| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 390 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 401 unsigned num_certs_; | 401 unsigned num_certs_; |
| 402 CERTCertificate** certs_; | 402 CERTCertificate** certs_; |
| 403 }; | 403 }; |
| 404 | 404 |
| 405 } // namespace | 405 } // namespace |
| 406 | 406 |
| 407 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, | 407 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, |
| 408 const HostPortPair& host_and_port, | 408 const HostPortPair& host_and_port, |
| 409 const SSLConfig& ssl_config, | 409 const SSLConfig& ssl_config, |
| 410 SSLHostInfo* ssl_host_info, | 410 SSLHostInfo* ssl_host_info, |
| 411 CertVerifier* cert_verifier, |
| 411 DnsCertProvenanceChecker* dns_ctx) | 412 DnsCertProvenanceChecker* dns_ctx) |
| 412 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( | 413 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( |
| 413 this, &SSLClientSocketNSS::BufferSendComplete)), | 414 this, &SSLClientSocketNSS::BufferSendComplete)), |
| 414 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( | 415 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( |
| 415 this, &SSLClientSocketNSS::BufferRecvComplete)), | 416 this, &SSLClientSocketNSS::BufferRecvComplete)), |
| 416 transport_send_busy_(false), | 417 transport_send_busy_(false), |
| 417 transport_recv_busy_(false), | 418 transport_recv_busy_(false), |
| 418 corked_(false), | 419 corked_(false), |
| 419 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( | 420 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( |
| 420 this, &SSLClientSocketNSS::OnHandshakeIOComplete)), | 421 this, &SSLClientSocketNSS::OnHandshakeIOComplete)), |
| 421 transport_(transport_socket), | 422 transport_(transport_socket), |
| 422 host_and_port_(host_and_port), | 423 host_and_port_(host_and_port), |
| 423 ssl_config_(ssl_config), | 424 ssl_config_(ssl_config), |
| 424 user_connect_callback_(NULL), | 425 user_connect_callback_(NULL), |
| 425 user_read_callback_(NULL), | 426 user_read_callback_(NULL), |
| 426 user_write_callback_(NULL), | 427 user_write_callback_(NULL), |
| 427 user_read_buf_len_(0), | 428 user_read_buf_len_(0), |
| 428 user_write_buf_len_(0), | 429 user_write_buf_len_(0), |
| 429 server_cert_nss_(NULL), | 430 server_cert_nss_(NULL), |
| 430 server_cert_verify_result_(NULL), | 431 server_cert_verify_result_(NULL), |
| 431 ssl_connection_status_(0), | 432 ssl_connection_status_(0), |
| 432 client_auth_cert_needed_(false), | 433 client_auth_cert_needed_(false), |
| 434 cert_verifier_(cert_verifier), |
| 433 handshake_callback_called_(false), | 435 handshake_callback_called_(false), |
| 434 completed_handshake_(false), | 436 completed_handshake_(false), |
| 435 pseudo_connected_(false), | 437 pseudo_connected_(false), |
| 436 eset_mitm_detected_(false), | 438 eset_mitm_detected_(false), |
| 437 predicted_cert_chain_correct_(false), | 439 predicted_cert_chain_correct_(false), |
| 438 peername_initialized_(false), | 440 peername_initialized_(false), |
| 439 dnssec_provider_(NULL), | 441 dnssec_provider_(NULL), |
| 440 next_handshake_state_(STATE_NONE), | 442 next_handshake_state_(STATE_NONE), |
| 441 nss_fd_(NULL), | 443 nss_fd_(NULL), |
| 442 nss_bufs_(NULL), | 444 nss_bufs_(NULL), |
| (...skipping 2014 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2457 return ssl_host_info_->WaitForCertVerification(&handshake_io_callback_); | 2459 return ssl_host_info_->WaitForCertVerification(&handshake_io_callback_); |
| 2458 } else { | 2460 } else { |
| 2459 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); | 2461 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); |
| 2460 } | 2462 } |
| 2461 | 2463 |
| 2462 int flags = 0; | 2464 int flags = 0; |
| 2463 if (ssl_config_.rev_checking_enabled) | 2465 if (ssl_config_.rev_checking_enabled) |
| 2464 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 2466 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 2465 if (ssl_config_.verify_ev_cert) | 2467 if (ssl_config_.verify_ev_cert) |
| 2466 flags |= X509Certificate::VERIFY_EV_CERT; | 2468 flags |= X509Certificate::VERIFY_EV_CERT; |
| 2467 verifier_.reset(new CertVerifier); | 2469 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
| 2468 server_cert_verify_result_ = &local_server_cert_verify_result_; | 2470 server_cert_verify_result_ = &local_server_cert_verify_result_; |
| 2469 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 2471 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
| 2470 &local_server_cert_verify_result_, | 2472 &local_server_cert_verify_result_, |
| 2471 &handshake_io_callback_); | 2473 &handshake_io_callback_); |
| 2472 } | 2474 } |
| 2473 | 2475 |
| 2474 // Derived from AuthCertificateCallback() in | 2476 // Derived from AuthCertificateCallback() in |
| 2475 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | 2477 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 2476 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | 2478 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { |
| 2477 verifier_.reset(); | 2479 verifier_.reset(); |
| (...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2628 case SSL_CONNECTION_VERSION_TLS1_1: | 2630 case SSL_CONNECTION_VERSION_TLS1_1: |
| 2629 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); | 2631 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); |
| 2630 break; | 2632 break; |
| 2631 case SSL_CONNECTION_VERSION_TLS1_2: | 2633 case SSL_CONNECTION_VERSION_TLS1_2: |
| 2632 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); | 2634 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); |
| 2633 break; | 2635 break; |
| 2634 }; | 2636 }; |
| 2635 } | 2637 } |
| 2636 | 2638 |
| 2637 } // namespace net | 2639 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5386001:
Cache certificate verification results in memory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/