Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(125)

Side by Side Diff: net/socket/ssl_client_socket_mac.cc

Issue 5386001: Cache certificate verification results in memory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_mac.h ('k') | net/socket/ssl_client_socket_mac_factory.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_mac.h" 5 #include "net/socket/ssl_client_socket_mac.h"
6 6
7 #include <CoreServices/CoreServices.h> 7 #include <CoreServices/CoreServices.h>
8 #include <netdb.h> 8 #include <netdb.h>
9 #include <sys/socket.h> 9 #include <sys/socket.h>
10 #include <sys/types.h> 10 #include <sys/types.h>
(...skipping 502 matching lines...) Expand 10 before | Expand all | Expand 10 after
513 ciphers_.push_back(supported_ciphers[i]); 513 ciphers_.push_back(supported_ciphers[i]);
514 } 514 }
515 } 515 }
516 516
517 } // namespace 517 } // namespace
518 518
519 //----------------------------------------------------------------------------- 519 //-----------------------------------------------------------------------------
520 520
521 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket, 521 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket,
522 const HostPortPair& host_and_port, 522 const HostPortPair& host_and_port,
523 const SSLConfig& ssl_config) 523 const SSLConfig& ssl_config,
524 CertVerifier* cert_verifier)
524 : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete), 525 : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete),
525 transport_read_callback_(this, 526 transport_read_callback_(this,
526 &SSLClientSocketMac::OnTransportReadComplete), 527 &SSLClientSocketMac::OnTransportReadComplete),
527 transport_write_callback_(this, 528 transport_write_callback_(this,
528 &SSLClientSocketMac::OnTransportWriteComplete), 529 &SSLClientSocketMac::OnTransportWriteComplete),
529 transport_(transport_socket), 530 transport_(transport_socket),
530 host_and_port_(host_and_port), 531 host_and_port_(host_and_port),
531 ssl_config_(ssl_config), 532 ssl_config_(ssl_config),
532 user_connect_callback_(NULL), 533 user_connect_callback_(NULL),
533 user_read_callback_(NULL), 534 user_read_callback_(NULL),
534 user_write_callback_(NULL), 535 user_write_callback_(NULL),
535 user_read_buf_len_(0), 536 user_read_buf_len_(0),
536 user_write_buf_len_(0), 537 user_write_buf_len_(0),
537 next_handshake_state_(STATE_NONE), 538 next_handshake_state_(STATE_NONE),
539 cert_verifier_(cert_verifier),
538 renegotiating_(false), 540 renegotiating_(false),
539 client_cert_requested_(false), 541 client_cert_requested_(false),
540 ssl_context_(NULL), 542 ssl_context_(NULL),
541 pending_send_error_(OK), 543 pending_send_error_(OK),
542 net_log_(transport_socket->socket()->NetLog()) { 544 net_log_(transport_socket->socket()->NetLog()) {
543 // Sort the list of ciphers to disable, since disabling ciphers on Mac 545 // Sort the list of ciphers to disable, since disabling ciphers on Mac
544 // requires subtracting from a list of enabled ciphers while maintaining 546 // requires subtracting from a list of enabled ciphers while maintaining
545 // ordering, as opposed to merely needing to iterate them as with NSS. 547 // ordering, as opposed to merely needing to iterate them as with NSS.
546 sort(ssl_config_.disabled_cipher_suites.begin(), 548 sort(ssl_config_.disabled_cipher_suites.begin(),
547 ssl_config_.disabled_cipher_suites.end()); 549 ssl_config_.disabled_cipher_suites.end());
(...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after
1059 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; 1061 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE;
1060 1062
1061 DCHECK(server_cert_); 1063 DCHECK(server_cert_);
1062 1064
1063 VLOG(1) << "DoVerifyCert..."; 1065 VLOG(1) << "DoVerifyCert...";
1064 int flags = 0; 1066 int flags = 0;
1065 if (ssl_config_.rev_checking_enabled) 1067 if (ssl_config_.rev_checking_enabled)
1066 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 1068 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
1067 if (ssl_config_.verify_ev_cert) 1069 if (ssl_config_.verify_ev_cert)
1068 flags |= X509Certificate::VERIFY_EV_CERT; 1070 flags |= X509Certificate::VERIFY_EV_CERT;
1069 verifier_.reset(new CertVerifier); 1071 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
1070 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, 1072 return verifier_->Verify(server_cert_, host_and_port_.host(), flags,
1071 &server_cert_verify_result_, 1073 &server_cert_verify_result_,
1072 &handshake_io_callback_); 1074 &handshake_io_callback_);
1073 } 1075 }
1074 1076
1075 int SSLClientSocketMac::DoVerifyCertComplete(int result) { 1077 int SSLClientSocketMac::DoVerifyCertComplete(int result) {
1076 DCHECK(verifier_.get()); 1078 DCHECK(verifier_.get());
1077 verifier_.reset(); 1079 verifier_.reset();
1078 1080
1079 VLOG(1) << "...DoVerifyCertComplete (result=" << result << ")"; 1081 VLOG(1) << "...DoVerifyCertComplete (result=" << result << ")";
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after
1322 if (rv < 0 && rv != ERR_IO_PENDING) { 1324 if (rv < 0 && rv != ERR_IO_PENDING) {
1323 us->write_io_buf_ = NULL; 1325 us->write_io_buf_ = NULL;
1324 return OSStatusFromNetError(rv); 1326 return OSStatusFromNetError(rv);
1325 } 1327 }
1326 1328
1327 // always lie to our caller 1329 // always lie to our caller
1328 return noErr; 1330 return noErr;
1329 } 1331 }
1330 1332
1331 } // namespace net 1333 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_mac.h ('k') | net/socket/ssl_client_socket_mac_factory.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698