| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 299 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 310 | 310 |
| 311 private: | 311 private: |
| 312 const std::string function_; | 312 const std::string function_; |
| 313 const std::string param_; | 313 const std::string param_; |
| 314 const PRErrorCode ssl_lib_error_; | 314 const PRErrorCode ssl_lib_error_; |
| 315 }; | 315 }; |
| 316 | 316 |
| 317 void LogFailedNSSFunction(const BoundNetLog& net_log, | 317 void LogFailedNSSFunction(const BoundNetLog& net_log, |
| 318 const char* function, | 318 const char* function, |
| 319 const char* param) { | 319 const char* param) { |
| 320 net_log.AddEvent(NetLog::TYPE_SSL_NSS_ERROR, | 320 net_log.AddEvent( |
| 321 new SSLFailedNSSFunctionParams(function, param)); | 321 NetLog::TYPE_SSL_NSS_ERROR, |
| 322 make_scoped_refptr(new SSLFailedNSSFunctionParams(function, param))); |
| 322 } | 323 } |
| 323 | 324 |
| 324 #if defined(OS_WIN) | 325 #if defined(OS_WIN) |
| 325 | 326 |
| 326 // This callback is intended to be used with CertFindChainInStore. In addition | 327 // This callback is intended to be used with CertFindChainInStore. In addition |
| 327 // to filtering by extended/enhanced key usage, we do not show expired | 328 // to filtering by extended/enhanced key usage, we do not show expired |
| 328 // certificates and require digital signature usage in the key usage | 329 // certificates and require digital signature usage in the key usage |
| 329 // extension. | 330 // extension. |
| 330 // | 331 // |
| 331 // This matches our behavior on Mac OS X and that of NSS. It also matches the | 332 // This matches our behavior on Mac OS X and that of NSS. It also matches the |
| (...skipping 1205 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1537 EnterFunction(""); | 1538 EnterFunction(""); |
| 1538 DCHECK(completed_handshake_); | 1539 DCHECK(completed_handshake_); |
| 1539 DCHECK(next_handshake_state_ == STATE_NONE); | 1540 DCHECK(next_handshake_state_ == STATE_NONE); |
| 1540 | 1541 |
| 1541 if (result < 0) | 1542 if (result < 0) |
| 1542 return result; | 1543 return result; |
| 1543 | 1544 |
| 1544 if (!nss_bufs_) { | 1545 if (!nss_bufs_) { |
| 1545 LOG(DFATAL) << "!nss_bufs_"; | 1546 LOG(DFATAL) << "!nss_bufs_"; |
| 1546 int rv = ERR_UNEXPECTED; | 1547 int rv = ERR_UNEXPECTED; |
| 1547 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, new SSLErrorParams(rv, 0)); | 1548 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, |
| 1549 make_scoped_refptr(new SSLErrorParams(rv, 0))); |
| 1548 return rv; | 1550 return rv; |
| 1549 } | 1551 } |
| 1550 | 1552 |
| 1551 bool network_moved; | 1553 bool network_moved; |
| 1552 int rv; | 1554 int rv; |
| 1553 do { | 1555 do { |
| 1554 rv = DoPayloadRead(); | 1556 rv = DoPayloadRead(); |
| 1555 network_moved = DoTransportIO(); | 1557 network_moved = DoTransportIO(); |
| 1556 } while (rv == ERR_IO_PENDING && network_moved); | 1558 } while (rv == ERR_IO_PENDING && network_moved); |
| 1557 | 1559 |
| 1558 LeaveFunction(""); | 1560 LeaveFunction(""); |
| 1559 return rv; | 1561 return rv; |
| 1560 } | 1562 } |
| 1561 | 1563 |
| 1562 int SSLClientSocketNSS::DoWriteLoop(int result) { | 1564 int SSLClientSocketNSS::DoWriteLoop(int result) { |
| 1563 EnterFunction(""); | 1565 EnterFunction(""); |
| 1564 DCHECK(completed_handshake_); | 1566 DCHECK(completed_handshake_); |
| 1565 DCHECK(next_handshake_state_ == STATE_NONE); | 1567 DCHECK(next_handshake_state_ == STATE_NONE); |
| 1566 | 1568 |
| 1567 if (result < 0) | 1569 if (result < 0) |
