OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_mac.h" | 5 #include "net/socket/ssl_client_socket_mac.h" |
6 | 6 |
7 #include <CoreServices/CoreServices.h> | 7 #include <CoreServices/CoreServices.h> |
8 #include <netdb.h> | 8 #include <netdb.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
(...skipping 499 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
510 ciphers_.push_back(supported_ciphers[i]); | 510 ciphers_.push_back(supported_ciphers[i]); |
511 } | 511 } |
512 } | 512 } |
513 | 513 |
514 } // namespace | 514 } // namespace |
515 | 515 |
516 //----------------------------------------------------------------------------- | 516 //----------------------------------------------------------------------------- |
517 | 517 |
518 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket, | 518 SSLClientSocketMac::SSLClientSocketMac(ClientSocketHandle* transport_socket, |
519 const HostPortPair& host_and_port, | 519 const HostPortPair& host_and_port, |
520 const SSLConfig& ssl_config) | 520 const SSLConfig& ssl_config, |
| 521 CertVerifier* cert_verifier) |
521 : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete), | 522 : handshake_io_callback_(this, &SSLClientSocketMac::OnHandshakeIOComplete), |
522 transport_read_callback_(this, | 523 transport_read_callback_(this, |
523 &SSLClientSocketMac::OnTransportReadComplete), | 524 &SSLClientSocketMac::OnTransportReadComplete), |
524 transport_write_callback_(this, | 525 transport_write_callback_(this, |
525 &SSLClientSocketMac::OnTransportWriteComplete), | 526 &SSLClientSocketMac::OnTransportWriteComplete), |
526 transport_(transport_socket), | 527 transport_(transport_socket), |
527 host_and_port_(host_and_port), | 528 host_and_port_(host_and_port), |
528 ssl_config_(ssl_config), | 529 ssl_config_(ssl_config), |
529 user_connect_callback_(NULL), | 530 user_connect_callback_(NULL), |
530 user_read_callback_(NULL), | 531 user_read_callback_(NULL), |
531 user_write_callback_(NULL), | 532 user_write_callback_(NULL), |
532 user_read_buf_len_(0), | 533 user_read_buf_len_(0), |
533 user_write_buf_len_(0), | 534 user_write_buf_len_(0), |
534 next_handshake_state_(STATE_NONE), | 535 next_handshake_state_(STATE_NONE), |
| 536 cert_verifier_(cert_verifier), |
535 renegotiating_(false), | 537 renegotiating_(false), |
536 client_cert_requested_(false), | 538 client_cert_requested_(false), |
537 ssl_context_(NULL), | 539 ssl_context_(NULL), |
538 pending_send_error_(OK), | 540 pending_send_error_(OK), |
539 net_log_(transport_socket->socket()->NetLog()) { | 541 net_log_(transport_socket->socket()->NetLog()) { |
540 // Sort the list of ciphers to disable, since disabling ciphers on Mac | 542 // Sort the list of ciphers to disable, since disabling ciphers on Mac |
541 // requires subtracting from a list of enabled ciphers while maintaining | 543 // requires subtracting from a list of enabled ciphers while maintaining |
542 // ordering, as opposed to merely needing to iterate them as with NSS. | 544 // ordering, as opposed to merely needing to iterate them as with NSS. |
543 sort(ssl_config_.disabled_cipher_suites.begin(), | 545 sort(ssl_config_.disabled_cipher_suites.begin(), |
544 ssl_config_.disabled_cipher_suites.end()); | 546 ssl_config_.disabled_cipher_suites.end()); |
(...skipping 511 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1056 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; | 1058 next_handshake_state_ = STATE_VERIFY_CERT_COMPLETE; |
1057 | 1059 |
1058 DCHECK(server_cert_); | 1060 DCHECK(server_cert_); |
1059 | 1061 |
1060 VLOG(1) << "DoVerifyCert..."; | 1062 VLOG(1) << "DoVerifyCert..."; |
1061 int flags = 0; | 1063 int flags = 0; |
1062 if (ssl_config_.rev_checking_enabled) | 1064 if (ssl_config_.rev_checking_enabled) |
1063 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 1065 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
1064 if (ssl_config_.verify_ev_cert) | 1066 if (ssl_config_.verify_ev_cert) |
1065 flags |= X509Certificate::VERIFY_EV_CERT; | 1067 flags |= X509Certificate::VERIFY_EV_CERT; |
1066 verifier_.reset(new CertVerifier); | 1068 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
1067 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 1069 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
1068 &server_cert_verify_result_, | 1070 &server_cert_verify_result_, |
1069 &handshake_io_callback_); | 1071 &handshake_io_callback_); |
1070 } | 1072 } |
1071 | 1073 |
1072 int SSLClientSocketMac::DoVerifyCertComplete(int result) { | 1074 int SSLClientSocketMac::DoVerifyCertComplete(int result) { |
1073 DCHECK(verifier_.get()); | 1075 DCHECK(verifier_.get()); |
1074 verifier_.reset(); | 1076 verifier_.reset(); |
1075 | 1077 |
1076 VLOG(1) << "...DoVerifyCertComplete (result=" << result << ")"; | 1078 VLOG(1) << "...DoVerifyCertComplete (result=" << result << ")"; |
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1319 if (rv < 0 && rv != ERR_IO_PENDING) { | 1321 if (rv < 0 && rv != ERR_IO_PENDING) { |
1320 us->write_io_buf_ = NULL; | 1322 us->write_io_buf_ = NULL; |
1321 return OSStatusFromNetError(rv); | 1323 return OSStatusFromNetError(rv); |
1322 } | 1324 } |
1323 | 1325 |
1324 // always lie to our caller | 1326 // always lie to our caller |
1325 return noErr; | 1327 return noErr; |
1326 } | 1328 } |
1327 | 1329 |
1328 } // namespace net | 1330 } // namespace net |
OLD | NEW |