OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_win.h" | 5 #include "net/socket/ssl_client_socket_win.h" |
6 | 6 |
7 #include <schnlsp.h> | 7 #include <schnlsp.h> |
8 #include <map> | 8 #include <map> |
9 | 9 |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
(...skipping 352 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
363 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to | 363 // Ciphertext is decrypted one SSL record at a time, so recv_buffer_ needs to |
364 // have room for a full SSL record, with the header and trailer. Here is the | 364 // have room for a full SSL record, with the header and trailer. Here is the |
365 // breakdown of the size: | 365 // breakdown of the size: |
366 // 5: SSL record header | 366 // 5: SSL record header |
367 // 16K: SSL record maximum size | 367 // 16K: SSL record maximum size |
368 // 64: >= SSL record trailer (16 or 20 have been observed) | 368 // 64: >= SSL record trailer (16 or 20 have been observed) |
369 static const int kRecvBufferSize = (5 + 16*1024 + 64); | 369 static const int kRecvBufferSize = (5 + 16*1024 + 64); |
370 | 370 |
371 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket, | 371 SSLClientSocketWin::SSLClientSocketWin(ClientSocketHandle* transport_socket, |
372 const HostPortPair& host_and_port, | 372 const HostPortPair& host_and_port, |
373 const SSLConfig& ssl_config) | 373 const SSLConfig& ssl_config, |
| 374 CertVerifier* cert_verifier) |
374 : ALLOW_THIS_IN_INITIALIZER_LIST( | 375 : ALLOW_THIS_IN_INITIALIZER_LIST( |
375 handshake_io_callback_(this, | 376 handshake_io_callback_(this, |
376 &SSLClientSocketWin::OnHandshakeIOComplete)), | 377 &SSLClientSocketWin::OnHandshakeIOComplete)), |
377 ALLOW_THIS_IN_INITIALIZER_LIST( | 378 ALLOW_THIS_IN_INITIALIZER_LIST( |
378 read_callback_(this, &SSLClientSocketWin::OnReadComplete)), | 379 read_callback_(this, &SSLClientSocketWin::OnReadComplete)), |
379 ALLOW_THIS_IN_INITIALIZER_LIST( | 380 ALLOW_THIS_IN_INITIALIZER_LIST( |
380 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)), | 381 write_callback_(this, &SSLClientSocketWin::OnWriteComplete)), |
381 transport_(transport_socket), | 382 transport_(transport_socket), |
382 host_and_port_(host_and_port), | 383 host_and_port_(host_and_port), |
383 ssl_config_(ssl_config), | 384 ssl_config_(ssl_config), |
384 user_connect_callback_(NULL), | 385 user_connect_callback_(NULL), |
385 user_read_callback_(NULL), | 386 user_read_callback_(NULL), |
386 user_read_buf_len_(0), | 387 user_read_buf_len_(0), |
387 user_write_callback_(NULL), | 388 user_write_callback_(NULL), |
388 user_write_buf_len_(0), | 389 user_write_buf_len_(0), |
389 next_state_(STATE_NONE), | 390 next_state_(STATE_NONE), |
| 391 cert_verifier_(cert_verifier), |
390 creds_(NULL), | 392 creds_(NULL), |
391 isc_status_(SEC_E_OK), | 393 isc_status_(SEC_E_OK), |
392 payload_send_buffer_len_(0), | 394 payload_send_buffer_len_(0), |
393 bytes_sent_(0), | 395 bytes_sent_(0), |
394 decrypted_ptr_(NULL), | 396 decrypted_ptr_(NULL), |
395 bytes_decrypted_(0), | 397 bytes_decrypted_(0), |
396 received_ptr_(NULL), | 398 received_ptr_(NULL), |
397 bytes_received_(0), | 399 bytes_received_(0), |
398 writing_first_token_(false), | 400 writing_first_token_(false), |
399 ignore_ok_result_(false), | 401 ignore_ok_result_(false), |
(...skipping 711 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1111 int SSLClientSocketWin::DoVerifyCert() { | 1113 int SSLClientSocketWin::DoVerifyCert() { |
1112 next_state_ = STATE_VERIFY_CERT_COMPLETE; | 1114 next_state_ = STATE_VERIFY_CERT_COMPLETE; |
1113 | 1115 |
1114 DCHECK(server_cert_); | 1116 DCHECK(server_cert_); |
1115 | 1117 |
1116 int flags = 0; | 1118 int flags = 0; |
1117 if (ssl_config_.rev_checking_enabled) | 1119 if (ssl_config_.rev_checking_enabled) |
1118 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 1120 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
1119 if (ssl_config_.verify_ev_cert) | 1121 if (ssl_config_.verify_ev_cert) |
1120 flags |= X509Certificate::VERIFY_EV_CERT; | 1122 flags |= X509Certificate::VERIFY_EV_CERT; |
1121 verifier_.reset(new CertVerifier); | 1123 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
1122 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 1124 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
1123 &server_cert_verify_result_, | 1125 &server_cert_verify_result_, |
1124 &handshake_io_callback_); | 1126 &handshake_io_callback_); |
1125 } | 1127 } |
1126 | 1128 |
1127 int SSLClientSocketWin::DoVerifyCertComplete(int result) { | 1129 int SSLClientSocketWin::DoVerifyCertComplete(int result) { |
1128 DCHECK(verifier_.get()); | 1130 DCHECK(verifier_.get()); |
1129 verifier_.reset(); | 1131 verifier_.reset(); |
1130 | 1132 |
1131 // If we have been explicitly told to accept this certificate, override the | 1133 // If we have been explicitly told to accept this certificate, override the |
(...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1505 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); | 1507 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); |
1506 } | 1508 } |
1507 | 1509 |
1508 void SSLClientSocketWin::FreeSendBuffer() { | 1510 void SSLClientSocketWin::FreeSendBuffer() { |
1509 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); | 1511 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); |
1510 DCHECK(status == SEC_E_OK); | 1512 DCHECK(status == SEC_E_OK); |
1511 memset(&send_buffer_, 0, sizeof(send_buffer_)); | 1513 memset(&send_buffer_, 0, sizeof(send_buffer_)); |
1512 } | 1514 } |
1513 | 1515 |
1514 } // namespace net | 1516 } // namespace net |
OLD | NEW |