| 1568 return result; | 1570 return result; |
| 1569 | 1571 |
| 1570 if (!nss_bufs_) { | 1572 if (!nss_bufs_) { |
| 1571 LOG(DFATAL) << "!nss_bufs_"; | 1573 LOG(DFATAL) << "!nss_bufs_"; |
| 1572 int rv = ERR_UNEXPECTED; | 1574 int rv = ERR_UNEXPECTED; |
| 1573 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, new SSLErrorParams(rv, 0)); | 1575 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, |
| 1576 make_scoped_refptr(new SSLErrorParams(rv, 0))); |
| 1574 return rv; | 1577 return rv; |
| 1575 } | 1578 } |
| 1576 | 1579 |
| 1577 bool network_moved; | 1580 bool network_moved; |
| 1578 int rv; | 1581 int rv; |
| 1579 do { | 1582 do { |
| 1580 rv = DoPayloadWrite(); | 1583 rv = DoPayloadWrite(); |
| 1581 network_moved = DoTransportIO(); | 1584 network_moved = DoTransportIO(); |
| 1582 } while (rv == ERR_IO_PENDING && network_moved); | 1585 } while (rv == ERR_IO_PENDING && network_moved); |
| 1583 | 1586 |
| (...skipping 308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1892 } | 1895 } |
| 1893 | 1896 |
| 1894 int SSLClientSocketNSS::DoHandshake() { | 1897 int SSLClientSocketNSS::DoHandshake() { |
| 1895 EnterFunction(""); | 1898 EnterFunction(""); |
| 1896 int net_error = net::OK; | 1899 int net_error = net::OK; |
| 1897 SECStatus rv = SSL_ForceHandshake(nss_fd_); | 1900 SECStatus rv = SSL_ForceHandshake(nss_fd_); |
| 1898 | 1901 |
| 1899 if (client_auth_cert_needed_) { | 1902 if (client_auth_cert_needed_) { |
| 1900 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 1903 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 1901 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1904 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 1902 new SSLErrorParams(net_error, 0)); | 1905 make_scoped_refptr(new SSLErrorParams(net_error, 0))); |
| 1903 // If the handshake already succeeded (because the server requests but | 1906 // If the handshake already succeeded (because the server requests but |
| 1904 // doesn't require a client cert), we need to invalidate the SSL session | 1907 // doesn't require a client cert), we need to invalidate the SSL session |
| 1905 // so that we won't try to resume the non-client-authenticated session in | 1908 // so that we won't try to resume the non-client-authenticated session in |
| 1906 // the next handshake. This will cause the server to ask for a client | 1909 // the next handshake. This will cause the server to ask for a client |
| 1907 // cert again. | 1910 // cert again. |
| 1908 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) { | 1911 if (rv == SECSuccess && SSL_InvalidateSession(nss_fd_) != SECSuccess) { |
| 1909 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); | 1912 LOG(WARNING) << "Couldn't invalidate SSL session: " << PR_GetError(); |
| 1910 } | 1913 } |
| 1911 } else if (rv == SECSuccess) { | 1914 } else if (rv == SECSuccess) { |
| 1912 if (handshake_callback_called_) { | 1915 if (handshake_callback_called_) { |
| (...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1949 GotoState(STATE_VERIFY_DNSSEC); | 1952 GotoState(STATE_VERIFY_DNSSEC); |
| 1950 } | 1953 } |
| 1951 } | 1954 } |
| 1952 // Done! | 1955 // Done! |
| 1953 } else { | 1956 } else { |
| 1954 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 - | 1957 // Workaround for https://bugzilla.mozilla.org/show_bug.cgi?id=562434 - |
| 1955 // SSL_ForceHandshake returned SECSuccess prematurely. | 1958 // SSL_ForceHandshake returned SECSuccess prematurely. |
| 1956 rv = SECFailure; | 1959 rv = SECFailure; |
