Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 5386001: Cache certificate verification results in memory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/ssl_client_socket_pool.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <openssl/ssl.h> 10 #include <openssl/ssl.h>
(...skipping 362 matching lines...) Expand 10 before | Expand all | Expand 10 after
373 } 373 }
374 long set_mask; 374 long set_mask;
375 long clear_mask; 375 long clear_mask;
376 }; 376 };
377 377
378 } // namespace 378 } // namespace
379 379
380 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( 380 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
381 ClientSocketHandle* transport_socket, 381 ClientSocketHandle* transport_socket,
382 const HostPortPair& host_and_port, 382 const HostPortPair& host_and_port,
383 const SSLConfig& ssl_config) 383 const SSLConfig& ssl_config,
384 CertVerifier* cert_verifier)
384 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( 385 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_(
385 this, &SSLClientSocketOpenSSL::BufferSendComplete)), 386 this, &SSLClientSocketOpenSSL::BufferSendComplete)),
386 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( 387 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_(
387 this, &SSLClientSocketOpenSSL::BufferRecvComplete)), 388 this, &SSLClientSocketOpenSSL::BufferRecvComplete)),
388 transport_send_busy_(false), 389 transport_send_busy_(false),
389 transport_recv_busy_(false), 390 transport_recv_busy_(false),
390 user_connect_callback_(NULL), 391 user_connect_callback_(NULL),
391 user_read_callback_(NULL), 392 user_read_callback_(NULL),
392 user_write_callback_(NULL), 393 user_write_callback_(NULL),
393 completed_handshake_(false), 394 completed_handshake_(false),
394 client_auth_cert_needed_(false), 395 client_auth_cert_needed_(false),
396 cert_verifier_(cert_verifier),
395 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( 397 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_(
396 this, &SSLClientSocketOpenSSL::OnHandshakeIOComplete)), 398 this, &SSLClientSocketOpenSSL::OnHandshakeIOComplete)),
397 ssl_(NULL), 399 ssl_(NULL),
398 transport_bio_(NULL), 400 transport_bio_(NULL),
399 transport_(transport_socket), 401 transport_(transport_socket),
400 host_and_port_(host_and_port), 402 host_and_port_(host_and_port),
401 ssl_config_(ssl_config), 403 ssl_config_(ssl_config),
402 trying_cached_session_(false), 404 trying_cached_session_(false),
403 npn_status_(kNextProtoUnsupported), 405 npn_status_(kNextProtoUnsupported),
404 net_log_(transport_socket->socket()->NetLog()) { 406 net_log_(transport_socket->socket()->NetLog()) {
(...skipping 401 matching lines...) Expand 10 before | Expand all | Expand 10 after
806 808
807 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { 809 int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
808 DCHECK(server_cert_); 810 DCHECK(server_cert_);
809 GotoState(STATE_VERIFY_CERT_COMPLETE); 811 GotoState(STATE_VERIFY_CERT_COMPLETE);
810 int flags = 0; 812 int flags = 0;
811 813
812 if (ssl_config_.rev_checking_enabled) 814 if (ssl_config_.rev_checking_enabled)
813 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 815 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
814 if (ssl_config_.verify_ev_cert) 816 if (ssl_config_.verify_ev_cert)
815 flags |= X509Certificate::VERIFY_EV_CERT; 817 flags |= X509Certificate::VERIFY_EV_CERT;
816 verifier_.reset(new CertVerifier); 818 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
817 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, 819 return verifier_->Verify(server_cert_, host_and_port_.host(), flags,
818 &server_cert_verify_result_, 820 &server_cert_verify_result_,
819 &handshake_io_callback_); 821 &handshake_io_callback_);
820 } 822 }
821 823
822 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { 824 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
823 verifier_.reset(); 825 verifier_.reset();
824 826
825 if (result == OK) { 827 if (result == OK) {
826 // TODO(joth): Work out if we need to remember the intermediate CA certs 828 // TODO(joth): Work out if we need to remember the intermediate CA certs
(...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after
1181 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); 1183 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
1182 1184
1183 if (rv >= 0) 1185 if (rv >= 0)
1184 return rv; 1186 return rv;
1185 1187
1186 int err = SSL_get_error(ssl_, rv); 1188 int err = SSL_get_error(ssl_, rv);
1187 return MapOpenSSLError(err, err_tracer); 1189 return MapOpenSSLError(err, err_tracer);
1188 } 1190 }
1189 1191
1190 } // namespace net 1192 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/ssl_client_socket_pool.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698