| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/openssl_ssl_util.h" | 5 #include "net/ssl/openssl_ssl_util.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 | 8 |
| 9 #include <openssl/err.h> | 9 #include <openssl/err.h> |
| 10 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 55 } | 55 } |
| 56 | 56 |
| 57 int MapOpenSSLErrorSSL(unsigned long error_code) { | 57 int MapOpenSSLErrorSSL(unsigned long error_code) { |
| 58 DCHECK_EQ(ERR_LIB_SSL, ERR_GET_LIB(error_code)); | 58 DCHECK_EQ(ERR_LIB_SSL, ERR_GET_LIB(error_code)); |
| 59 | 59 |
| 60 DVLOG(1) << "OpenSSL SSL error, reason: " << ERR_GET_REASON(error_code) | 60 DVLOG(1) << "OpenSSL SSL error, reason: " << ERR_GET_REASON(error_code) |
| 61 << ", name: " << ERR_error_string(error_code, NULL); | 61 << ", name: " << ERR_error_string(error_code, NULL); |
| 62 switch (ERR_GET_REASON(error_code)) { | 62 switch (ERR_GET_REASON(error_code)) { |
| 63 case SSL_R_READ_TIMEOUT_EXPIRED: | 63 case SSL_R_READ_TIMEOUT_EXPIRED: |
| 64 return ERR_TIMED_OUT; | 64 return ERR_TIMED_OUT; |
| 65 case SSL_R_BAD_RESPONSE_ARGUMENT: | |
| 66 return ERR_INVALID_ARGUMENT; | |
| 67 case SSL_R_UNKNOWN_CERTIFICATE_TYPE: | 65 case SSL_R_UNKNOWN_CERTIFICATE_TYPE: |
| 68 case SSL_R_UNKNOWN_CIPHER_TYPE: | 66 case SSL_R_UNKNOWN_CIPHER_TYPE: |
| 69 case SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE: | 67 case SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE: |
| 70 case SSL_R_UNKNOWN_PKEY_TYPE: | 68 case SSL_R_UNKNOWN_PKEY_TYPE: |
| 71 case SSL_R_UNKNOWN_REMOTE_ERROR_TYPE: | |
| 72 case SSL_R_UNKNOWN_SSL_VERSION: | 69 case SSL_R_UNKNOWN_SSL_VERSION: |
| 73 return ERR_NOT_IMPLEMENTED; | 70 return ERR_NOT_IMPLEMENTED; |
| 74 case SSL_R_UNSUPPORTED_SSL_VERSION: | 71 case SSL_R_UNSUPPORTED_SSL_VERSION: |
| 75 case SSL_R_NO_CIPHER_MATCH: | 72 case SSL_R_NO_CIPHER_MATCH: |
| 76 case SSL_R_NO_SHARED_CIPHER: | 73 case SSL_R_NO_SHARED_CIPHER: |
| 77 case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY: | 74 case SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY: |
| 78 case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION: | 75 case SSL_R_TLSV1_ALERT_PROTOCOL_VERSION: |
| 79 case SSL_R_UNSUPPORTED_PROTOCOL: | 76 case SSL_R_UNSUPPORTED_PROTOCOL: |
| 80 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; | 77 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; |
| 81 case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE: | 78 case SSL_R_SSLV3_ALERT_BAD_CERTIFICATE: |
| 82 case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE: | 79 case SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE: |
| 83 case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED: | 80 case SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED: |
| 84 case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED: | 81 case SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED: |
| 85 case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN: | 82 case SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN: |
| 86 case SSL_R_TLSV1_ALERT_ACCESS_DENIED: | 83 case SSL_R_TLSV1_ALERT_ACCESS_DENIED: |
| 87 case SSL_R_TLSV1_ALERT_UNKNOWN_CA: | 84 case SSL_R_TLSV1_ALERT_UNKNOWN_CA: |
| 88 return ERR_BAD_SSL_CLIENT_AUTH_CERT; | 85 return ERR_BAD_SSL_CLIENT_AUTH_CERT; |
| 89 case SSL_R_BAD_DECOMPRESSION: | |
| 90 case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE: | 86 case SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE: |
| 91 return ERR_SSL_DECOMPRESSION_FAILURE_ALERT; | 87 return ERR_SSL_DECOMPRESSION_FAILURE_ALERT; |
| 92 case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC: | 88 case SSL_R_SSLV3_ALERT_BAD_RECORD_MAC: |
| 93 return ERR_SSL_BAD_RECORD_MAC_ALERT; | 89 return ERR_SSL_BAD_RECORD_MAC_ALERT; |
| 94 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: | 90 case SSL_R_TLSV1_ALERT_DECRYPT_ERROR: |
| 95 return ERR_SSL_DECRYPT_ERROR_ALERT; | 91 return ERR_SSL_DECRYPT_ERROR_ALERT; |
| 96 case SSL_R_TLSV1_UNRECOGNIZED_NAME: | 92 case SSL_R_TLSV1_UNRECOGNIZED_NAME: |
| 97 return ERR_SSL_UNRECOGNIZED_NAME_ALERT; | 93 return ERR_SSL_UNRECOGNIZED_NAME_ALERT; |
| 98 case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED: | 94 case SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED: |
| 99 return ERR_SSL_UNSAFE_NEGOTIATION; | 95 return ERR_SSL_UNSAFE_NEGOTIATION; |
| 100 case SSL_R_WRONG_NUMBER_OF_KEY_BITS: | 96 case SSL_R_BAD_DH_P_LENGTH: |
| 101 return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY; | 97 return ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY; |
