Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(235)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/openssl_ssl_util.cc

Issue 598043002: Map SSL errors to SSL_PROTOCOL_ERROR, others to FAILED. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/openssl_ssl_util.h" 5 #include "net/ssl/openssl_ssl_util.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 8
9 #include <openssl/err.h> 9 #include <openssl/err.h>
10 #include <openssl/ssl.h> 10 #include <openssl/ssl.h>
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after
136 case SSL_R_TLSV1_ALERT_USER_CANCELLED: 136 case SSL_R_TLSV1_ALERT_USER_CANCELLED:
137 return ERR_SSL_PROTOCOL_ERROR; 137 return ERR_SSL_PROTOCOL_ERROR;
138 case SSL_R_CERTIFICATE_VERIFY_FAILED: 138 case SSL_R_CERTIFICATE_VERIFY_FAILED:
139 // The only way that the certificate verify callback can fail is if 139 // The only way that the certificate verify callback can fail is if
140 // the leaf certificate changed during a renegotiation. 140 // the leaf certificate changed during a renegotiation.
141 return ERR_SSL_SERVER_CERT_CHANGED; 141 return ERR_SSL_SERVER_CERT_CHANGED;
142 case SSL_AD_REASON_OFFSET + SSL3_AD_INAPPROPRIATE_FALLBACK: 142 case SSL_AD_REASON_OFFSET + SSL3_AD_INAPPROPRIATE_FALLBACK:
143 return ERR_SSL_INAPPROPRIATE_FALLBACK; 143 return ERR_SSL_INAPPROPRIATE_FALLBACK;
144 default: 144 default:
145 LOG(WARNING) << "Unmapped error reason: " << ERR_GET_REASON(error_code); 145 LOG(WARNING) << "Unmapped error reason: " << ERR_GET_REASON(error_code);
146 return ERR_FAILED; 146 return ERR_SSL_PROTOCOL_ERROR;
147 } 147 }
148 } 148 }
149 149
150 base::Value* NetLogOpenSSLErrorCallback(int net_error, 150 base::Value* NetLogOpenSSLErrorCallback(int net_error,
151 int ssl_error, 151 int ssl_error,
152 const OpenSSLErrorInfo& error_info, 152 const OpenSSLErrorInfo& error_info,
153 NetLog::LogLevel /* log_level */) { 153 NetLog::LogLevel /* log_level */) {
154 base::DictionaryValue* dict = new base::DictionaryValue(); 154 base::DictionaryValue* dict = new base::DictionaryValue();
155 dict->SetInteger("net_error", net_error); 155 dict->SetInteger("net_error", net_error);
156 dict->SetInteger("ssl_error", ssl_error); 156 dict->SetInteger("ssl_error", ssl_error);
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
190 *out_error_info = OpenSSLErrorInfo(); 190 *out_error_info = OpenSSLErrorInfo();
191 191
192 switch (err) { 192 switch (err) {
193 case SSL_ERROR_WANT_READ: 193 case SSL_ERROR_WANT_READ:
194 case SSL_ERROR_WANT_WRITE: 194 case SSL_ERROR_WANT_WRITE:
195 return ERR_IO_PENDING; 195 return ERR_IO_PENDING;
196 case SSL_ERROR_SYSCALL: 196 case SSL_ERROR_SYSCALL:
197 LOG(ERROR) << "OpenSSL SYSCALL error, earliest error code in " 197 LOG(ERROR) << "OpenSSL SYSCALL error, earliest error code in "
198 "error queue: " << ERR_peek_error() << ", errno: " 198 "error queue: " << ERR_peek_error() << ", errno: "
199 << errno; 199 << errno;
200 return ERR_SSL_PROTOCOL_ERROR; 200 return ERR_FAILED;
201 case SSL_ERROR_SSL: 201 case SSL_ERROR_SSL:
202 // Walk down the error stack to find an SSL or net error. 202 // Walk down the error stack to find an SSL or net error.
203 uint32_t error_code; 203 uint32_t error_code;
204 const char* file; 204 const char* file;
205 int line; 205 int line;
206 do { 206 do {
207 error_code = ERR_get_error_line(&file, &line); 207 error_code = ERR_get_error_line(&file, &line);
208 if (ERR_GET_LIB(error_code) == ERR_LIB_SSL) { 208 if (ERR_GET_LIB(error_code) == ERR_LIB_SSL) {
209 out_error_info->error_code = error_code; 209 out_error_info->error_code = error_code;
210 out_error_info->file = file; 210 out_error_info->file = file;
211 out_error_info->line = line; 211 out_error_info->line = line;
212 return MapOpenSSLErrorSSL(error_code); 212 return MapOpenSSLErrorSSL(error_code);
213 } else if (ERR_GET_LIB(error_code) == OpenSSLNetErrorLib()) { 213 } else if (ERR_GET_LIB(error_code) == OpenSSLNetErrorLib()) {
214 out_error_info->error_code = error_code; 214 out_error_info->error_code = error_code;
215 out_error_info->file = file; 215 out_error_info->file = file;
216 out_error_info->line = line; 216 out_error_info->line = line;
217 // Net error codes are negative but encoded in OpenSSL as positive 217 // Net error codes are negative but encoded in OpenSSL as positive
218 // numbers. 218 // numbers.
219 return -ERR_GET_REASON(error_code); 219 return -ERR_GET_REASON(error_code);
220 } 220 }
221 } while (error_code != 0); 221 } while (error_code != 0);
222 return ERR_SSL_PROTOCOL_ERROR; 222 return ERR_FAILED;
223 default: 223 default:
224 // TODO(joth): Implement full mapping. 224 // TODO(joth): Implement full mapping.
225 LOG(WARNING) << "Unknown OpenSSL error " << err; 225 LOG(WARNING) << "Unknown OpenSSL error " << err;
226 return ERR_SSL_PROTOCOL_ERROR; 226 return ERR_SSL_PROTOCOL_ERROR;
227 } 227 }
228 } 228 }
229 229
230 NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback( 230 NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(
231 int net_error, 231 int net_error,
232 int ssl_error, 232 int ssl_error,
233 const OpenSSLErrorInfo& error_info) { 233 const OpenSSLErrorInfo& error_info) {
234 return base::Bind(&NetLogOpenSSLErrorCallback, 234 return base::Bind(&NetLogOpenSSLErrorCallback,
235 net_error, ssl_error, error_info); 235 net_error, ssl_error, error_info);
236 } 236 }
237 237
238 } // namespace net 238 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698