| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 80 return SSL_CONNECTION_VERSION_TLS1; | 80 return SSL_CONNECTION_VERSION_TLS1; |
| 81 case 0x0302: | 81 case 0x0302: |
| 82 return SSL_CONNECTION_VERSION_TLS1_1; | 82 return SSL_CONNECTION_VERSION_TLS1_1; |
| 83 case 0x0303: | 83 case 0x0303: |
| 84 return SSL_CONNECTION_VERSION_TLS1_2; | 84 return SSL_CONNECTION_VERSION_TLS1_2; |
| 85 default: | 85 default: |
| 86 return SSL_CONNECTION_VERSION_UNKNOWN; | 86 return SSL_CONNECTION_VERSION_UNKNOWN; |
| 87 } | 87 } |
| 88 } | 88 } |
| 89 | 89 |
| 90 // Compute a unique key string for the SSL session cache. |socket| is an | |
| 91 // input socket object. Return a string. | |
| 92 std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) { | |
| 93 std::string result = socket.host_and_port().ToString(); | |
| 94 result.append("/"); | |
| 95 result.append(socket.ssl_session_cache_shard()); | |
| 96 return result; | |
| 97 } | |
| 98 | 90 |
| 99 } // namespace | 91 } // namespace |
| 100 | 92 |
| 101 class SSLClientSocketOpenSSL::SSLContext { | 93 class SSLClientSocketOpenSSL::SSLContext { |
| 102 public: | 94 public: |
| 103 static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); } | 95 static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); } |
| 104 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } | 96 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } |
| 105 SSLSessionCacheOpenSSL* session_cache() { return &session_cache_; } | 97 SSLSessionCacheOpenSSL* session_cache() { return &session_cache_; } |
| 106 | 98 |
| 107 SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) { | 99 SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) { |
| (...skipping 24 matching lines...) Expand all Loading... |
| 132 // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty. | 124 // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty. |
| 133 // It would be better if the callback were not a global setting, | 125 // It would be better if the callback were not a global setting, |
| 134 // but that is an OpenSSL issue. | 126 // but that is an OpenSSL issue. |
| 135 SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, | 127 SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, |
| 136 NULL); | 128 NULL); |
| 137 } | 129 } |
| 138 | 130 |
| 139 static std::string GetSessionCacheKey(const SSL* ssl) { | 131 static std::string GetSessionCacheKey(const SSL* ssl) { |
| 140 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | 132 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 141 DCHECK(socket); | 133 DCHECK(socket); |
| 142 return GetSocketSessionCacheKey(*socket); | 134 return socket->GetSessionCacheKey(); |
| 143 } | 135 } |
| 144 | 136 |
| 145 static SSLSessionCacheOpenSSL::Config kDefaultSessionCacheConfig; | 137 static SSLSessionCacheOpenSSL::Config kDefaultSessionCacheConfig; |
| 146 | 138 |
| 147 static int ClientCertCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey) { | 139 static int ClientCertCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey) { |
| 148 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | 140 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 149 CHECK(socket); | 141 CHECK(socket); |
| 150 return socket->ClientCertRequestCallback(ssl, x509, pkey); | 142 return socket->ClientCertRequestCallback(ssl, x509, pkey); |
| 151 } | 143 } |
| 152 | 144 |
| (...skipping 180 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 333 } | 325 } |
| 334 | 326 |
| 335 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( | 327 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( |
| 336 scoped_ptr<ClientSocketHandle> transport_socket, | 328 scoped_ptr<ClientSocketHandle> transport_socket, |
| 337 const HostPortPair& host_and_port, | 329 const HostPortPair& host_and_port, |
| 338 const SSLConfig& ssl_config, | 330 const SSLConfig& ssl_config, |
| 339 const SSLClientSocketContext& context) | 331 const SSLClientSocketContext& context) |
| 340 : transport_send_busy_(false), | 332 : transport_send_busy_(false), |
| 341 transport_recv_busy_(false), | 333 transport_recv_busy_(false), |
| 342 transport_recv_eof_(false), | 334 transport_recv_eof_(false), |
| 335 has_read_(false), |
| 336 has_written_(false), |
| 343 weak_factory_(this), | 337 weak_factory_(this), |
| 344 pending_read_error_(kNoPendingReadResult), | 338 pending_read_error_(kNoPendingReadResult), |
| 345 transport_write_error_(OK), | 339 transport_write_error_(OK), |
| 346 server_cert_chain_(new PeerCertificateChain(NULL)), | 340 server_cert_chain_(new PeerCertificateChain(NULL)), |
| 347 completed_handshake_(false), | 341 completed_handshake_(false), |
| 348 was_ever_used_(false), | 342 was_ever_used_(false), |
| 349 client_auth_cert_needed_(false), | 343 client_auth_cert_needed_(false), |
