OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_mac.h" | 5 #include "net/socket/ssl_client_socket_mac.h" |
6 | 6 |
7 #include <CoreServices/CoreServices.h> | 7 #include <CoreServices/CoreServices.h> |
8 #include <netdb.h> | 8 #include <netdb.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
(...skipping 502 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
513 ciphers_.push_back(supported_ciphers[i]); | 513 ciphers_.push_back(supported_ciphers[i]); |
514 } | 514 } |
515 } | 515 } |
516 | 516 |
517 } // namespace | 517 } // namespace |
518 | 518 |
519 //----------------------------------------------------------------------------- | 519 //----------------------------------------------------------------------------- |
520 | 520 |
521 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket, | 521 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket, |
522 const HostPortPair& host_and_port, | 522 const HostPortPair& host_and_port, |
523 const SSLConfig& ssl_config) | 523 const SSLConfig& ssl_config, |
| 524 CertVerifier* cert_verifier) |
524 : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete), | 525 : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete), |
525 transport_read_callback_(this, | 526 transport_read_callback_(this, |
526 &SSLClientSocketMac::OnTransportReadComplete), | 527 &SSLClientSocketMac::OnTransportReadComplete), |
527 transport_write_callback_(this, | 528 transport_write_callback_(this, |
528 &SSLClientSocketMac::OnTransportWriteComplete), | 529 &SSLClientSocketMac::OnTransportWriteComplete), |
529 transport_(transport_socket), | 530 transport_(transport_socket), |
530 host_and_port_(host_and_port), | 531 host_and_port_(host_and_port), |
531 ssl_config_(ssl_config), | 532 ssl_config_(ssl_config), |
532 user_connect_callback_(NULL), | 533 user_connect_callback_(NULL), |
533 user_read_callback_(NULL), | 534 user_read_callback_(NULL), |
534 user_write_callback_(NULL), | 535 user_write_callback_(NULL), |
535 user_read_buf_len_(0), | 536 user_read_buf_len_(0), |
536 user_write_buf_len_(0), | 537 user_write_buf_len_(0), |
537 next_handshake_state_(STATE_NONE), | 538 next_handshake_state_(STATE_NONE), |
| 539 cert_verifier_(cert_verifier), |
538 renegotiating_(false), | 540 renegotiating_(false), |
539 client_cert_requested_(false), | 541 client_cert_requested_(false), |
540 ssl_context_(NULL), | 542 ssl_context_(NULL), |
541 pending_send_error_(OK), | 543 pending_send_error_(OK), |
542 net_log_(transport_socket->socket()->NetLog()) { | 544 net_log_(transport_socket->socket()->NetLog()) { |
543 // Sort the list of ciphers to disable, since disabling ciphers on Mac | 545 // Sort the list of ciphers to disable, since disabling ciphers on Mac |
544 // requires subtracting from a list of enabled ciphers while maintaining | 546 // requires subtracting from a list of enabled ciphers while maintaining |
545 // ordering, as opposed to merely needing to iterate them as with NSS. | 547 // ordering, as opposed to merely needing to iterate them as with NSS. |
546 sort(ssl_config_.disabled_cipher_suites.begin(), | 548 sort(ssl_config_.disabled_cipher_suites.begin(), |
547 ssl_config_.disabled_cipher_suites.end()); | 549 ssl_config_.disabled_cipher_suites.end()); |
(...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1059 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; | 1061 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; |
1060 | 1062 |
1061 DCHECK(server_cert_); | 1063 DCHECK(server_cert_); |
1062 | 1064 |
1063 VLOG(1) << "DoVerifyCert..."; | 1065 VLOG(1) << "DoVerifyCert..."; |
1064 int flags = 0; | 1066 int flags = 0; |
1065 if (ssl_config_.rev_checking_enabled) | 1067 if (ssl_config_.rev_checking_enabled) |
1066 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 1068 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
1067 if (ssl_config_.verify_ev_cert) | 1069 if (ssl_config_.verify_ev_cert) |
1068 flags |= X509Certificate::VERIFY_EV_CERT; | 1070 flags |= X509Certificate::VERIFY_EV_CERT; |
1069 verifier_.reset(new CertVerifier); | 1071 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
1070 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 1072 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
1071 &server_cert_verify_result_, | 1073 &server_cert_verify_result_, |
1072 &handshake_io_callback_); | 1074 &handshake_io_callback_); |
1073 } | 1075 } |
1074 | 1076 |
1075 int SSLClientSocketMac::DoVerifyCertComplete(int result) { | 1077 int SSLClientSocketMac::DoVerifyCertComplete(int result) { |
1076 DCHECK(verifier_.get()); | 1078 DCHECK(verifier_.get()); |
1077 verifier_.reset(); | 1079 verifier_.reset(); |
1078 | 1080 |
1079 VLOG(1) << "...DoVerifyCertComplete (result=" << result << ")"; | 1081 VLOG(1) << "...DoVerifyCertComplete (result=" << result << ")"; |
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1322 if (rv < 0 && rv != ERR_IO_PENDING) { | 1324 if (rv < 0 && rv != ERR_IO_PENDING) { |
1323 us->write_io_buf_ = NULL; | 1325 us->write_io_buf_ = NULL; |
1324 return OSStatusFromNetError(rv); | 1326 return OSStatusFromNetError(rv); |
1325 } | 1327 } |
1326 | 1328 |
1327 // always lie to our caller | 1329 // always lie to our caller |
1328 return noErr; | 1330 return noErr; |
1329 } | 1331 } |
1330 | 1332 |
1331 } // namespace net | 1333 } // namespace net |
OLD | NEW |