| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_SSL_CLIENT_SOCKET_NSS_H_ | 5 #ifndef NET_BASE_SSL_CLIENT_SOCKET_NSS_H_ |
| 6 #define NET_BASE_SSL_CLIENT_SOCKET_NSS_H_ | 6 #define NET_BASE_SSL_CLIENT_SOCKET_NSS_H_ |
| 7 | 7 |
| 8 #include <nspr.h> | 8 #include <nspr.h> |
| 9 #include <nss.h> | 9 #include <nss.h> |
| 10 #include <string> | 10 #include <string> |
| 11 | 11 |
| 12 #include "base/scoped_ptr.h" | 12 #include "base/scoped_ptr.h" |
| 13 #include "net/base/completion_callback.h" | 13 #include "net/base/completion_callback.h" |
| 14 #include "net/base/nss_memio.h" | 14 #include "net/base/nss_memio.h" |
| 15 #include "net/base/ssl_client_socket.h" | 15 #include "net/base/ssl_client_socket.h" |
| 16 #include "net/base/ssl_config_service.h" | 16 #include "net/base/ssl_config_service.h" |
| 17 | 17 |
| 18 namespace net { | 18 namespace net { |
| 19 | 19 |
| 20 class X509Certificate; |
| 21 |
| 20 // An SSL client socket implemented with Mozilla NSS. | 22 // An SSL client socket implemented with Mozilla NSS. |
| 21 class SSLClientSocketNSS : public SSLClientSocket { | 23 class SSLClientSocketNSS : public SSLClientSocket { |
| 22 public: | 24 public: |
| 23 // Takes ownership of the transport_socket, which may already be connected. | 25 // Takes ownership of the transport_socket, which may already be connected. |
| 24 // The given hostname will be compared with the name(s) in the server's | 26 // The given hostname will be compared with the name(s) in the server's |
| 25 // certificate during the SSL handshake. ssl_config specifies the SSL | 27 // certificate during the SSL handshake. ssl_config specifies the SSL |
| 26 // settings. | 28 // settings. |
| 27 SSLClientSocketNSS(ClientSocket* transport_socket, | 29 SSLClientSocketNSS(ClientSocket* transport_socket, |
| 28 const std::string& hostname, | 30 const std::string& hostname, |
| 29 const SSLConfig& ssl_config); | 31 const SSLConfig& ssl_config); |
| 30 ~SSLClientSocketNSS(); | 32 ~SSLClientSocketNSS(); |
| 31 | 33 |
| 32 // SSLClientSocket methods: | 34 // SSLClientSocket methods: |
| 33 virtual void GetSSLInfo(SSLInfo* ssl_info); | 35 virtual void GetSSLInfo(SSLInfo* ssl_info); |
| 34 | 36 |
| 35 // ClientSocket methods: | 37 // ClientSocket methods: |
| 36 virtual int Connect(CompletionCallback* callback); | 38 virtual int Connect(CompletionCallback* callback); |
| 37 virtual int ReconnectIgnoringLastError(CompletionCallback* callback); | |
| 38 virtual void Disconnect(); | 39 virtual void Disconnect(); |
| 39 virtual bool IsConnected() const; | 40 virtual bool IsConnected() const; |
| 40 virtual bool IsConnectedAndIdle() const; | 41 virtual bool IsConnectedAndIdle() const; |
| 41 | 42 |
| 42 // Socket methods: | 43 // Socket methods: |
| 43 virtual int Read(char* buf, int buf_len, CompletionCallback* callback); | 44 virtual int Read(char* buf, int buf_len, CompletionCallback* callback); |
| 44 virtual int Write(const char* buf, int buf_len, CompletionCallback* callback); | 45 virtual int Write(const char* buf, int buf_len, CompletionCallback* callback); |
| 45 | 46 |
| 46 private: | 47 private: |
| 48 void InvalidateSessionIfBadCertificate(); |
| 49 X509Certificate* UpdateServerCert(); |
| 47 void DoCallback(int result); | 50 void DoCallback(int result); |
| 48 void OnIOComplete(int result); | 51 void OnIOComplete(int result); |
| 49 | 52 |
| 50 int DoLoop(int last_io_result); | 53 int DoLoop(int last_io_result); |
| 51 int DoConnect(); | 54 int DoConnect(); |
| 52 int DoConnectComplete(int result); | 55 int DoConnectComplete(int result); |
| 53 int DoHandshakeRead(); | 56 int DoHandshakeRead(); |
| 54 int DoPayloadRead(); | 57 int DoPayloadRead(); |
| 55 int DoPayloadWrite(); | 58 int DoPayloadWrite(); |
