OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 387 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
398 unsigned num_certs_; | 398 unsigned num_certs_; |
399 CERTCertificate** certs_; | 399 CERTCertificate** certs_; |
400 }; | 400 }; |
401 | 401 |
402 } // namespace | 402 } // namespace |
403 | 403 |
404 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, | 404 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, |
405 const HostPortPair& host_and_port, | 405 const HostPortPair& host_and_port, |
406 const SSLConfig& ssl_config, | 406 const SSLConfig& ssl_config, |
407 SSLHostInfo* ssl_host_info, | 407 SSLHostInfo* ssl_host_info, |
| 408 CertVerifier* cert_verifier, |
408 DnsCertProvenanceChecker* dns_ctx) | 409 DnsCertProvenanceChecker* dns_ctx) |
409 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( | 410 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( |
410 this, &SSLClientSocketNSS::BufferSendComplete)), | 411 this, &SSLClientSocketNSS::BufferSendComplete)), |
411 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( | 412 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( |
412 this, &SSLClientSocketNSS::BufferRecvComplete)), | 413 this, &SSLClientSocketNSS::BufferRecvComplete)), |
413 transport_send_busy_(false), | 414 transport_send_busy_(false), |
414 transport_recv_busy_(false), | 415 transport_recv_busy_(false), |
415 corked_(false), | 416 corked_(false), |
416 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( | 417 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( |
417 this, &SSLClientSocketNSS::OnHandshakeIOComplete)), | 418 this, &SSLClientSocketNSS::OnHandshakeIOComplete)), |
418 transport_(transport_socket), | 419 transport_(transport_socket), |
419 host_and_port_(host_and_port), | 420 host_and_port_(host_and_port), |
420 ssl_config_(ssl_config), | 421 ssl_config_(ssl_config), |
421 user_connect_callback_(NULL), | 422 user_connect_callback_(NULL), |
422 user_read_callback_(NULL), | 423 user_read_callback_(NULL), |
423 user_write_callback_(NULL), | 424 user_write_callback_(NULL), |
424 user_read_buf_len_(0), | 425 user_read_buf_len_(0), |
425 user_write_buf_len_(0), | 426 user_write_buf_len_(0), |
426 server_cert_nss_(NULL), | 427 server_cert_nss_(NULL), |
427 server_cert_verify_result_(NULL), | 428 server_cert_verify_result_(NULL), |
428 ssl_connection_status_(0), | 429 ssl_connection_status_(0), |
429 client_auth_cert_needed_(false), | 430 client_auth_cert_needed_(false), |
| 431 cert_verifier_(cert_verifier), |
430 handshake_callback_called_(false), | 432 handshake_callback_called_(false), |
431 completed_handshake_(false), | 433 completed_handshake_(false), |
432 pseudo_connected_(false), | 434 pseudo_connected_(false), |
433 eset_mitm_detected_(false), | 435 eset_mitm_detected_(false), |
434 predicted_cert_chain_correct_(false), | 436 predicted_cert_chain_correct_(false), |
435 peername_initialized_(false), | 437 peername_initialized_(false), |
436 dnssec_provider_(NULL), | 438 dnssec_provider_(NULL), |
437 next_handshake_state_(STATE_NONE), | 439 next_handshake_state_(STATE_NONE), |
438 nss_fd_(NULL), | 440 nss_fd_(NULL), |
439 nss_bufs_(NULL), | 441 nss_bufs_(NULL), |
(...skipping 2005 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2445 return ssl_host_info_->WaitForCertVerification(&handshake_io_callback_); | 2447 return ssl_host_info_->WaitForCertVerification(&handshake_io_callback_); |
2446 } else { | 2448 } else { |
2447 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); | 2449 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); |
2448 } | 2450 } |
2449 | 2451 |
2450 int flags = 0; | 2452 int flags = 0; |
2451 if (ssl_config_.rev_checking_enabled) | 2453 if (ssl_config_.rev_checking_enabled) |
2452 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 2454 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
2453 if (ssl_config_.verify_ev_cert) | 2455 if (ssl_config_.verify_ev_cert) |
2454 flags |= X509Certificate::VERIFY_EV_CERT; | 2456 flags |= X509Certificate::VERIFY_EV_CERT; |
2455 verifier_.reset(new CertVerifier); | 2457 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
2456 server_cert_verify_result_ = &local_server_cert_verify_result_; | 2458 server_cert_verify_result_ = &local_server_cert_verify_result_; |
2457 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 2459 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
2458 &local_server_cert_verify_result_, | 2460 &local_server_cert_verify_result_, |
2459 &handshake_io_callback_); | 2461 &handshake_io_callback_); |
2460 } | 2462 } |
2461 | 2463 |
2462 // Derived from AuthCertificateCallback() in | 2464 // Derived from AuthCertificateCallback() in |
2463 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | 2465 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. |
2464 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | 2466 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { |
2465 verifier_.reset(); | 2467 verifier_.reset(); |
(...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2607 case SSL_CONNECTION_VERSION_TLS1_1: | 2609 case SSL_CONNECTION_VERSION_TLS1_1: |
2608 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); | 2610 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); |
2609 break; | 2611 break; |
2610 case SSL_CONNECTION_VERSION_TLS1_2: | 2612 case SSL_CONNECTION_VERSION_TLS1_2: |
2611 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); | 2613 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); |
2612 break; | 2614 break; |
2613 }; | 2615 }; |
2614 } | 2616 } |
2615 | 2617 |
2616 } // namespace net | 2618 } // namespace net |
OLD | NEW |