| 350 cert_verifier_(context.cert_verifier), | 344 cert_verifier_(context.cert_verifier), |
| 351 server_bound_cert_service_(context.server_bound_cert_service), | 345 server_bound_cert_service_(context.server_bound_cert_service), |
| 346 is_leader_(false), |
| 352 ssl_(NULL), | 347 ssl_(NULL), |
| 353 transport_bio_(NULL), | 348 transport_bio_(NULL), |
| 354 transport_(transport_socket.Pass()), | 349 transport_(transport_socket.Pass()), |
| 355 host_and_port_(host_and_port), | 350 host_and_port_(host_and_port), |
| 356 ssl_config_(ssl_config), | 351 ssl_config_(ssl_config), |
| 357 ssl_session_cache_shard_(context.ssl_session_cache_shard), | 352 ssl_session_cache_shard_(context.ssl_session_cache_shard), |
| 358 trying_cached_session_(false), | 353 trying_cached_session_(false), |
| 359 next_handshake_state_(STATE_NONE), | 354 next_handshake_state_(STATE_NONE), |
| 360 npn_status_(kNextProtoUnsupported), | 355 npn_status_(kNextProtoUnsupported), |
| 361 channel_id_request_return_value_(ERR_UNEXPECTED), | 356 channel_id_request_return_value_(ERR_UNEXPECTED), |
| 362 channel_id_xtn_negotiated_(false), | 357 channel_id_xtn_negotiated_(false), |
| 363 net_log_(transport_->socket()->NetLog()) {} | 358 net_log_(transport_->socket()->NetLog()) { |
| 359 } |
| 364 | 360 |
| 365 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() { | 361 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() { |
| 362 SSLContext* context = SSLContext::GetInstance(); |
| 363 context->session_cache()->RemoveFromSSLToCallbackMap(ssl_); |
| 366 Disconnect(); | 364 Disconnect(); |
| 367 } | 365 } |
| 368 | 366 |
| 367 // Compute a unique key string for the SSL session cache. |
| 368 // Return a string. |
| 369 std::string SSLClientSocketOpenSSL::GetSessionCacheKey() const { |
| 370 return FormatSessionCacheKey(host_and_port_.ToString(), |
| 371 ssl_session_cache_shard_); |
| 372 } |
| 373 |
| 374 bool SSLClientSocketOpenSSL::InSessionCache() const { |
| 375 SSLContext* context = SSLContext::GetInstance(); |
| 376 std::string cache_key = GetSessionCacheKey(); |
| 377 return context->session_cache()->SSLSessionIsInCache(cache_key); |
| 378 } |
| 379 |
| 380 void SSLClientSocketOpenSSL::WatchSessionForCompletion( |
| 381 const base::Closure& callback) { |
| 382 SSLContext* context = SSLContext::GetInstance(); |
| 383 context->session_cache()->RegisterSessionAddedCallback(ssl_, callback); |
| 384 } |
| 385 |
| 386 void SSLClientSocketOpenSSL::SetSocketFailureCallback( |
| 387 const base::Closure& callback) { |
| 388 error_callback_ = callback; |
| 389 } |
| 390 |
| 391 void SSLClientSocketOpenSSL::SetIsLeader() { |
| 392 is_leader_ = true; |
| 393 } |
| 394 |
| 395 void SSLClientSocketOpenSSL::OnSocketFailure() { |
| 396 if (is_leader_) { |
| 397 error_callback_.Run(); |
| 398 error_callback_ = base::Closure(); |
| 399 is_leader_ = false; |
| 400 } |
| 401 } |
| 402 |
| 369 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( | 403 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( |
| 370 SSLCertRequestInfo* cert_request_info) { | 404 SSLCertRequestInfo* cert_request_info) { |
| 371 cert_request_info->host_and_port = host_and_port_; | 405 cert_request_info->host_and_port = host_and_port_; |
| 372 cert_request_info->cert_authorities = cert_authorities_; | 406 cert_request_info->cert_authorities = cert_authorities_; |
| 373 cert_request_info->cert_key_types = cert_key_types_; | 407 cert_request_info->cert_key_types = cert_key_types_; |
| 374 } | 408 } |
| 375 | 409 |
| 376 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( | 410 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( |
| 377 std::string* proto, std::string* server_protos) { | 411 std::string* proto, std::string* server_protos) { |
| 378 *proto = npn_proto_; | 412 *proto = npn_proto_; |
| (...skipping 272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 651 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 685 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 652 | 686 |
| 653 ssl_ = SSL_new(context->ssl_ctx()); | 687 ssl_ = SSL_new(context->ssl_ctx()); |
| 654 if (!ssl_ || !context->SetClientSocketForSSL(ssl_, this)) | 688 if (!ssl_ || !context->SetClientSocketForSSL(ssl_, this)) |
| 655 return ERR_UNEXPECTED; | 689 return ERR_UNEXPECTED; |
| 656 | 690 |
| 657 if (!SSL_set_tlsext_host_name(ssl_, host_and_port_.host().c_str())) | 691 if (!SSL_set_tlsext_host_name(ssl_, host_and_port_.host().c_str())) |
| 658 return ERR_UNEXPECTED; | 692 return ERR_UNEXPECTED; |
| 659 | 693 |
| 660 trying_cached_session_ = context->session_cache()->SetSSLSessionWithKey( | 694 trying_cached_session_ = context->session_cache()->SetSSLSessionWithKey( |
| 661 ssl_, GetSocketSessionCacheKey(*this)); | 695 ssl_, GetSessionCacheKey()); |
| 662 | 696 |
