net/socket/ssl_client_socket_mac.cc - Issue 6250001: Merge 70858 - Disable SSL renegotiation on OS X when using system SSL and on ...

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_mac.cc

Issue 6250001: Merge 70858 - Disable SSL renegotiation on OS X when using system SSL and on ... (Closed) Base URL: svn://svn.chromium.org/chrome/branches/597/src/

Patch Set: Created 9 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_mac.cc

===================================================================

--- net/socket/ssl_client_socket_mac.cc (revision 71257)

+++ net/socket/ssl_client_socket_mac.cc (working copy)

@@ -11,9 +11,11 @@

#include <algorithm>

+#include "base/lazy_instance.h"

#include "base/mac/scoped_cftyperef.h"

#include "base/singleton.h"

#include "base/string_util.h"

+#include "base/sys_info.h"

#include "net/base/address_list.h"

#include "net/base/cert_verifier.h"

#include "net/base/io_buffer.h"

@@ -140,6 +142,27 @@

};

#endif

+// On OS X 10.5.x, SSLHandshake() is broken with respect to renegotiation

+// handshakes, and the only way to advance the handshake state machine is

+// to use SSLRead(), which transparently re-handshakes and then reads

+// application data. Using SSLRead() to pump the handshake, rather than

+// SSLHandshake(), is not presently implemented, so on 10.5.x, SSL

+// renegotiation is disabled entirely. On 10.6.x, SSLHandshake() behaves as

+// expected/documented, so renegotiation is supported.

+struct RenegotiationBroken {

+ RenegotiationBroken() : broken(false) {

+ int32 major, minor, bugfix;

+ base::SysInfo::OperatingSystemVersionNumbers(&major, &minor, &bugfix);

+ if (major < 10 || (major == 10 && minor < 6))

+ broken = true;

+ }

+ bool broken;

+};

+base::LazyInstance<RenegotiationBroken> g_renegotiation_broken(

+ base::LINKER_INITIALIZED);

// For an explanation of the Mac OS X error codes, please refer to:

// http://developer.apple.com/mac/library/documentation/Security/Reference/secureTransportRef/Reference/reference.html

int NetErrorFromOSStatus(OSStatus status) {

@@ -1114,6 +1137,9 @@

OSStatus status = SSLRead(ssl_context_, user_read_buf_->data(),

user_read_buf_len_, &processed);

if (status == errSSLWouldBlock && renegotiating_) {

+ if (g_renegotiation_broken.Get().broken)

+ return ERR_SSL_RENEGOTIATION_REQUESTED;

CHECK_EQ(static_cast<size_t>(0), processed);

next_handshake_state_ = STATE_HANDSHAKE;

return DoHandshakeLoop(OK);

« no previous file with comments | « no previous file | no next file » | no next file with comments »