| 56 int Init(); | 59 int Init(); |
| 57 int BufferSend(void); | 60 int BufferSend(void); |
| 58 int BufferRecv(void); | 61 int BufferRecv(void); |
| 59 void BufferSendComplete(int result); | 62 void BufferSendComplete(int result); |
| 60 void BufferRecvComplete(int result); | 63 void BufferRecvComplete(int result); |
| 61 | 64 |
| 62 // nss calls this on error. We pass 'this' as the first argument. | 65 // NSS calls this when checking certificates. We pass 'this' as the first |
| 66 // argument. |
| 67 static SECStatus OwnAuthCertHandler(void* arg, PRFileDesc* socket, |
| 68 PRBool checksig, PRBool is_server); |
| 69 |
| 70 // NSS calls this on error. We pass 'this' as the first argument. |
| 63 static SECStatus OwnBadCertHandler(void* arg, PRFileDesc* socket); | 71 static SECStatus OwnBadCertHandler(void* arg, PRFileDesc* socket); |
| 64 | 72 |
| 65 CompletionCallbackImpl<SSLClientSocketNSS> buffer_send_callback_; | 73 CompletionCallbackImpl<SSLClientSocketNSS> buffer_send_callback_; |
| 66 CompletionCallbackImpl<SSLClientSocketNSS> buffer_recv_callback_; | 74 CompletionCallbackImpl<SSLClientSocketNSS> buffer_recv_callback_; |
| 67 bool transport_send_busy_; | 75 bool transport_send_busy_; |
| 68 bool transport_recv_busy_; | 76 bool transport_recv_busy_; |
| 69 | 77 |
| 70 CompletionCallbackImpl<SSLClientSocketNSS> io_callback_; | 78 CompletionCallbackImpl<SSLClientSocketNSS> io_callback_; |
| 71 scoped_ptr<ClientSocket> transport_; | 79 scoped_ptr<ClientSocket> transport_; |
| 72 std::string hostname_; | 80 std::string hostname_; |
| 73 SSLConfig ssl_config_; | 81 SSLConfig ssl_config_; |
| 74 | 82 |
| 75 CompletionCallback* user_callback_; | 83 CompletionCallback* user_callback_; |
| 76 | 84 |
| 77 // Used by both Read and Write functions. | 85 // Used by both Read and Write functions. |
| 78 char* user_buf_; | 86 char* user_buf_; |
| 79 int user_buf_len_; | 87 int user_buf_len_; |
| 80 | 88 |
| 81 // Set when handshake finishes. Value is net error code, see net_errors.h | 89 // Set when handshake finishes. Value is net error code, see net_errors.h |
| 82 int server_cert_error_; | 90 int server_cert_error_; |
| 83 | 91 |
| 92 // Set during handshake. |
| 93 scoped_refptr<X509Certificate> server_cert_; |
| 94 |
| 84 bool completed_handshake_; | 95 bool completed_handshake_; |
| 85 | 96 |
| 86 enum State { | 97 enum State { |
| 87 STATE_NONE, | 98 STATE_NONE, |
| 88 STATE_CONNECT, | 99 STATE_CONNECT, |
| 89 STATE_CONNECT_COMPLETE, | 100 STATE_CONNECT_COMPLETE, |
| 90 STATE_HANDSHAKE_READ, | 101 STATE_HANDSHAKE_READ, |
| 91 // No STATE_HANDSHAKE_READ_COMPLETE needed, go to STATE_NONE instead. | 102 // No STATE_HANDSHAKE_READ_COMPLETE needed, go to STATE_NONE instead. |
| 92 STATE_PAYLOAD_WRITE, | 103 STATE_PAYLOAD_WRITE, |
| 93 STATE_PAYLOAD_READ, | 104 STATE_PAYLOAD_READ, |
| 94 }; | 105 }; |
| 95 State next_state_; | 106 State next_state_; |
| 96 | 107 |
| 97 // The NSS SSL state machine | 108 // The NSS SSL state machine |
| 98 PRFileDesc* nss_fd_; | 109 PRFileDesc* nss_fd_; |
| 99 | 110 |
| 100 // Buffers for the network end of the SSL state machine | 111 // Buffers for the network end of the SSL state machine |
| 101 memio_Private* nss_bufs_; | 112 memio_Private* nss_bufs_; |
| 102 | 113 |
| 103 static bool nss_options_initialized_; | 114 static bool nss_options_initialized_; |
| 104 }; | 115 }; |
| 105 | 116 |
| 106 } // namespace net | 117 } // namespace net |
| 107 | 118 |
| 108 #endif // NET_BASE_SSL_CLIENT_SOCKET_NSS_H_ | 119 #endif // NET_BASE_SSL_CLIENT_SOCKET_NSS_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 43115:
Change the bad-certificate handler for SSL (using NSS) to return an... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/