| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 387 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 398 unsigned num_certs_; | 398 unsigned num_certs_; |
| 399 CERTCertificate** certs_; | 399 CERTCertificate** certs_; |
| 400 }; | 400 }; |
| 401 | 401 |
| 402 } // namespace | 402 } // namespace |
| 403 | 403 |
| 404 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, | 404 SSLClientSocketNSS::SSLClientSocketNSS(ClientSocketHandle* transport_socket, |
| 405 const HostPortPair& host_and_port, | 405 const HostPortPair& host_and_port, |
| 406 const SSLConfig& ssl_config, | 406 const SSLConfig& ssl_config, |
| 407 SSLHostInfo* ssl_host_info, | 407 SSLHostInfo* ssl_host_info, |
| 408 CertVerifier* cert_verifier, |
| 408 DnsCertProvenanceChecker* dns_ctx) | 409 DnsCertProvenanceChecker* dns_ctx) |
| 409 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( | 410 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( |
| 410 this, &SSLClientSocketNSS::BufferSendComplete)), | 411 this, &SSLClientSocketNSS::BufferSendComplete)), |
| 411 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( | 412 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( |
| 412 this, &SSLClientSocketNSS::BufferRecvComplete)), | 413 this, &SSLClientSocketNSS::BufferRecvComplete)), |
| 413 transport_send_busy_(false), | 414 transport_send_busy_(false), |
| 414 transport_recv_busy_(false), | 415 transport_recv_busy_(false), |
| 415 corked_(false), | 416 corked_(false), |
| 416 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( | 417 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( |
| 417 this, &SSLClientSocketNSS::OnHandshakeIOComplete)), | 418 this, &SSLClientSocketNSS::OnHandshakeIOComplete)), |
| 418 transport_(transport_socket), | 419 transport_(transport_socket), |
| 419 host_and_port_(host_and_port), | 420 host_and_port_(host_and_port), |
| 420 ssl_config_(ssl_config), | 421 ssl_config_(ssl_config), |
| 421 user_connect_callback_(NULL), | 422 user_connect_callback_(NULL), |
| 422 user_read_callback_(NULL), | 423 user_read_callback_(NULL), |
| 423 user_write_callback_(NULL), | 424 user_write_callback_(NULL), |
| 424 user_read_buf_len_(0), | 425 user_read_buf_len_(0), |
| 425 user_write_buf_len_(0), | 426 user_write_buf_len_(0), |
| 426 server_cert_nss_(NULL), | 427 server_cert_nss_(NULL), |
| 427 server_cert_verify_result_(NULL), | 428 server_cert_verify_result_(NULL), |
| 428 ssl_connection_status_(0), | 429 ssl_connection_status_(0), |
| 429 client_auth_cert_needed_(false), | 430 client_auth_cert_needed_(false), |
| 431 cert_verifier_(cert_verifier), |
| 430 handshake_callback_called_(false), | 432 handshake_callback_called_(false), |
| 431 completed_handshake_(false), | 433 completed_handshake_(false), |
| 432 pseudo_connected_(false), | 434 pseudo_connected_(false), |
| 433 eset_mitm_detected_(false), | 435 eset_mitm_detected_(false), |
| 434 predicted_cert_chain_correct_(false), | 436 predicted_cert_chain_correct_(false), |
| 435 peername_initialized_(false), | 437 peername_initialized_(false), |
| 436 dnssec_provider_(NULL), | 438 dnssec_provider_(NULL), |
| 437 next_handshake_state_(STATE_NONE), | 439 next_handshake_state_(STATE_NONE), |
| 438 nss_fd_(NULL), | 440 nss_fd_(NULL), |
| 439 nss_bufs_(NULL), | 441 nss_bufs_(NULL), |
| (...skipping 2005 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2445 return ssl_host_info_->WaitForCertVerification(&handshake_io_callback_); | 2447 return ssl_host_info_->WaitForCertVerification(&handshake_io_callback_); |
| 2446 } else { | 2448 } else { |
| 2447 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); | 2449 UMA_HISTOGRAM_ENUMERATION("Net.SSLVerificationMerged", 0 /* false */, 2); |
| 2448 } | 2450 } |
| 2449 | 2451 |
| 2450 int flags = 0; | 2452 int flags = 0; |
| 2451 if (ssl_config_.rev_checking_enabled) | 2453 if (ssl_config_.rev_checking_enabled) |
| 2452 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 2454 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 2453 if (ssl_config_.verify_ev_cert) | 2455 if (ssl_config_.verify_ev_cert) |
| 2454 flags |= X509Certificate::VERIFY_EV_CERT; | 2456 flags |= X509Certificate::VERIFY_EV_CERT; |
| 2455 verifier_.reset(new CertVerifier); | 2457 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
| 2456 server_cert_verify_result_ = &local_server_cert_verify_result_; | 2458 server_cert_verify_result_ = &local_server_cert_verify_result_; |
| 2457 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 2459 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
| 2458 &local_server_cert_verify_result_, | 2460 &local_server_cert_verify_result_, |
| 2459 &handshake_io_callback_); | 2461 &handshake_io_callback_); |
| 2460 } | 2462 } |
| 2461 | 2463 |
| 2462 // Derived from AuthCertificateCallback() in | 2464 // Derived from AuthCertificateCallback() in |
| 2463 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. | 2465 // mozilla/source/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 2464 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { | 2466 int SSLClientSocketNSS::DoVerifyCertComplete(int result) { |
| 2465 verifier_.reset(); | 2467 verifier_.reset(); |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2607 case SSL_CONNECTION_VERSION_TLS1_1: | 2609 case SSL_CONNECTION_VERSION_TLS1_1: |
| 2608 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); | 2610 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); |
| 2609 break; | 2611 break; |
| 2610 case SSL_CONNECTION_VERSION_TLS1_2: | 2612 case SSL_CONNECTION_VERSION_TLS1_2: |
| 2611 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); | 2613 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); |
| 2612 break; | 2614 break; |
| 2613 }; | 2615 }; |
| 2614 } | 2616 } |
| 2615 | 2617 |
| 2616 } // namespace net | 2618 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5386001:
Cache certificate verification results in memory. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/