Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(538)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 669198: SSLClientSocketNSS::ClientAuthHandler should return SECWouldBlock instead of SECFailure... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 10 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 1132 matching lines...) Expand 10 before | Expand all | Expand 10 after
1143 that->client_certs_.push_back(x509_cert); 1143 that->client_certs_.push_back(x509_cert);
1144 SECKEY_DestroyPrivateKey(privkey); 1144 SECKEY_DestroyPrivateKey(privkey);
1145 continue; 1145 continue;
1146 } 1146 }
1147 } 1147 }
1148 CERT_DestroyCertificate(cert); 1148 CERT_DestroyCertificate(cert);
1149 } 1149 }
1150 CERT_FreeNicknames(names); 1150 CERT_FreeNicknames(names);
1151 } 1151 }
1152 1152
1153 return SECFailure; 1153 // Tell NSS to suspend the client authentication. We will then abort the
1154 // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
1155 return SECWouldBlock;
1154 #endif 1156 #endif
1155 } 1157 }
1156 1158
1157 // static 1159 // static
1158 // NSS calls this when handshake is completed. 1160 // NSS calls this when handshake is completed.
1159 // After the SSL handshake is finished, use CertVerifier to verify 1161 // After the SSL handshake is finished, use CertVerifier to verify
1160 // the saved server certificate. 1162 // the saved server certificate.
1161 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, 1163 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket,
1162 void* arg) { 1164 void* arg) {
1163 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); 1165 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
1279 // need to call verifier_.Verify repeatedly. But for now we need to do this. 1281 // need to call verifier_.Verify repeatedly. But for now we need to do this.
1280 // Alternatively, we could use the cert's status that we stored along with 1282 // Alternatively, we could use the cert's status that we stored along with
1281 // the cert in the allowed_bad_certs vector. 1283 // the cert in the allowed_bad_certs vector.
1282 if (IsCertificateError(result) && 1284 if (IsCertificateError(result) &&
1283 ssl_config_.IsAllowedBadCert(server_cert_)) { 1285 ssl_config_.IsAllowedBadCert(server_cert_)) {
1284 LOG(INFO) << "accepting bad SSL certificate, as user told us to"; 1286 LOG(INFO) << "accepting bad SSL certificate, as user told us to";
1285 result = OK; 1287 result = OK;
1286 } 1288 }
1287 1289
1288 completed_handshake_ = true; 1290 completed_handshake_ = true;
1289 // TODO(ukai): we may not need this call because it is now harmless to have an 1291 // TODO(ukai): we may not need this call because it is now harmless to have a
1290 // session with a bad cert. 1292 // session with a bad cert.
1291 InvalidateSessionIfBadCertificate(); 1293 InvalidateSessionIfBadCertificate();
1292 // Exit DoHandshakeLoop and return the result to the caller to Connect. 1294 // Exit DoHandshakeLoop and return the result to the caller to Connect.
1293 DCHECK(next_handshake_state_ == STATE_NONE); 1295 DCHECK(next_handshake_state_ == STATE_NONE);
1294 return result; 1296 return result;
1295 } 1297 }
1296 1298
1297 int SSLClientSocketNSS::DoPayloadRead() { 1299 int SSLClientSocketNSS::DoPayloadRead() {
1298 EnterFunction(user_read_buf_len_); 1300 EnterFunction(user_read_buf_len_);
1299 DCHECK(user_read_buf_); 1301 DCHECK(user_read_buf_);
(...skipping 30 matching lines...) Expand all
1330 } 1332 }
1331 PRErrorCode prerr = PR_GetError(); 1333 PRErrorCode prerr = PR_GetError();
1332 if (prerr == PR_WOULD_BLOCK_ERROR) { 1334 if (prerr == PR_WOULD_BLOCK_ERROR) {
1333 return ERR_IO_PENDING; 1335 return ERR_IO_PENDING;
1334 } 1336 }
1335 LeaveFunction(""); 1337 LeaveFunction("");
1336 return MapNSPRError(prerr); 1338 return MapNSPRError(prerr);
1337 } 1339 }
1338 1340
1339 } // namespace net 1341 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698