| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 #include "crypto/openssl_util.h" | 23 #include "crypto/openssl_util.h" |
| 24 #include "crypto/scoped_openssl_types.h" | 24 #include "crypto/scoped_openssl_types.h" |
| 25 #include "net/base/net_errors.h" | 25 #include "net/base/net_errors.h" |
| 26 #include "net/cert/cert_verifier.h" | 26 #include "net/cert/cert_verifier.h" |
| 27 #include "net/cert/ct_verifier.h" | 27 #include "net/cert/ct_verifier.h" |
| 28 #include "net/cert/single_request_cert_verifier.h" | 28 #include "net/cert/single_request_cert_verifier.h" |
| 29 #include "net/cert/x509_certificate_net_log_param.h" | 29 #include "net/cert/x509_certificate_net_log_param.h" |
| 30 #include "net/cert/x509_util_openssl.h" | 30 #include "net/cert/x509_util_openssl.h" |
| 31 #include "net/http/transport_security_state.h" | 31 #include "net/http/transport_security_state.h" |
| 32 #include "net/socket/ssl_session_cache_openssl.h" | 32 #include "net/socket/ssl_session_cache_openssl.h" |
| 33 #include "net/ssl/openssl_ssl_util.h" | |
| 34 #include "net/ssl/ssl_cert_request_info.h" | 33 #include "net/ssl/ssl_cert_request_info.h" |
| 35 #include "net/ssl/ssl_connection_status_flags.h" | 34 #include "net/ssl/ssl_connection_status_flags.h" |
| 36 #include "net/ssl/ssl_info.h" | 35 #include "net/ssl/ssl_info.h" |
| 37 | 36 |
| 38 #if defined(OS_WIN) | 37 #if defined(OS_WIN) |
| 39 #include "base/win/windows_version.h" | 38 #include "base/win/windows_version.h" |
| 40 #endif | 39 #endif |
| 41 | 40 |
| 42 #if defined(USE_OPENSSL_CERTS) | 41 #if defined(USE_OPENSSL_CERTS) |
| 43 #include "net/ssl/openssl_client_key_store.h" | 42 #include "net/ssl/openssl_client_key_store.h" |
| (...skipping 288 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 332 } | 331 } |
| 333 | 332 |
| 334 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( | 333 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( |
| 335 scoped_ptr<ClientSocketHandle> transport_socket, | 334 scoped_ptr<ClientSocketHandle> transport_socket, |
| 336 const HostPortPair& host_and_port, | 335 const HostPortPair& host_and_port, |
| 337 const SSLConfig& ssl_config, | 336 const SSLConfig& ssl_config, |
| 338 const SSLClientSocketContext& context) | 337 const SSLClientSocketContext& context) |
| 339 : transport_send_busy_(false), | 338 : transport_send_busy_(false), |
| 340 transport_recv_busy_(false), | 339 transport_recv_busy_(false), |
| 341 pending_read_error_(kNoPendingReadResult), | 340 pending_read_error_(kNoPendingReadResult), |
| 341 pending_read_ssl_error_(SSL_ERROR_NONE), |
| 342 transport_read_error_(OK), | 342 transport_read_error_(OK), |
| 343 transport_write_error_(OK), | 343 transport_write_error_(OK), |
| 344 server_cert_chain_(new PeerCertificateChain(NULL)), | 344 server_cert_chain_(new PeerCertificateChain(NULL)), |
| 345 completed_connect_(false), | 345 completed_connect_(false), |
| 346 was_ever_used_(false), | 346 was_ever_used_(false), |
| 347 client_auth_cert_needed_(false), | 347 client_auth_cert_needed_(false), |
| 348 cert_verifier_(context.cert_verifier), | 348 cert_verifier_(context.cert_verifier), |
| 349 cert_transparency_verifier_(context.cert_transparency_verifier), | 349 cert_transparency_verifier_(context.cert_transparency_verifier), |
| 350 channel_id_service_(context.channel_id_service), | 350 channel_id_service_(context.channel_id_service), |
| 351 ssl_(NULL), | 351 ssl_(NULL), |
| (...skipping 138 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 490 | 490 |
| 491 user_connect_callback_.Reset(); | 491 user_connect_callback_.Reset(); |
| 492 user_read_callback_.Reset(); | 492 user_read_callback_.Reset(); |
| 493 user_write_callback_.Reset(); | 493 user_write_callback_.Reset(); |
| 494 user_read_buf_ = NULL; | 494 user_read_buf_ = NULL; |
| 495 user_read_buf_len_ = 0; | 495 user_read_buf_len_ = 0; |
| 496 user_write_buf_ = NULL; | 496 user_write_buf_ = NULL; |
| 497 user_write_buf_len_ = 0; | 497 user_write_buf_len_ = 0; |
| 498 | 498 |
| 499 pending_read_error_ = kNoPendingReadResult; | 499 pending_read_error_ = kNoPendingReadResult; |
| 500 pending_read_ssl_error_ = SSL_ERROR_NONE; |
| 501 pending_read_error_info_ = OpenSSLErrorInfo(); |
| 502 |
| 500 transport_read_error_ = OK; | 503 transport_read_error_ = OK; |
