Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(319)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_win.cc

Issue 5386001: Cache certificate verification results in memory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Add unit tests. Ready for review. Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/socket/ssl_client_socket_win.h ('k') | net/socket/ssl_host_info.h » ('j') | net/tools/fetch/fetch_client.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_win.h" 5 #include "net/socket/ssl_client_socket_win.h"
6 6
7 #include <schnlsp.h> 7 #include <schnlsp.h>
8 #include <map> 8 #include <map>
9 9
10 #include "base/compiler_specific.h" 10 #include "base/compiler_specific.h"
(...skipping 352 matching lines...) Expand 10 before | Expand all | Expand 10 after
363 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to 363 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to
364 // have room for a full SSL record, with the header and trailer. Here is the 364 // have room for a full SSL record, with the header and trailer. Here is the
365 // breakdown of the size: 365 // breakdown of the size:
366 // 5: SSL record header 366 // 5: SSL record header
367 // 16K: SSL record maximum size 367 // 16K: SSL record maximum size
368 // 64: >= SSL record trailer (16 or 20 have been observed) 368 // 64: >= SSL record trailer (16 or 20 have been observed)
369 static const int kRecvBufferSize = (5 + 16*1024 + 64); 369 static const int kRecvBufferSize = (5 + 16*1024 + 64);
370 370
371 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket, 371 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket,
372 const HostPortPair& host_and_port, 372 const HostPortPair& host_and_port,
373 const SSLConfig& ssl_config) 373 const SSLConfig& ssl_config,
374 CertVerifier* cert_verifier)
374 : ALLOW_THIS_IN_INITIALIZER_LIST( 375 : ALLOW_THIS_IN_INITIALIZER_LIST(
375 handshake_io_callback_(this, 376 handshake_io_callback_(this,
376 &SSLClientSocketWin::OnHandshakeIOComplete)), 377 &SSLClientSocketWin::OnHandshakeIOComplete)),
377 ALLOW_THIS_IN_INITIALIZER_LIST( 378 ALLOW_THIS_IN_INITIALIZER_LIST(
378 read_callback_(this, &SSLClientSocketWin::OnReadComplete)), 379 read_callback_(this, &SSLClientSocketWin::OnReadComplete)),
379 ALLOW_THIS_IN_INITIALIZER_LIST( 380 ALLOW_THIS_IN_INITIALIZER_LIST(
380 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)), 381 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)),
381 transport_(transport_socket), 382 transport_(transport_socket),
382 host_and_port_(host_and_port), 383 host_and_port_(host_and_port),
383 ssl_config_(ssl_config), 384 ssl_config_(ssl_config),
384 user_connect_callback_(NULL), 385 user_connect_callback_(NULL),
385 user_read_callback_(NULL), 386 user_read_callback_(NULL),
386 user_read_buf_len_(0), 387 user_read_buf_len_(0),
387 user_write_callback_(NULL), 388 user_write_callback_(NULL),
388 user_write_buf_len_(0), 389 user_write_buf_len_(0),
389 next_state_(STATE_NONE), 390 next_state_(STATE_NONE),
391 cert_verifier_(cert_verifier),
390 creds_(NULL), 392 creds_(NULL),
391 isc_status_(SEC_E_OK), 393 isc_status_(SEC_E_OK),
392 payload_send_buffer_len_(0), 394 payload_send_buffer_len_(0),
393 bytes_sent_(0), 395 bytes_sent_(0),
394 decrypted_ptr_(NULL), 396 decrypted_ptr_(NULL),
395 bytes_decrypted_(0), 397 bytes_decrypted_(0),
396 received_ptr_(NULL), 398 received_ptr_(NULL),
397 bytes_received_(0), 399 bytes_received_(0),
398 writing_first_token_(false), 400 writing_first_token_(false),
399 ignore_ok_result_(false), 401 ignore_ok_result_(false),
(...skipping 711 matching lines...) Expand 10 before | Expand all | Expand 10 after
1111 int SSLClientSocketWin::DoVerifyCert() { 1113 int SSLClientSocketWin::DoVerifyCert() {
1112 next_state_ = STATE_VERIFY_CERT_COMPLETE; 1114 next_state_ = STATE_VERIFY_CERT_COMPLETE;
1113 1115
1114 DCHECK(server_cert_); 1116 DCHECK(server_cert_);
1115 1117
1116 int flags = 0; 1118 int flags = 0;
1117 if (ssl_config_.rev_checking_enabled) 1119 if (ssl_config_.rev_checking_enabled)
1118 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; 1120 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED;
1119 if (ssl_config_.verify_ev_cert) 1121 if (ssl_config_.verify_ev_cert)
1120 flags |= X509Certificate::VERIFY_EV_CERT; 1122 flags |= X509Certificate::VERIFY_EV_CERT;
1121 verifier_.reset(new CertVerifier); 1123 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_));
1122 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, 1124 return verifier_->Verify(server_cert_, host_and_port_.host(), flags,
1123 &server_cert_verify_result_, 1125 &server_cert_verify_result_,
1124 &handshake_io_callback_); 1126 &handshake_io_callback_);
1125 } 1127 }
1126 1128
1127 int SSLClientSocketWin::DoVerifyCertComplete(int result) { 1129 int SSLClientSocketWin::DoVerifyCertComplete(int result) {
1128 DCHECK(verifier_.get()); 1130 DCHECK(verifier_.get());
1129 verifier_.reset(); 1131 verifier_.reset();
1130 1132
1131 // If we have been explicitly told to accept this certificate, override the 1133 // If we have been explicitly told to accept this certificate, override the
(...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after
1505 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); 1507 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
1506 } 1508 }
1507 1509
1508 void SSLClientSocketWin::FreeSendBuffer() { 1510 void SSLClientSocketWin::FreeSendBuffer() {
1509 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); 1511 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
1510 DCHECK(status == SEC_E_OK); 1512 DCHECK(status == SEC_E_OK);
1511 memset(&send_buffer_, 0, sizeof(send_buffer_)); 1513 memset(&send_buffer_, 0, sizeof(send_buffer_));
1512 } 1514 }
1513 1515
1514 } // namespace net 1516 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_unittest.cc ('K') | « net/socket/ssl_client_socket_win.h ('k') | net/socket/ssl_host_info.h » ('j') | net/tools/fetch/fetch_client.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698