| 663 BIO* ssl_bio = NULL; | 697 BIO* ssl_bio = NULL; |
| 664 // 0 => use default buffer sizes. | 698 // 0 => use default buffer sizes. |
| 665 if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0)) | 699 if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0)) |
| 666 return ERR_UNEXPECTED; | 700 return ERR_UNEXPECTED; |
| 667 DCHECK(ssl_bio); | 701 DCHECK(ssl_bio); |
| 668 DCHECK(transport_bio_); | 702 DCHECK(transport_bio_); |
| 669 | 703 |
| 670 SSL_set_bio(ssl_, ssl_bio, ssl_bio); | 704 SSL_set_bio(ssl_, ssl_bio, ssl_bio); |
| 671 | 705 |
| (...skipping 385 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1057 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, | 1091 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, |
| 1058 rv, user_read_buf_->data()); | 1092 rv, user_read_buf_->data()); |
| 1059 } | 1093 } |
| 1060 return rv; | 1094 return rv; |
| 1061 } | 1095 } |
| 1062 | 1096 |
| 1063 int total_bytes_read = 0; | 1097 int total_bytes_read = 0; |
| 1064 do { | 1098 do { |
| 1065 rv = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read, | 1099 rv = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read, |
| 1066 user_read_buf_len_ - total_bytes_read); | 1100 user_read_buf_len_ - total_bytes_read); |
| 1101 // Failure of the first read attempt indicates a failed false start |
| 1102 // connection. |
| 1103 if (!has_read_ && rv != OK && SSLClientSocket::GetEnableConnectJobWaiting()) |
| 1104 OnSocketFailure(); |
| 1105 has_read_ = true; |
| 1067 if (rv > 0) | 1106 if (rv > 0) |
| 1068 total_bytes_read += rv; | 1107 total_bytes_read += rv; |
| 1069 } while (total_bytes_read < user_read_buf_len_ && rv > 0); | 1108 } while (total_bytes_read < user_read_buf_len_ && rv > 0); |
| 1070 | 1109 |
| 1071 if (total_bytes_read == user_read_buf_len_) { | 1110 if (total_bytes_read == user_read_buf_len_) { |
| 1072 rv = total_bytes_read; | 1111 rv = total_bytes_read; |
| 1073 } else { | 1112 } else { |
| 1074 // Otherwise, an error occurred (rv <= 0). The error needs to be handled | 1113 // Otherwise, an error occurred (rv <= 0). The error needs to be handled |
| 1075 // immediately, while the OpenSSL errors are still available in | 1114 // immediately, while the OpenSSL errors are still available in |
| 1076 // thread-local storage. However, the handled/remapped error code should | 1115 // thread-local storage. However, the handled/remapped error code should |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1109 if (rv >= 0) { | 1148 if (rv >= 0) { |
| 1110 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, | 1149 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, |
| 1111 user_read_buf_->data()); | 1150 user_read_buf_->data()); |
| 1112 } | 1151 } |
| 1113 return rv; | 1152 return rv; |
| 1114 } | 1153 } |
| 1115 | 1154 |
| 1116 int SSLClientSocketOpenSSL::DoPayloadWrite() { | 1155 int SSLClientSocketOpenSSL::DoPayloadWrite() { |
| 1117 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 1156 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 1118 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); | 1157 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); |
| 1119 | 1158 // Failure of the second write attempt indicates a failed false start |
| 1159 // connection. |
| 1160 if (has_written_ == 1 && rv != OK && |
| 1161 SSLClientSocket::GetEnableConnectJobWaiting()) { |
| 1162 OnSocketFailure(); |
| 1163 } |
| 1164 has_written_++; |
| 1120 if (rv >= 0) { | 1165 if (rv >= 0) { |
| 1121 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 1166 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
| 1122 user_write_buf_->data()); | 1167 user_write_buf_->data()); |
| 1123 return rv; | 1168 return rv; |
| 1124 } | 1169 } |
| 1125 | 1170 |
| 1126 int err = SSL_get_error(ssl_, rv); | 1171 int err = SSL_get_error(ssl_, rv); |
| 1127 return MapOpenSSLError(err, err_tracer); | 1172 return MapOpenSSLError(err, err_tracer); |
| 1128 } | 1173 } |
| 1129 | 1174 |
| (...skipping 300 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1430 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; | 1475 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; |
| 1431 return SSL_TLSEXT_ERR_OK; | 1476 return SSL_TLSEXT_ERR_OK; |
| 1432 } | 1477 } |
| 1433 | 1478 |
| 1434 scoped_refptr<X509Certificate> | 1479 scoped_refptr<X509Certificate> |
| 1435 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1480 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1436 return server_cert_; | 1481 return server_cert_; |
| 1437 } | 1482 } |
| 1438 | 1483 |
| 1439 } // namespace net | 1484 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 353713005:
Implements new, more robust design for communicating between SSLConnectJobs. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master