| 1957 net_error = ERR_SSL_PROTOCOL_ERROR; | 1960 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 1958 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1961 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 1959 new SSLErrorParams(net_error, 0)); | 1962 make_scoped_refptr(new SSLErrorParams(net_error, 0))); |
| 1960 } | 1963 } |
| 1961 } else { | 1964 } else { |
| 1962 PRErrorCode prerr = PR_GetError(); | 1965 PRErrorCode prerr = PR_GetError(); |
| 1963 net_error = MapHandshakeError(prerr); | 1966 net_error = MapHandshakeError(prerr); |
| 1964 | 1967 |
| 1965 // If not done, stay in this state | 1968 // If not done, stay in this state |
| 1966 if (net_error == ERR_IO_PENDING) { | 1969 if (net_error == ERR_IO_PENDING) { |
| 1967 GotoState(STATE_HANDSHAKE); | 1970 GotoState(STATE_HANDSHAKE); |
| 1968 } else { | 1971 } else { |
| 1969 LOG(ERROR) << "handshake failed; NSS error code " << prerr | 1972 LOG(ERROR) << "handshake failed; NSS error code " << prerr |
| 1970 << ", net_error " << net_error; | 1973 << ", net_error " << net_error; |
| 1971 net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1974 net_log_.AddEvent( |
| 1972 new SSLErrorParams(net_error, prerr)); | 1975 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 1976 make_scoped_refptr(new SSLErrorParams(net_error, prerr))); |
| 1973 } | 1977 } |
| 1974 } | 1978 } |
| 1975 | 1979 |
| 1976 LeaveFunction(""); | 1980 LeaveFunction(""); |
| 1977 return net_error; | 1981 return net_error; |
| 1978 } | 1982 } |
| 1979 | 1983 |
| 1980 // DNSValidationResult enumerates the possible outcomes from processing a | 1984 // DNSValidationResult enumerates the possible outcomes from processing a |
| 1981 // set of DNS records. | 1985 // set of DNS records. |
| 1982 enum DNSValidationResult { | 1986 enum DNSValidationResult { |
| (...skipping 297 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2280 EnterFunction(user_read_buf_len_); | 2284 EnterFunction(user_read_buf_len_); |
| 2281 DCHECK(user_read_buf_); | 2285 DCHECK(user_read_buf_); |
| 2282 DCHECK_GT(user_read_buf_len_, 0); | 2286 DCHECK_GT(user_read_buf_len_, 0); |
| 2283 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); | 2287 int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); |
| 2284 if (client_auth_cert_needed_) { | 2288 if (client_auth_cert_needed_) { |
| 2285 // We don't need to invalidate the non-client-authenticated SSL session | 2289 // We don't need to invalidate the non-client-authenticated SSL session |
| 2286 // because the server will renegotiate anyway. | 2290 // because the server will renegotiate anyway. |
| 2287 LeaveFunction(""); | 2291 LeaveFunction(""); |
| 2288 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 2292 rv = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 2289 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, | 2293 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, |
| 2290 new SSLErrorParams(rv, 0)); | 2294 make_scoped_refptr(new SSLErrorParams(rv, 0))); |
| 2291 return rv; | 2295 return rv; |
| 2292 } | 2296 } |
| 2293 if (rv >= 0) { | 2297 if (rv >= 0) { |
| 2294 LogData(user_read_buf_->data(), rv); | 2298 LogData(user_read_buf_->data(), rv); |
| 2295 LeaveFunction(""); | 2299 LeaveFunction(""); |
| 2296 return rv; | 2300 return rv; |
| 2297 } | 2301 } |
| 2298 PRErrorCode prerr = PR_GetError(); | 2302 PRErrorCode prerr = PR_GetError(); |
| 2299 if (prerr == PR_WOULD_BLOCK_ERROR) { | 2303 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 2300 LeaveFunction(""); | 2304 LeaveFunction(""); |
