Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(226)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_win.cc

Issue 5386001: Cache certificate verification results in memory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_win.h ('k') | net/socket/ssl_host_info.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_win.h" 5 #include "net/socket/ssl_client_socket_win.h"
6 6
7 #include <schnlsp.h> 7 #include <schnlsp.h>
8 #include <map> 8 #include <map>
9 9
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
(...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after
369 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to 369 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to
370 // have room for a full SSL record, with the header and trailer. Here is the 370 // have room for a full SSL record, with the header and trailer. Here is the
371 // breakdown of the size: 371 // breakdown of the size:
372 // 5: SSL record header 372 // 5: SSL record header
373 // 16K: SSL record maximum size 373 // 16K: SSL record maximum size
374 // 64: >= SSL record trailer (16 or 20 have been observed) 374 // 64: >= SSL record trailer (16 or 20 have been observed)
375 static const int kRecvBufferSize = (5 + 16*1024 + 64); 375 static const int kRecvBufferSize = (5 + 16*1024 + 64);
376 376
377 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket, 377 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket,
378 const HostPortPair& host_and_port, 378 const HostPortPair& host_and_port,
379 const SSLConfig& ssl_config) 379 const SSLConfig& ssl_config,
380 CertVerifier* cert_verifier)
380 : ALLOW_THIS_IN_INITIALIZER_LIST( 381 : ALLOW_THIS_IN_INITIALIZER_LIST(
381 handshake_io_callback_(this, 382 handshake_io_callback_(this,
382 &SSLClientSocketWin::OnHandshakeIOComplete)), 383 &SSLClientSocketWin::OnHandshakeIOComplete)),
383 ALLOW_THIS_IN_INITIALIZER_LIST( 384 ALLOW_THIS_IN_INITIALIZER_LIST(
384 read_callback_(this, &SSLClientSocketWin::OnReadComplete)), 385 read_callback_(this, &SSLClientSocketWin::OnReadComplete)),
385 ALLOW_THIS_IN_INITIALIZER_LIST( 386 ALLOW_THIS_IN_INITIALIZER_LIST(
386 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)), 387 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)),
387 transport_(transport_socket), 388 transport_(transport_socket),
388 host_and_port_(host_and_port), 389 host_and_port_(host_and_port),
389 ssl_config_(ssl_config), 390 ssl_config_(ssl_config),
390 user_connect_callback_(NULL), 391 user_connect_callback_(NULL),
391 user_read_callback_(NULL), 392 user_read_callback_(NULL),
392 user_read_buf_len_(0), 393 user_read_buf_len_(0),
393 user_write_callback_(NULL), 394 user_write_callback_(NULL),
394 user_write_buf_len_(0), 395 user_write_buf_len_(0),
395 next_state_(STATE_NONE), 396 next_state_(STATE_NONE),
397 cert_verifier_(cert_verifier),
396 creds_(NULL), 398 creds_(NULL),
397 isc_status_(SEC_E_OK), 399 isc_status_(SEC_E_OK),
398 payload_send_buffer_len_(0), 400 payload_send_buffer_len_(0),
399 bytes_sent_(0), 401 bytes_sent_(0),
400 decrypted_ptr_(NULL), 402 decrypted_ptr_(NULL),
401 bytes_decrypted_(0), 403 bytes_decrypted_(0),
402 received_ptr_(NULL), 404 received_ptr_(NULL),
403 bytes_received_(0), 405 bytes_received_(0),
404 writing_first_token_(false), 406 writing_first_token_(false),
405 ignore_ok_result_(false), 407 ignore_ok_result_(false),
(...skipping 711 matching lines...) Expand 10 before | Expand all | Expand 10 after
1117 int SSLClientSocketWin::DoVerifyCert() { 1119 int SSLClientSocketWin::DoVerifyCert() {
1118 next_state_ = STATE_VERIFY_CERT_COMPLETE; 1120 next_state_ = STATE_VERIFY_CERT_COMPLETE;
1119 1121
1120 DCHECK(server_cert_); 1122 DCHECK(server_cert_);
1121 1123
1122 int flags = 0; 1124 int flags = 0;
1123 if (ssl_config_.rev_checking_enabled) 1125 if (ssl_config_.rev_checking_enabled)
1124 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 1126 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
1125 if (ssl_config_.verify_ev_cert) 1127 if (ssl_config_.verify_ev_cert)
1126 flags |= X509Certificate::VERIFY_EV_CERT; 1128 flags |= X509Certificate::VERIFY_EV_CERT;
1127 verifier_.reset(new CertVerifier); 1129 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
1128 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, 1130 return verifier_->Verify(server_cert_, host_and_port_.host(), flags,
1129 &server_cert_verify_result_, 1131 &server_cert_verify_result_,
1130 &handshake_io_callback_); 1132 &handshake_io_callback_);
1131 } 1133 }
1132 1134
1133 int SSLClientSocketWin::DoVerifyCertComplete(int result) { 1135 int SSLClientSocketWin::DoVerifyCertComplete(int result) {
1134 DCHECK(verifier_.get()); 1136 DCHECK(verifier_.get());
1135 verifier_.reset(); 1137 verifier_.reset();
1136 1138
1137 // If we have been explicitly told to accept this certificate, override the 1139 // If we have been explicitly told to accept this certificate, override the
(...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after
1511 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); 1513 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
1512 } 1514 }
1513 1515
1514 void SSLClientSocketWin::FreeSendBuffer() { 1516 void SSLClientSocketWin::FreeSendBuffer() {
1515 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); 1517 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
1516 DCHECK(status == SEC_E_OK); 1518 DCHECK(status == SEC_E_OK);
1517 memset(&send_buffer_, 0, sizeof(send_buffer_)); 1519 memset(&send_buffer_, 0, sizeof(send_buffer_));
1518 } 1520 }
1519 1521
1520 } // namespace net 1522 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_win.h ('k') | net/socket/ssl_host_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698