Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(505)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_openssl.cc

Issue 669813003: Update from chromium https://crrev.com/301725/ (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/ssl_server_socket_nss.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index fc74d8caa501b11c79b41d34b910693ced38ce3e..2d1830f391aa0ae8f6ac08725600af1e8ab7c77f 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -24,13 +24,13 @@
#include "crypto/scoped_openssl_types.h"
#include "net/base/net_errors.h"
#include "net/cert/cert_verifier.h"
+#include "net/cert/ct_ev_whitelist.h"
#include "net/cert/ct_verifier.h"
#include "net/cert/single_request_cert_verifier.h"
#include "net/cert/x509_certificate_net_log_param.h"
#include "net/cert/x509_util_openssl.h"
#include "net/http/transport_security_state.h"
#include "net/socket/ssl_session_cache_openssl.h"
-#include "net/ssl/openssl_ssl_util.h"
#include "net/ssl/ssl_cert_request_info.h"
#include "net/ssl/ssl_connection_status_flags.h"
#include "net/ssl/ssl_info.h"
@@ -339,6 +339,7 @@ SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
: transport_send_busy_(false),
transport_recv_busy_(false),
pending_read_error_(kNoPendingReadResult),
+ pending_read_ssl_error_(SSL_ERROR_NONE),
transport_read_error_(OK),
transport_write_error_(OK),
server_cert_chain_(new PeerCertificateChain(NULL)),
@@ -497,6 +498,9 @@ void SSLClientSocketOpenSSL::Disconnect() {
user_write_buf_len_ = 0;
pending_read_error_ = kNoPendingReadResult;
+ pending_read_ssl_error_ = SSL_ERROR_NONE;
+ pending_read_error_info_ = OpenSSLErrorInfo();
+
transport_read_error_ = OK;
transport_write_error_ = OK;
@@ -1103,6 +1107,21 @@ int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) {
result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
}
+ scoped_refptr<ct::EVCertsWhitelist> ev_whitelist =
+ SSLConfigService::GetEVCertsWhitelist();
+ if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) {
+ if (ev_whitelist.get() && ev_whitelist->IsValid()) {
+ const SHA256HashValue fingerprint(
+ X509Certificate::CalculateFingerprint256(
+ server_cert_verify_result_.verified_cert->os_cert_handle()));
+
+ UMA_HISTOGRAM_BOOLEAN(
+ "Net.SSL_EVCertificateInWhitelist",
+ ev_whitelist->ContainsCertificateHash(
+ std::string(reinterpret_cast<const char*>(fingerprint.data), 8)));
+ }
+ }
+
if (result == OK) {
// Only check Certificate Transparency if there were no other errors with
// the connection.
@@ -1320,7 +1339,14 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
if (rv == 0) {
net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED,
rv, user_read_buf_->data());
+ } else {
+ net_log_.AddEvent(
+ NetLog::TYPE_SSL_READ_ERROR,
+ CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_,
+ pending_read_error_info_));
}
+ pending_read_ssl_error_ = SSL_ERROR_NONE;
+ pending_read_error_info_ = OpenSSLErrorInfo();
return rv;
}
@@ -1355,8 +1381,10 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
if (client_auth_cert_needed_) {
*next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
} else if (*next_result < 0) {
- int err = SSL_get_error(ssl_, *next_result);
- *next_result = MapOpenSSLError(err, err_tracer);
+ pending_read_ssl_error_ = SSL_get_error(ssl_, *next_result);
+ *next_result = MapOpenSSLErrorWithDetails(pending_read_ssl_error_,
+ err_tracer,
+ &pending_read_error_info_);
// Many servers do not reliably send a close_notify alert when shutting
// down a connection, and instead terminate the TCP connection. This is
@@ -1382,6 +1410,13 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
if (rv >= 0) {
net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv,
user_read_buf_->data());
+ } else if (rv != ERR_IO_PENDING) {
+ net_log_.AddEvent(
+ NetLog::TYPE_SSL_READ_ERROR,
+ CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_,
+ pending_read_error_info_));
+ pending_read_ssl_error_ = SSL_ERROR_NONE;
+ pending_read_error_info_ = OpenSSLErrorInfo();
}
return rv;
}
@@ -1395,8 +1430,17 @@ int SSLClientSocketOpenSSL::DoPayloadWrite() {
return rv;
}
- int err = SSL_get_error(ssl_, rv);
- return MapOpenSSLError(err, err_tracer);
+ int ssl_error = SSL_get_error(ssl_, rv);
+ OpenSSLErrorInfo error_info;
+ int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer,
+ &error_info);
+
+ if (net_error != ERR_IO_PENDING) {
+ net_log_.AddEvent(
+ NetLog::TYPE_SSL_WRITE_ERROR,
+ CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
+ }
+ return net_error;
}
int SSLClientSocketOpenSSL::BufferSend(void) {
« no previous file with comments | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/ssl_server_socket_nss.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698