| 2301 return ERR_IO_PENDING; | 2305 return ERR_IO_PENDING; |
| 2302 } | 2306 } |
| 2303 LeaveFunction(""); | 2307 LeaveFunction(""); |
| 2304 rv = MapNSPRError(prerr); | 2308 rv = MapNSPRError(prerr); |
| 2305 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, new SSLErrorParams(rv, prerr)); | 2309 net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, |
| 2310 make_scoped_refptr(new SSLErrorParams(rv, prerr))); |
| 2306 return rv; | 2311 return rv; |
| 2307 } | 2312 } |
| 2308 | 2313 |
| 2309 int SSLClientSocketNSS::DoPayloadWrite() { | 2314 int SSLClientSocketNSS::DoPayloadWrite() { |
| 2310 EnterFunction(user_write_buf_len_); | 2315 EnterFunction(user_write_buf_len_); |
| 2311 DCHECK(user_write_buf_); | 2316 DCHECK(user_write_buf_); |
| 2312 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); | 2317 int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); |
| 2313 if (rv >= 0) { | 2318 if (rv >= 0) { |
| 2314 LogData(user_write_buf_->data(), rv); | 2319 LogData(user_write_buf_->data(), rv); |
| 2315 LeaveFunction(""); | 2320 LeaveFunction(""); |
| 2316 return rv; | 2321 return rv; |
| 2317 } | 2322 } |
| 2318 PRErrorCode prerr = PR_GetError(); | 2323 PRErrorCode prerr = PR_GetError(); |
| 2319 if (prerr == PR_WOULD_BLOCK_ERROR) { | 2324 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 2320 LeaveFunction(""); | 2325 LeaveFunction(""); |
| 2321 return ERR_IO_PENDING; | 2326 return ERR_IO_PENDING; |
| 2322 } | 2327 } |
| 2323 LeaveFunction(""); | 2328 LeaveFunction(""); |
| 2324 rv = MapNSPRError(prerr); | 2329 rv = MapNSPRError(prerr); |
| 2325 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, | 2330 net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, |
| 2326 new SSLErrorParams(rv, prerr)); | 2331 make_scoped_refptr(new SSLErrorParams(rv, prerr))); |
| 2327 return rv; | 2332 return rv; |
| 2328 } | 2333 } |
| 2329 | 2334 |
| 2330 void SSLClientSocketNSS::LogConnectionTypeMetrics() const { | 2335 void SSLClientSocketNSS::LogConnectionTypeMetrics() const { |
| 2331 UpdateConnectionTypeHistograms(CONNECTION_SSL); | 2336 UpdateConnectionTypeHistograms(CONNECTION_SSL); |
| 2332 if (server_cert_verify_result_->has_md5) | 2337 if (server_cert_verify_result_->has_md5) |
| 2333 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); | 2338 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD5); |
| 2334 if (server_cert_verify_result_->has_md2) | 2339 if (server_cert_verify_result_->has_md2) |
| 2335 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); | 2340 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2); |
| 2336 if (server_cert_verify_result_->has_md4) | 2341 if (server_cert_verify_result_->has_md4) |
| (...skipping 16 matching lines...) Expand all Loading... |
| 2353 case SSL_CONNECTION_VERSION_TLS1_1: | 2358 case SSL_CONNECTION_VERSION_TLS1_1: |
| 2354 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); | 2359 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); |
| 2355 break; | 2360 break; |
| 2356 case SSL_CONNECTION_VERSION_TLS1_2: | 2361 case SSL_CONNECTION_VERSION_TLS1_2: |
| 2357 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); | 2362 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); |
| 2358 break; | 2363 break; |
| 2359 }; | 2364 }; |
| 2360 } | 2365 } |
| 2361 | 2366 |
| 2362 } // namespace net | 2367 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4291001:
Convert implicit scoped_refptr constructor calls to explicit ones, part 2 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/build