Chromium Code Reviews Chromium Code Reviews
Issue 494913002:
Include better OpenSSL error information in NetLog. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/nss_ssl_util.h" | 5 #include "net/socket/nss_ssl_util.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <secerr.h> | 8 #include <secerr.h> |
| 9 #include <ssl.h> | 9 #include <ssl.h> |
| 10 #include <sslerr.h> | 10 #include <sslerr.h> |
| (...skipping 11 matching lines...) Expand all Loading... | |
| 22 #include "build/build_config.h" | 22 #include "build/build_config.h" |
| 23 #include "crypto/nss_util.h" | 23 #include "crypto/nss_util.h" |
| 24 #include "net/base/net_errors.h" | 24 #include "net/base/net_errors.h" |
| 25 #include "net/base/net_log.h" | 25 #include "net/base/net_log.h" |
| 26 #include "net/base/nss_memio.h" | 26 #include "net/base/nss_memio.h" |
| 27 | 27 |
| 28 #if defined(OS_WIN) | 28 #if defined(OS_WIN) |
| 29 #include "base/win/windows_version.h" | 29 #include "base/win/windows_version.h" |
| 30 #endif | 30 #endif |
| 31 | 31 |
| 32 namespace net { | |
| 33 | |
| 32 namespace { | 34 namespace { |
| 33 | 35 |
| 34 // CiphersRemove takes a zero-terminated array of cipher suite ids in | 36 // CiphersRemove takes a zero-terminated array of cipher suite ids in |
| 35 // |to_remove| and sets every instance of them in |ciphers| to zero. It returns | 37 // |to_remove| and sets every instance of them in |ciphers| to zero. It returns |
| 36 // true if it found and removed every element of |to_remove|. It assumes that | 38 // true if it found and removed every element of |to_remove|. It assumes that |
| 37 // there are no duplicates in |ciphers| nor in |to_remove|. | 39 // there are no duplicates in |ciphers| nor in |to_remove|. |
| 38 bool CiphersRemove(const uint16* to_remove, uint16* ciphers, size_t num) { | 40 bool CiphersRemove(const uint16* to_remove, uint16* ciphers, size_t num) { |
| 39 size_t i, found = 0; | 41 size_t i, found = 0; |
| 40 | 42 |
| 41 for (i = 0; ; i++) { | 43 for (i = 0; ; i++) { |
| (...skipping 28 matching lines...) Expand all Loading... | |
| 70 // CiphersCopy copies the zero-terminated array |in| to |out|. It returns the | 72 // CiphersCopy copies the zero-terminated array |in| to |out|. It returns the |
| 71 // number of cipher suite ids copied. | 73 // number of cipher suite ids copied. |
| 72 size_t CiphersCopy(const uint16* in, uint16* out) { | 74 size_t CiphersCopy(const uint16* in, uint16* out) { |
| 73 for (size_t i = 0; ; i++) { | 75 for (size_t i = 0; ; i++) { |
| 74 if (in[i] == 0) | 76 if (in[i] == 0) |
| 75 return i; | 77 return i; |
| 76 out[i] = in[i]; | 78 out[i] = in[i]; |
| 77 } | 79 } |
| 78 } | 80 } |
| 79 | 81 |
| 80 } // anonymous namespace | 82 base::Value* NetLogSSLErrorCallback(int net_error, |
| 81 | 83 int ssl_lib_error, |
| 82 namespace net { | 84 NetLog::LogLevel /* log_level */) { |
| 85 base::DictionaryValue* dict = new base::DictionaryValue(); | |
| 86 dict->SetInteger("net_error", net_error); | |
| 87 if (ssl_lib_error) | |
| 88 dict->SetInteger("ssl_lib_error", ssl_lib_error); | |
| 89 return dict; | |
|
Ryan Sleevi
2014/08/25 06:24:35
Should you also call PR_GetErrorText (noting PR_G
davidben
2014/08/26 22:13:51
Eh, this just came from net/socket/ssl_error_param
| |
| 90 } | |
| 83 | 91 |
| 84 class NSSSSLInitSingleton { | 92 class NSSSSLInitSingleton { |
