host_and_port = host_port_pair_.ToString(); |
| 417 cert_request_info->client_certs.clear(); | 417 cert_request_info->client_certs.clear(); |
| 418 | 418 |
| 419 // Get the certificate_authorities field of the CertificateRequest message. | 419 // Get the certificate_authorities field of the CertificateRequest message. |
| 420 // Schannel doesn't return the certificate_types field of the | 420 // Schannel doesn't return the certificate_types field of the |
| 421 // CertificateRequest message to us, so we can't filter the client | 421 // CertificateRequest message to us, so we can't filter the client |
| 422 // certificates properly. :-( | 422 // certificates properly. :-( |
| 423 SecPkgContext_IssuerListInfoEx issuer_list; | 423 SecPkgContext_IssuerListInfoEx issuer_list; |
| 424 SECURITY_STATUS status = QueryContextAttributes( | 424 SECURITY_STATUS status = QueryContextAttributes( |
| 425 &ctxt_, SECPKG_ATTR_ISSUER_LIST_EX, &issuer_list); | 425 &ctxt_, SECPKG_ATTR_ISSUER_LIST_EX, &issuer_list); |
| 426 if (status != SEC_E_OK) { | 426 if (status != SEC_E_OK) { |
| (...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 552 buffer_desc.cBuffers = 1; | 552 buffer_desc.cBuffers = 1; |
| 553 buffer_desc.pBuffers = &send_buffer_; | 553 buffer_desc.pBuffers = &send_buffer_; |
| 554 buffer_desc.ulVersion = SECBUFFER_VERSION; | 554 buffer_desc.ulVersion = SECBUFFER_VERSION; |
| 555 | 555 |
| 556 TimeStamp expiry; | 556 TimeStamp expiry; |
| 557 SECURITY_STATUS status; | 557 SECURITY_STATUS status; |
| 558 | 558 |
| 559 status = InitializeSecurityContext( | 559 status = InitializeSecurityContext( |
| 560 creds_, | 560 creds_, |
| 561 NULL, // NULL on the first call | 561 NULL, // NULL on the first call |
| 562 const_cast<wchar_t*>(ASCIIToWide(hostname_).c_str()), | 562 // TODO(davidben): Different ports on the same host to share a cache. It |
| 563 // may be worth keying the port into the CredHandle to separate them. |
| 564 const_cast<wchar_t*>(ASCIIToWide(host_port_pair_.host()).c_str()), |
| 563 flags, | 565 flags, |
| 564 0, // Reserved | 566 0, // Reserved |
| 565 SECURITY_NATIVE_DREP, // TODO(wtc): MSDN says this should be set to 0. | 567 SECURITY_NATIVE_DREP, // TODO(wtc): MSDN says this should be set to 0. |
| 566 NULL, // NULL on the first call | 568 NULL, // NULL on the first call |
| 567 0, // Reserved | 569 0, // Reserved |
| 568 &ctxt_, // Receives the new context handle | 570 &ctxt_, // Receives the new context handle |
| 569 &buffer_desc, | 571 &buffer_desc, |
| 570 &out_flags, | 572 &out_flags, |
| 571 &expiry); | 573 &expiry); |
| 572 if (status != SEC_I_CONTINUE_NEEDED) { | 574 if (status != SEC_I_CONTINUE_NEEDED) { |
| (...skipping 446 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1019 next_state_ = STATE_VERIFY_CERT_COMPLETE; | 1021 next_state_ = STATE_VERIFY_CERT_COMPLETE; |
| 1020 | 1022 |
| 1021 DCHECK(server_cert_); | 1023 DCHECK(server_cert_); |
| 1022 | 1024 |
| 1023 int flags = 0; | 1025 int flags = 0; |
| 1024 if (ssl_config_.rev_checking_enabled) | 1026 if (ssl_config_.rev_checking_enabled) |
| 1025 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 1027 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 1026 if (ssl_config_.verify_ev_cert) | 1028 if (ssl_config_.verify_ev_cert) |
| 1027 flags |= X509Certificate::VERIFY_EV_CERT; | 1029 flags |= X509Certificate::VERIFY_EV_CERT; |
| 1028 verifier_.reset(new CertVerifier); | 1030 verifier_.reset(new CertVerifier); |
| 1029 return verifier_->Verify(server_cert_, hostname_, flags, | 1031 return verifier_->Verify(server_cert_, host_port_pair_.host(), flags, |
| 1030 &server_cert_verify_result_, | 1032 &server_cert_verify_result_, |
| 1031 &handshake_io_callback_); | 1033 &handshake_io_callback_); |
| 1032 } | 1034 } |
| 1033 | 1035 |
| 1034 int SSLClientSocketWin::DoVerifyCertComplete(int result) { | 1036 int SSLClientSocketWin::DoVerifyCertComplete(int result) { |
| 1035 DCHECK(verifier_.get()); | 1037 DCHECK(verifier_.get()); |
| 1036 verifier_.reset(); | 1038 verifier_.reset(); |
| 1037 | 1039 |
| 1038 // If we have been explicitly told to accept this certificate, override the | 1040 // If we have been explicitly told to accept this certificate, override the |
| 1039 // result of verifier_.Verify. | 1041 // result of verifier_.Verify. |
| (...skipping 367 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1407 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | 1409 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); |
| 1408 } | 1410 } |
| 1409 | 1411 |
| 1410 void SSLClientSocketWin::FreeSendBuffer() { | 1412 void SSLClientSocketWin::FreeSendBuffer() { |
| 1411 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1413 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
| 1412 DCHECK(status == SEC_E_OK); | 1414 DCHECK(status == SEC_E_OK); |
| 1413 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1415 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
| 1414 } | 1416 } |
| 1415 | 1417 |
| 1416 } // namespace net | 1418 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3174004:
Pass both hostname and port into SSLClientSocket (Closed)
