OLD | NEW |
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 1132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1143 that->client_certs_.push_back(x509_cert); | 1143 that->client_certs_.push_back(x509_cert); |
1144 SECKEY_DestroyPrivateKey(privkey); | 1144 SECKEY_DestroyPrivateKey(privkey); |
1145 continue; | 1145 continue; |
1146 } | 1146 } |
1147 } | 1147 } |
1148 CERT_DestroyCertificate(cert); | 1148 CERT_DestroyCertificate(cert); |
1149 } | 1149 } |
1150 CERT_FreeNicknames(names); | 1150 CERT_FreeNicknames(names); |
1151 } | 1151 } |
1152 | 1152 |
1153 return SECFailure; | 1153 // Tell NSS to suspend the client authentication. We will then abort the |
| 1154 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. |
| 1155 return SECWouldBlock; |
1154 #endif | 1156 #endif |
1155 } | 1157 } |
1156 | 1158 |
1157 // static | 1159 // static |
1158 // NSS calls this when handshake is completed. | 1160 // NSS calls this when handshake is completed. |
1159 // After the SSL handshake is finished, use CertVerifier to verify | 1161 // After the SSL handshake is finished, use CertVerifier to verify |
1160 // the saved server certificate. | 1162 // the saved server certificate. |
1161 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, | 1163 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, |
1162 void* arg) { | 1164 void* arg) { |
1163 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); | 1165 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1279 // need to call verifier_.Verify repeatedly. But for now we need to do this. | 1281 // need to call verifier_.Verify repeatedly. But for now we need to do this. |
1280 // Alternatively, we could use the cert's status that we stored along with | 1282 // Alternatively, we could use the cert's status that we stored along with |
1281 // the cert in the allowed_bad_certs vector. | 1283 // the cert in the allowed_bad_certs vector. |
1282 if (IsCertificateError(result) && | 1284 if (IsCertificateError(result) && |
1283 ssl_config_.IsAllowedBadCert(server_cert_)) { | 1285 ssl_config_.IsAllowedBadCert(server_cert_)) { |
1284 LOG(INFO) << "accepting bad SSL certificate, as user told us to"; | 1286 LOG(INFO) << "accepting bad SSL certificate, as user told us to"; |
1285 result = OK; | 1287 result = OK; |
1286 } | 1288 } |
1287 | 1289 |
1288 completed_handshake_ = true; | 1290 completed_handshake_ = true; |
1289 // TODO(ukai): we may not need this call because it is now harmless to have an | 1291 // TODO(ukai): we may not need this call because it is now harmless to have a |
1290 // session with a bad cert. | 1292 // session with a bad cert. |
1291 InvalidateSessionIfBadCertificate(); | 1293 InvalidateSessionIfBadCertificate(); |
1292 // Exit DoHandshakeLoop and return the result to the caller to Connect. | 1294 // Exit DoHandshakeLoop and return the result to the caller to Connect. |
1293 DCHECK(next_handshake_state_ == STATE_NONE); | 1295 DCHECK(next_handshake_state_ == STATE_NONE); |
1294 return result; | 1296 return result; |
1295 } | 1297 } |
1296 | 1298 |
1297 int SSLClientSocketNSS::DoPayloadRead() { | 1299 int SSLClientSocketNSS::DoPayloadRead() { |
1298 EnterFunction(user_read_buf_len_); | 1300 EnterFunction(user_read_buf_len_); |
1299 DCHECK(user_read_buf_); | 1301 DCHECK(user_read_buf_); |
(...skipping 30 matching lines...) Expand all Loading... |
1330 } | 1332 } |
1331 PRErrorCode prerr = PR_GetError(); | 1333 PRErrorCode prerr = PR_GetError(); |
1332 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1334 if (prerr == PR_WOULD_BLOCK_ERROR) { |
1333 return ERR_IO_PENDING; | 1335 return ERR_IO_PENDING; |
1334 } | 1336 } |
1335 LeaveFunction(""); | 1337 LeaveFunction(""); |
1336 return MapNSPRError(prerr); | 1338 return MapNSPRError(prerr); |
1337 } | 1339 } |
1338 | 1340 |
1339 } // namespace net | 1341 } // namespace net |
OLD | NEW |