OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_win.h" | 5 #include "net/socket/ssl_client_socket_win.h" |
6 | 6 |
7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
8 #include <map> | 8 #include <map> |
9 | 9 |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
369 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to | 369 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to |
370 // have room for a full SSL record, with the header and trailer. Here is the | 370 // have room for a full SSL record, with the header and trailer. Here is the |
371 // breakdown of the size: | 371 // breakdown of the size: |
372 // 5: SSL record header | 372 // 5: SSL record header |
373 // 16K: SSL record maximum size | 373 // 16K: SSL record maximum size |
374 // 64: >= SSL record trailer (16 or 20 have been observed) | 374 // 64: >= SSL record trailer (16 or 20 have been observed) |
375 static const int kRecvBufferSize = (5 + 16*1024 + 64); | 375 static const int kRecvBufferSize = (5 + 16*1024 + 64); |
376 | 376 |
377 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket, | 377 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket, |
378 const HostPortPair& host_and_port, | 378 const HostPortPair& host_and_port, |
379 const SSLConfig& ssl_config) | 379 const SSLConfig& ssl_config, |
| 380 CertVerifier* cert_verifier) |
380 : ALLOW_THIS_IN_INITIALIZER_LIST( | 381 : ALLOW_THIS_IN_INITIALIZER_LIST( |
381 handshake_io_callback_(this, | 382 handshake_io_callback_(this, |
382 &SSLClientSocketWin::OnHandshakeIOComplete)), | 383 &SSLClientSocketWin::OnHandshakeIOComplete)), |
383 ALLOW_THIS_IN_INITIALIZER_LIST( | 384 ALLOW_THIS_IN_INITIALIZER_LIST( |
384 read_callback_(this, &SSLClientSocketWin::OnReadComplete)), | 385 read_callback_(this, &SSLClientSocketWin::OnReadComplete)), |
385 ALLOW_THIS_IN_INITIALIZER_LIST( | 386 ALLOW_THIS_IN_INITIALIZER_LIST( |
386 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)), | 387 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)), |
387 transport_(transport_socket), | 388 transport_(transport_socket), |
388 host_and_port_(host_and_port), | 389 host_and_port_(host_and_port), |
389 ssl_config_(ssl_config), | 390 ssl_config_(ssl_config), |
390 user_connect_callback_(NULL), | 391 user_connect_callback_(NULL), |
391 user_read_callback_(NULL), | 392 user_read_callback_(NULL), |
392 user_read_buf_len_(0), | 393 user_read_buf_len_(0), |
393 user_write_callback_(NULL), | 394 user_write_callback_(NULL), |
394 user_write_buf_len_(0), | 395 user_write_buf_len_(0), |
395 next_state_(STATE_NONE), | 396 next_state_(STATE_NONE), |
| 397 cert_verifier_(cert_verifier), |
396 creds_(NULL), | 398 creds_(NULL), |
397 isc_status_(SEC_E_OK), | 399 isc_status_(SEC_E_OK), |
398 payload_send_buffer_len_(0), | 400 payload_send_buffer_len_(0), |
399 bytes_sent_(0), | 401 bytes_sent_(0), |
400 decrypted_ptr_(NULL), | 402 decrypted_ptr_(NULL), |
401 bytes_decrypted_(0), | 403 bytes_decrypted_(0), |
402 received_ptr_(NULL), | 404 received_ptr_(NULL), |
403 bytes_received_(0), | 405 bytes_received_(0), |
404 writing_first_token_(false), | 406 writing_first_token_(false), |
405 ignore_ok_result_(false), | 407 ignore_ok_result_(false), |
(...skipping 711 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1117 int SSLClientSocketWin::DoVerifyCert() { | 1119 int SSLClientSocketWin::DoVerifyCert() { |
1118 next_state_ = STATE_VERIFY_CERT_COMPLETE; | 1120 next_state_ = STATE_VERIFY_CERT_COMPLETE; |
1119 | 1121 |
1120 DCHECK(server_cert_); | 1122 DCHECK(server_cert_); |
1121 | 1123 |
1122 int flags = 0; | 1124 int flags = 0; |
1123 if (ssl_config_.rev_checking_enabled) | 1125 if (ssl_config_.rev_checking_enabled) |
1124 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 1126 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
1125 if (ssl_config_.verify_ev_cert) | 1127 if (ssl_config_.verify_ev_cert) |
1126 flags |= X509Certificate::VERIFY_EV_CERT; | 1128 flags |= X509Certificate::VERIFY_EV_CERT; |
1127 verifier_.reset(new CertVerifier); | 1129 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
1128 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 1130 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
1129 &server_cert_verify_result_, | 1131 &server_cert_verify_result_, |
1130 &handshake_io_callback_); | 1132 &handshake_io_callback_); |
1131 } | 1133 } |
1132 | 1134 |
1133 int SSLClientSocketWin::DoVerifyCertComplete(int result) { | 1135 int SSLClientSocketWin::DoVerifyCertComplete(int result) { |
1134 DCHECK(verifier_.get()); | 1136 DCHECK(verifier_.get()); |
1135 verifier_.reset(); | 1137 verifier_.reset(); |
1136 | 1138 |
1137 // If we have been explicitly told to accept this certificate, override the | 1139 // If we have been explicitly told to accept this certificate, override the |
(...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1511 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | 1513 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); |
1512 } | 1514 } |
1513 | 1515 |
1514 void SSLClientSocketWin::FreeSendBuffer() { | 1516 void SSLClientSocketWin::FreeSendBuffer() { |
1515 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1517 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
1516 DCHECK(status == SEC_E_OK); | 1518 DCHECK(status == SEC_E_OK); |
1517 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1519 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
1518 } | 1520 } |
1519 | 1521 |
1520 } // namespace net | 1522 } // namespace net |
OLD | NEW |