| 102 // SSL_R_UNKNOWN_PROTOCOL is reported if premature application data is | 98 // SSL_R_UNKNOWN_PROTOCOL is reported if premature application data is |
| 103 // received (see http://crbug.com/42538), and also if all the protocol | 99 // received (see http://crbug.com/42538), and also if all the protocol |
| 104 // versions supported by the server were disabled in this socket instance. | 100 // versions supported by the server were disabled in this socket instance. |
| 105 // Mapped to ERR_SSL_PROTOCOL_ERROR for compatibility with other SSL sockets | 101 // Mapped to ERR_SSL_PROTOCOL_ERROR for compatibility with other SSL sockets |
| 106 // in the former scenario. | 102 // in the former scenario. |
| 107 case SSL_R_UNKNOWN_PROTOCOL: | 103 case SSL_R_UNKNOWN_PROTOCOL: |
| 108 case SSL_R_SSL_HANDSHAKE_FAILURE: | 104 case SSL_R_SSL_HANDSHAKE_FAILURE: |
| 109 case SSL_R_DECRYPTION_FAILED: | 105 case SSL_R_DECRYPTION_FAILED: |
| 110 case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC: | 106 case SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC: |
| 111 case SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG: | 107 case SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG: |
| 112 case SSL_R_DIGEST_CHECK_FAILED: | 108 case SSL_R_DIGEST_CHECK_FAILED: |
| 113 case SSL_R_DUPLICATE_COMPRESSION_ID: | |
| 114 case SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER: | |
| 115 case SSL_R_ENCRYPTED_LENGTH_TOO_LONG: | 109 case SSL_R_ENCRYPTED_LENGTH_TOO_LONG: |
| 116 case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST: | 110 case SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST: |
| 117 case SSL_R_EXCESSIVE_MESSAGE_SIZE: | 111 case SSL_R_EXCESSIVE_MESSAGE_SIZE: |
| 118 case SSL_R_EXTRA_DATA_IN_MESSAGE: | 112 case SSL_R_EXTRA_DATA_IN_MESSAGE: |
| 119 case SSL_R_GOT_A_FIN_BEFORE_A_CCS: | 113 case SSL_R_GOT_A_FIN_BEFORE_A_CCS: |
| 120 case SSL_R_ILLEGAL_PADDING: | |
| 121 case SSL_R_INVALID_CHALLENGE_LENGTH: | |
| 122 case SSL_R_INVALID_COMMAND: | 114 case SSL_R_INVALID_COMMAND: |
| 123 case SSL_R_INVALID_PURPOSE: | |
| 124 case SSL_R_INVALID_STATUS_RESPONSE: | 115 case SSL_R_INVALID_STATUS_RESPONSE: |
| 125 case SSL_R_INVALID_TICKET_KEYS_LENGTH: | 116 case SSL_R_INVALID_TICKET_KEYS_LENGTH: |
| 126 case SSL_R_KEY_ARG_TOO_LONG: | |
| 127 case SSL_R_READ_WRONG_PACKET_TYPE: | |
| 128 // SSL_do_handshake reports this error when the server responds to a | 117 // SSL_do_handshake reports this error when the server responds to a |
| 129 // ClientHello with a fatal close_notify alert. | 118 // ClientHello with a fatal close_notify alert. |
| 130 case SSL_AD_REASON_OFFSET + SSL_AD_CLOSE_NOTIFY: | 119 case SSL_AD_REASON_OFFSET + SSL_AD_CLOSE_NOTIFY: |
| 131 case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE: | 120 case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE: |
| 132 // TODO(joth): SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the | 121 // TODO(joth): SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the |
| 133 // server after receiving ClientHello if there's no common supported cipher. | 122 // server after receiving ClientHello if there's no common supported cipher. |
| 134 // Ideally we'd map that specific case to ERR_SSL_VERSION_OR_CIPHER_MISMATCH | 123 // Ideally we'd map that specific case to ERR_SSL_VERSION_OR_CIPHER_MISMATCH |
| 135 // to match the NSS implementation. See also http://goo.gl/oMtZW | 124 // to match the NSS implementation. See also http://goo.gl/oMtZW |
| 136 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: | 125 case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: |
| 137 case SSL_R_SSLV3_ALERT_NO_CERTIFICATE: | 126 case SSL_R_SSLV3_ALERT_NO_CERTIFICATE: |
| (...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 195 } while (error_code != 0); | 184 } while (error_code != 0); |
| 196 return ERR_SSL_PROTOCOL_ERROR; | 185 return ERR_SSL_PROTOCOL_ERROR; |
| 197 default: | 186 default: |
| 198 // TODO(joth): Implement full mapping. | 187 // TODO(joth): Implement full mapping. |
| 199 LOG(WARNING) << "Unknown OpenSSL error " << err; | 188 LOG(WARNING) << "Unknown OpenSSL error " << err; |
| 200 return ERR_SSL_PROTOCOL_ERROR; | 189 return ERR_SSL_PROTOCOL_ERROR; |
| 201 } | 190 } |
| 202 } | 191 } |
| 203 | 192 |
| 204 } // namespace net | 193 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 495553002:
Remove unused error codes and fix mapping of weak DH key. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master