OLD | NEW |
---|---|
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 496 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
507 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | 507 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); |
508 if (rv != SECSuccess) | 508 if (rv != SECSuccess) |
509 return ERR_UNEXPECTED; | 509 return ERR_UNEXPECTED; |
510 | 510 |
511 // Tell SSL the hostname we're trying to connect to. | 511 // Tell SSL the hostname we're trying to connect to. |
512 SSL_SetURL(nss_fd_, hostname_.c_str()); | 512 SSL_SetURL(nss_fd_, hostname_.c_str()); |
513 | 513 |
514 // Set the peer ID for session reuse. This is necessary when we create an | 514 // Set the peer ID for session reuse. This is necessary when we create an |
515 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address | 515 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address |
516 // rather than the destination server's address in that case. | 516 // rather than the destination server's address in that case. |
517 // For requests in OTR mode use a modified peer id so that the session cache | |
518 // is not shared with non-OTR mode. | |
517 // TODO(wtc): port in |peer_address| is not the server's port when a proxy is | 519 // TODO(wtc): port in |peer_address| is not the server's port when a proxy is |
518 // used. | 520 // used. |
519 std::string peer_id = StringPrintf("%s:%d", hostname_.c_str(), | 521 std::string peer_id = StringPrintf("%s:%d", hostname_.c_str(), |
520 peer_address.GetPort()); | 522 peer_address.GetPort()); |
523 | |
524 // Separate session ID cache for OTR mode | |
525 if (ssl_config_.otr_mode) | |
526 peer_id += std::string("OTR"); | |
davidben
2010/07/26 21:31:33
An explicit separator here (another colon?) would
| |
527 | |
521 rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); | 528 rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); |
522 if (rv != SECSuccess) | 529 if (rv != SECSuccess) |
523 LOG(INFO) << "SSL_SetSockPeerID failed: peer_id=" << peer_id; | 530 LOG(INFO) << "SSL_SetSockPeerID failed: peer_id=" << peer_id; |
524 | 531 |
525 // Tell SSL we're a client; needed if not letting NSPR do socket I/O | 532 // Tell SSL we're a client; needed if not letting NSPR do socket I/O |
526 SSL_ResetHandshake(nss_fd_, 0); | 533 SSL_ResetHandshake(nss_fd_, 0); |
527 | 534 |
528 return OK; | 535 return OK; |
529 } | 536 } |
530 | 537 |
(...skipping 1021 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1552 PRErrorCode prerr = PR_GetError(); | 1559 PRErrorCode prerr = PR_GetError(); |
1553 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1560 if (prerr == PR_WOULD_BLOCK_ERROR) { |
1554 LeaveFunction(""); | 1561 LeaveFunction(""); |
1555 return ERR_IO_PENDING; | 1562 return ERR_IO_PENDING; |
1556 } | 1563 } |
1557 LeaveFunction(""); | 1564 LeaveFunction(""); |
1558 return MapNSPRError(prerr); | 1565 return MapNSPRError(prerr); |
1559 } | 1566 } |
1560 | 1567 |
1561 } // namespace net | 1568 } // namespace net |
OLD | NEW |