| 85 public: | 93 public: |
| 86 NSSSSLInitSingleton() : model_fd_(NULL) { | 94 NSSSSLInitSingleton() : model_fd_(NULL) { |
| 87 crypto::EnsureNSSInit(); | 95 crypto::EnsureNSSInit(); |
| 88 | 96 |
| 89 NSS_SetDomesticPolicy(); | 97 NSS_SetDomesticPolicy(); |
| 90 | 98 |
| 91 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); | 99 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); |
| 92 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); | 100 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 194 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. | 202 // Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY. |
| 195 SSL_ClearSessionCache(); | 203 SSL_ClearSessionCache(); |
| 196 if (model_fd_) | 204 if (model_fd_) |
| 197 PR_Close(model_fd_); | 205 PR_Close(model_fd_); |
| 198 } | 206 } |
| 199 | 207 |
| 200 private: | 208 private: |
| 201 PRFileDesc* model_fd_; | 209 PRFileDesc* model_fd_; |
| 202 }; | 210 }; |
| 203 | 211 |
| 204 static base::LazyInstance<NSSSSLInitSingleton>::Leaky g_nss_ssl_init_singleton = | 212 base::LazyInstance<NSSSSLInitSingleton>::Leaky g_nss_ssl_init_singleton = |
| 205 LAZY_INSTANCE_INITIALIZER; | 213 LAZY_INSTANCE_INITIALIZER; |
| 206 | 214 |
| 215 } // anonymous namespace | |
| 216 | |
| 207 // Initialize the NSS SSL library if it isn't already initialized. This must | 217 // Initialize the NSS SSL library if it isn't already initialized. This must |
| 208 // be called before any other NSS SSL functions. This function is | 218 // be called before any other NSS SSL functions. This function is |
| 209 // thread-safe, and the NSS SSL library will only ever be initialized once. | 219 // thread-safe, and the NSS SSL library will only ever be initialized once. |
| 210 // The NSS SSL library will be properly shut down on program exit. | 220 // The NSS SSL library will be properly shut down on program exit. |
| 211 void EnsureNSSSSLInit() { | 221 void EnsureNSSSSLInit() { |
| 212 // Initializing SSL causes us to do blocking IO. | 222 // Initializing SSL causes us to do blocking IO. |
| 213 // Temporarily allow it until we fix | 223 // Temporarily allow it until we fix |
| 214 // http://code.google.com/p/chromium/issues/detail?id=59847 | 224 // http://code.google.com/p/chromium/issues/detail?id=59847 |
| 215 base::ThreadRestrictions::ScopedAllowIO allow_io; | 225 base::ThreadRestrictions::ScopedAllowIO allow_io; |
| 216 | 226 |
| (...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 392 const char* function, | 402 const char* function, |
| 393 const char* param) { | 403 const char* param) { |
| 394 DCHECK(function); | 404 DCHECK(function); |
| 395 DCHECK(param); | 405 DCHECK(param); |
| 396 net_log.AddEvent( | 406 net_log.AddEvent( |
| 397 NetLog::TYPE_SSL_NSS_ERROR, | 407 NetLog::TYPE_SSL_NSS_ERROR, |
| 398 base::Bind(&NetLogSSLFailedNSSFunctionCallback, | 408 base::Bind(&NetLogSSLFailedNSSFunctionCallback, |
| 399 function, param, PR_GetError())); | 409 function, param, PR_GetError())); |
| 400 } | 410 } |
| 401 | 411 |
| 412 NetLog::ParametersCallback CreateNetLogSSLErrorCallback(int net_error, | |
| 413 int ssl_lib_error) { | |
| 414 return base::Bind(&NetLogSSLErrorCallback, net_error, ssl_lib_error); | |
| 415 } | |
| 416 | |
| 402 } // namespace net | 417 } // namespace net |
| OLD | NEW |
