Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(840)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 3174004: Pass both hostname and port into SSLClientSocket (Closed)
Patch Set: Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_nss_factory.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 8331e18d8d569599b0fb27bc0224a13f3fed24b0..fc457f8e370ae849ca23074c59a93ea476d58b20 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -320,7 +320,7 @@ HCERTSTORE SSLClientSocketNSS::cert_store_ = NULL;
#endif
SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
- const std::string& hostname,
+ const HostPortPair& host_port_pair,
const SSLConfig& ssl_config)
: ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_(
this, &SSLClientSocketNSS::BufferSendComplete)),
@@ -331,7 +331,7 @@ SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket,
ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_(
this, &SSLClientSocketNSS::OnHandshakeIOComplete)),
transport_(transport_socket),
- hostname_(hostname),
+ host_port_pair_(host_port_pair),
ssl_config_(ssl_config),
user_connect_callback_(NULL),
user_read_callback_(NULL),
@@ -504,7 +504,7 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
#endif
#ifdef SSL_ENABLE_RENEGOTIATION
- if (SSLConfigService::IsKnownStrictTLSServer(hostname_)) {
+ if (SSLConfigService::IsKnownStrictTLSServer(host_port_pair_.host())) {
rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_SAFE_NEGOTIATION, PR_TRUE);
if (rv != SECSuccess)
LOG(INFO) << "SSL_REQUIRE_SAFE_NEGOTIATION failed.";
@@ -551,15 +551,12 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
return ERR_UNEXPECTED;
// Tell SSL the hostname we're trying to connect to.
- SSL_SetURL(nss_fd_, hostname_.c_str());
+ SSL_SetURL(nss_fd_, host_port_pair_.host().c_str());
// Set the peer ID for session reuse. This is necessary when we create an
// SSL tunnel through a proxy -- GetPeerName returns the proxy's address
// rather than the destination server's address in that case.
- // TODO(wtc): port in |peer_address| is not the server's port when a proxy is
- // used.
- std::string peer_id = StringPrintf("%s:%d", hostname_.c_str(),
- peer_address.GetPort());
+ std::string peer_id = host_port_pair_.ToString();
rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
if (rv != SECSuccess)
LOG(INFO) << "SSL_SetSockPeerID failed: peer_id=" << peer_id;
@@ -798,7 +795,7 @@ void SSLClientSocketNSS::CheckSecureRenegotiation() const {
if (SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
&received_renego_info) == SECSuccess &&
!received_renego_info) {
- LOG(INFO) << "The server " << hostname_
+ LOG(INFO) << "The server " << host_port_pair_.ToString()
<< " does not support the TLS renegotiation_info extension.";
}
#endif
@@ -862,7 +859,7 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
void SSLClientSocketNSS::GetSSLCertRequestInfo(
SSLCertRequestInfo* cert_request_info) {
EnterFunction("");
- cert_request_info->host_and_port = hostname_; // TODO(wtc): no port!
+ cert_request_info->host_and_port = host_port_pair_.ToString();
cert_request_info->client_certs = client_certs_;
LeaveFunction(cert_request_info->client_certs.size());
}
@@ -1369,7 +1366,7 @@ SECStatus SSLClientSocketNSS::ClientAuthHandler(
}
// Now get the available client certs whose issuers are allowed by the server.
- X509Certificate::GetSSLClientCertificates(that->hostname_,
+ X509Certificate::GetSSLClientCertificates(that->host_port_pair_.host(),
valid_issuers,
&that->client_certs_);
@@ -1503,7 +1500,7 @@ int SSLClientSocketNSS::DoVerifyCert(int result) {
if (ssl_config_.verify_ev_cert)
flags |= X509Certificate::VERIFY_EV_CERT;
verifier_.reset(new CertVerifier);
- return verifier_->Verify(server_cert_, hostname_, flags,
+ return verifier_->Verify(server_cert_, host_port_pair_.host(), flags,
&server_cert_verify_result_,
&handshake_io_callback_);
}
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | net/socket/ssl_client_socket_nss_factory.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698