| 501 transport_write_error_ = OK; | 504 transport_write_error_ = OK; |
| 502 | 505 |
| 503 server_cert_verify_result_.Reset(); | 506 server_cert_verify_result_.Reset(); |
| 504 completed_connect_ = false; | 507 completed_connect_ = false; |
| 505 | 508 |
| 506 cert_authorities_.clear(); | 509 cert_authorities_.clear(); |
| 507 cert_key_types_.clear(); | 510 cert_key_types_.clear(); |
| 508 client_auth_cert_needed_ = false; | 511 client_auth_cert_needed_ = false; |
| 509 | 512 |
| (...skipping 803 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1313 int SSLClientSocketOpenSSL::DoPayloadRead() { | 1316 int SSLClientSocketOpenSSL::DoPayloadRead() { |
| 1314 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 1317 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 1315 | 1318 |
| 1316 int rv; | 1319 int rv; |
| 1317 if (pending_read_error_ != kNoPendingReadResult) { | 1320 if (pending_read_error_ != kNoPendingReadResult) { |
| 1318 rv = pending_read_error_; | 1321 rv = pending_read_error_; |
| 1319 pending_read_error_ = kNoPendingReadResult; | 1322 pending_read_error_ = kNoPendingReadResult; |
| 1320 if (rv == 0) { | 1323 if (rv == 0) { |
| 1321 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, | 1324 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, |
| 1322 rv, user_read_buf_->data()); | 1325 rv, user_read_buf_->data()); |
| 1326 } else { |
| 1327 net_log_.AddEvent( |
| 1328 NetLog::TYPE_SSL_READ_ERROR, |
| 1329 CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, |
| 1330 pending_read_error_info_)); |
| 1323 } | 1331 } |
| 1332 pending_read_ssl_error_ = SSL_ERROR_NONE; |
| 1333 pending_read_error_info_ = OpenSSLErrorInfo(); |
| 1324 return rv; | 1334 return rv; |
| 1325 } | 1335 } |
| 1326 | 1336 |
| 1327 int total_bytes_read = 0; | 1337 int total_bytes_read = 0; |
| 1328 do { | 1338 do { |
| 1329 rv = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read, | 1339 rv = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read, |
| 1330 user_read_buf_len_ - total_bytes_read); | 1340 user_read_buf_len_ - total_bytes_read); |
| 1331 if (rv > 0) | 1341 if (rv > 0) |
| 1332 total_bytes_read += rv; | 1342 total_bytes_read += rv; |
| 1333 } while (total_bytes_read < user_read_buf_len_ && rv > 0); | 1343 } while (total_bytes_read < user_read_buf_len_ && rv > 0); |
| (...skipping 14 matching lines...) Expand all Loading... |
| 1348 int *next_result = &rv; | 1358 int *next_result = &rv; |
| 1349 if (total_bytes_read > 0) { | 1359 if (total_bytes_read > 0) { |
| 1350 pending_read_error_ = rv; | 1360 pending_read_error_ = rv; |
| 1351 rv = total_bytes_read; | 1361 rv = total_bytes_read; |
| 1352 next_result = &pending_read_error_; | 1362 next_result = &pending_read_error_; |
| 1353 } | 1363 } |
| 1354 | 1364 |
| 1355 if (client_auth_cert_needed_) { | 1365 if (client_auth_cert_needed_) { |
| 1356 *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 1366 *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 1357 } else if (*next_result < 0) { | 1367 } else if (*next_result < 0) { |
| 1358 int err = SSL_get_error(ssl_, *next_result); | 1368 pending_read_ssl_error_ = SSL_get_error(ssl_, *next_result); |
| 1359 *next_result = MapOpenSSLError(err, err_tracer); | 1369 *next_result = MapOpenSSLErrorWithDetails(pending_read_ssl_error_, |
| 1370 err_tracer, |
| 1371 &pending_read_error_info_); |
| 1360 | 1372 |
| 1361 // Many servers do not reliably send a close_notify alert when shutting | 1373 // Many servers do not reliably send a close_notify alert when shutting |
| 1362 // down a connection, and instead terminate the TCP connection. This is | 1374 // down a connection, and instead terminate the TCP connection. This is |
| 1363 // reported as ERR_CONNECTION_CLOSED. Because of this, map the unclean | 1375 // reported as ERR_CONNECTION_CLOSED. Because of this, map the unclean |
| 1364 // shutdown to a graceful EOF, instead of treating it as an error as it | 1376 // shutdown to a graceful EOF, instead of treating it as an error as it |
| 1365 // should be. | 1377 // should be. |
| 1366 if (*next_result == ERR_CONNECTION_CLOSED) | 1378 if (*next_result == ERR_CONNECTION_CLOSED) |
| 1367 *next_result = 0; | 1379 *next_result = 0; |
| 1368 | 1380 |
| 1369 if (rv > 0 && *next_result == ERR_IO_PENDING) { | 1381 if (rv > 0 && *next_result == ERR_IO_PENDING) { |
