OLD | NEW |
---|---|
1 // Copyright (c) 2008-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2008-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_mac.h" | 5 #include "net/socket/ssl_client_socket_mac.h" |
6 | 6 |
7 #include <CoreServices/CoreServices.h> | 7 #include <CoreServices/CoreServices.h> |
8 | 8 |
9 #include "base/scoped_cftyperef.h" | 9 #include "base/scoped_cftyperef.h" |
10 #include "base/singleton.h" | 10 #include "base/singleton.h" |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
93 namespace net { | 93 namespace net { |
94 | 94 |
95 namespace { | 95 namespace { |
96 | 96 |
97 #if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_5 | 97 #if MAC_OS_X_VERSION_MAX_ALLOWED <= MAC_OS_X_VERSION_10_5 |
98 // Declarations needed to call the 10.5.7 and later SSLSetSessionOption() | 98 // Declarations needed to call the 10.5.7 and later SSLSetSessionOption() |
99 // function when building with the 10.5.0 SDK. | 99 // function when building with the 10.5.0 SDK. |
100 typedef enum { | 100 typedef enum { |
101 kSSLSessionOptionBreakOnServerAuth, | 101 kSSLSessionOptionBreakOnServerAuth, |
102 kSSLSessionOptionBreakOnCertRequested, | 102 kSSLSessionOptionBreakOnCertRequested, |
103 } SSLSetSessionOptionType; | 103 } SSLSessionOption; |
104 | 104 |
105 enum { | 105 enum { |
106 errSSLServerAuthCompleted = -9841, | 106 errSSLServerAuthCompleted = -9841, |
107 errSSLClientCertRequested = -9842, | 107 errSSLClientCertRequested = -9842, |
108 }; | 108 }; |
109 | 109 |
110 // When compiled against the Mac OS X 10.5 SDK, define symbolic constants for | 110 // When compiled against the Mac OS X 10.5 SDK, define symbolic constants for |
111 // cipher suites added in Mac OS X 10.6. | 111 // cipher suites added in Mac OS X 10.6. |
112 enum { | 112 enum { |
113 // ECC cipher suites from RFC 4492. | 113 // ECC cipher suites from RFC 4492. |
(...skipping 19 matching lines...) Expand all Loading... | |
133 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, | 133 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0xC014, |
134 TLS_ECDH_anon_WITH_NULL_SHA = 0xC015, | 134 TLS_ECDH_anon_WITH_NULL_SHA = 0xC015, |
135 TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016, | 135 TLS_ECDH_anon_WITH_RC4_128_SHA = 0xC016, |
136 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017, | 136 TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA = 0xC017, |
137 TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, | 137 TLS_ECDH_anon_WITH_AES_128_CBC_SHA = 0xC018, |
138 TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019, | 138 TLS_ECDH_anon_WITH_AES_256_CBC_SHA = 0xC019, |
139 }; | 139 }; |
140 #endif | 140 #endif |
141 | 141 |
142 typedef OSStatus (*SSLSetSessionOptionFuncPtr)(SSLContextRef, | 142 typedef OSStatus (*SSLSetSessionOptionFuncPtr)(SSLContextRef, |
143 SSLSetSessionOptionType, | 143 SSLSessionOption, |
144 Boolean); | 144 Boolean); |
145 // For an explanation of the Mac OS X error codes, please refer to: | 145 // For an explanation of the Mac OS X error codes, please refer to: |
146 // http://developer.apple.com/mac/library/documentation/Security/Reference/secur eTransportRef/Reference/reference.html | 146 // http://developer.apple.com/mac/library/documentation/Security/Reference/secur eTransportRef/Reference/reference.html |
147 int NetErrorFromOSStatus(OSStatus status) { | 147 int NetErrorFromOSStatus(OSStatus status) { |
148 switch (status) { | 148 switch (status) { |
149 case errSSLWouldBlock: | 149 case errSSLWouldBlock: |
150 return ERR_IO_PENDING; | 150 return ERR_IO_PENDING; |
151 case errSSLBadCipherSuite: | 151 case errSSLBadCipherSuite: |
152 case errSSLBadConfiguration: | 152 case errSSLBadConfiguration: |
153 return ERR_INVALID_ARGUMENT; | 153 return ERR_INVALID_ARGUMENT; |
(...skipping 565 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
719 // the server certificate and then re-enter that handshake (assuming the | 719 // the server certificate and then re-enter that handshake (assuming the |
720 // certificate successfully validated). | 720 // certificate successfully validated). |
721 // | 721 // |
722 // If SSLSetSessionOption() is not present, we do not enable session | 722 // If SSLSetSessionOption() is not present, we do not enable session |
723 // resumption, because in that case we are verifying the server's certificate | 723 // resumption, because in that case we are verifying the server's certificate |
724 // after the handshake completes (but before any application data is | 724 // after the handshake completes (but before any application data is |
725 // exchanged). If we were to enable session resumption in this situation, | 725 // exchanged). If we were to enable session resumption in this situation, |
726 // the session would be cached before we verified the certificate, leaving | 726 // the session would be cached before we verified the certificate, leaving |
727 // the potential for a session in which the certificate failed to validate | 727 // the potential for a session in which the certificate failed to validate |
728 // to still be able to be resumed. | 728 // to still be able to be resumed. |
729 SSLSetSessionOptionFuncPtr ssl_set_session_options = | 729 SSLSetSessionOptionFuncPtr ssl_set_session_options = |
Mark Mentovai
2010/02/19 17:50:37
On an unrelated note, you should really consider m
Jens Alfke
2010/02/19 18:42:45
Good point, since function lookup could be slow. W
| |
730 LookupFunction<SSLSetSessionOptionFuncPtr>(CFSTR("com.apple.security"), | 730 LookupFunction<SSLSetSessionOptionFuncPtr>(CFSTR("com.apple.security"), |
731 CFSTR("SSLSetSessionOption")); | 731 CFSTR("SSLSetSessionOption")); |
732 if (ssl_set_session_options) { | 732 if (ssl_set_session_options) { |
733 status = ssl_set_session_options(ssl_context_, | 733 status = ssl_set_session_options(ssl_context_, |
734 kSSLSessionOptionBreakOnServerAuth, | 734 kSSLSessionOptionBreakOnServerAuth, |
735 true); | 735 true); |
736 if (!status) | 736 if (!status) |
737 status = ssl_set_session_options(ssl_context_, | 737 status = ssl_set_session_options(ssl_context_, |
738 kSSLSessionOptionBreakOnCertRequested, | 738 kSSLSessionOptionBreakOnCertRequested, |
739 true); | 739 true); |
(...skipping 424 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1164 if (rv < 0 && rv != ERR_IO_PENDING) { | 1164 if (rv < 0 && rv != ERR_IO_PENDING) { |
1165 us->write_io_buf_ = NULL; | 1165 us->write_io_buf_ = NULL; |
1166 return OSStatusFromNetError(rv); | 1166 return OSStatusFromNetError(rv); |
1167 } | 1167 } |
1168 | 1168 |
1169 // always lie to our caller | 1169 // always lie to our caller |
1170 return noErr; | 1170 return noErr; |
1171 } | 1171 } |
1172 | 1172 |
1173 } // namespace net | 1173 } // namespace net |
OLD | NEW |