| 1370 // If at least some data was read from SSL_read(), do not treat | 1382 // If at least some data was read from SSL_read(), do not treat |
| 1371 // insufficient data as an error to return in the next call to | 1383 // insufficient data as an error to return in the next call to |
| 1372 // DoPayloadRead() - instead, let the call fall through to check | 1384 // DoPayloadRead() - instead, let the call fall through to check |
| 1373 // SSL_read() again. This is because DoTransportIO() may complete | 1385 // SSL_read() again. This is because DoTransportIO() may complete |
| 1374 // in between the next call to DoPayloadRead(), and thus it is | 1386 // in between the next call to DoPayloadRead(), and thus it is |
| 1375 // important to check SSL_read() on subsequent invocations to see | 1387 // important to check SSL_read() on subsequent invocations to see |
| 1376 // if a complete record may now be read. | 1388 // if a complete record may now be read. |
| 1377 *next_result = kNoPendingReadResult; | 1389 *next_result = kNoPendingReadResult; |
| 1378 } | 1390 } |
| 1379 } | 1391 } |
| 1380 } | 1392 } |
| 1381 | 1393 |
| 1382 if (rv >= 0) { | 1394 if (rv >= 0) { |
| 1383 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, | 1395 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, |
| 1384 user_read_buf_->data()); | 1396 user_read_buf_->data()); |
| 1397 } else if (rv != ERR_IO_PENDING) { |
| 1398 net_log_.AddEvent( |
| 1399 NetLog::TYPE_SSL_READ_ERROR, |
| 1400 CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, |
| 1401 pending_read_error_info_)); |
| 1402 pending_read_ssl_error_ = SSL_ERROR_NONE; |
| 1403 pending_read_error_info_ = OpenSSLErrorInfo(); |
| 1385 } | 1404 } |
| 1386 return rv; | 1405 return rv; |
| 1387 } | 1406 } |
| 1388 | 1407 |
| 1389 int SSLClientSocketOpenSSL::DoPayloadWrite() { | 1408 int SSLClientSocketOpenSSL::DoPayloadWrite() { |
| 1390 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 1409 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 1391 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); | 1410 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); |
| 1392 if (rv >= 0) { | 1411 if (rv >= 0) { |
| 1393 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 1412 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
| 1394 user_write_buf_->data()); | 1413 user_write_buf_->data()); |
| 1395 return rv; | 1414 return rv; |
| 1396 } | 1415 } |
| 1397 | 1416 |
| 1398 int err = SSL_get_error(ssl_, rv); | 1417 int ssl_error = SSL_get_error(ssl_, rv); |
| 1399 return MapOpenSSLError(err, err_tracer); | 1418 OpenSSLErrorInfo error_info; |
| 1419 int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, |
| 1420 &error_info); |
| 1421 |
| 1422 if (net_error != ERR_IO_PENDING) { |
| 1423 net_log_.AddEvent( |
| 1424 NetLog::TYPE_SSL_WRITE_ERROR, |
| 1425 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| 1426 } |
| 1427 return net_error; |
| 1400 } | 1428 } |
| 1401 | 1429 |
| 1402 int SSLClientSocketOpenSSL::BufferSend(void) { | 1430 int SSLClientSocketOpenSSL::BufferSend(void) { |
| 1403 if (transport_send_busy_) | 1431 if (transport_send_busy_) |
| 1404 return ERR_IO_PENDING; | 1432 return ERR_IO_PENDING; |
| 1405 | 1433 |
| 1406 if (!send_buffer_.get()) { | 1434 if (!send_buffer_.get()) { |
| 1407 // Get a fresh send buffer out of the send BIO. | 1435 // Get a fresh send buffer out of the send BIO. |
| 1408 size_t max_read = BIO_pending(transport_bio_); | 1436 size_t max_read = BIO_pending(transport_bio_); |
| 1409 if (!max_read) | 1437 if (!max_read) |
| (...skipping 364 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1774 ct::SCT_STATUS_LOG_UNKNOWN)); | 1802 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 1775 } | 1803 } |
| 1776 } | 1804 } |
| 1777 | 1805 |
| 1778 scoped_refptr<X509Certificate> | 1806 scoped_refptr<X509Certificate> |
| 1779 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1807 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1780 return server_cert_; | 1808 return server_cert_; |
| 1781 } | 1809 } |
| 1782 | 1810 |
| 1783 } // namespace net | 1811 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 651183004:
Log SSL_READ_ERROR and SSL_WRITE_ERROR in SSLClientSocketOpenSSL. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master