Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(214)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 706203003: Update from https://crrev.com/303153 (Closed) Base URL: git@github.com:domokit/mojo.git@master
Patch Set: Created 6 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/socket/ssl_server_socket_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
94 // Returns the net SSL version number (see ssl_connection_status_flags.h) for 94 // Returns the net SSL version number (see ssl_connection_status_flags.h) for
95 // this SSL connection. 95 // this SSL connection.
96 int GetNetSSLVersion(SSL* ssl) { 96 int GetNetSSLVersion(SSL* ssl) {
97 switch (SSL_version(ssl)) { 97 switch (SSL_version(ssl)) {
98 case SSL2_VERSION: 98 case SSL2_VERSION:
99 return SSL_CONNECTION_VERSION_SSL2; 99 return SSL_CONNECTION_VERSION_SSL2;
100 case SSL3_VERSION: 100 case SSL3_VERSION:
101 return SSL_CONNECTION_VERSION_SSL3; 101 return SSL_CONNECTION_VERSION_SSL3;
102 case TLS1_VERSION: 102 case TLS1_VERSION:
103 return SSL_CONNECTION_VERSION_TLS1; 103 return SSL_CONNECTION_VERSION_TLS1;
104 case 0x0302: 104 case TLS1_1_VERSION:
105 return SSL_CONNECTION_VERSION_TLS1_1; 105 return SSL_CONNECTION_VERSION_TLS1_1;
106 case 0x0303: 106 case TLS1_2_VERSION:
107 return SSL_CONNECTION_VERSION_TLS1_2; 107 return SSL_CONNECTION_VERSION_TLS1_2;
108 default: 108 default:
109 return SSL_CONNECTION_VERSION_UNKNOWN; 109 return SSL_CONNECTION_VERSION_UNKNOWN;
110 } 110 }
111 } 111 }
112 112
113 ScopedX509 OSCertHandleToOpenSSL( 113 ScopedX509 OSCertHandleToOpenSSL(
114 X509Certificate::OSCertHandle os_handle) { 114 X509Certificate::OSCertHandle os_handle) {
115 #if defined(USE_OPENSSL_CERTS) 115 #if defined(USE_OPENSSL_CERTS)
116 return ScopedX509(X509Certificate::DupOSCertHandle(os_handle)); 116 return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));
(...skipping 971 matching lines...) Expand 10 before | Expand all | Expand 10 after
1088 if (!start_cert_verification_time_.is_null()) { 1088 if (!start_cert_verification_time_.is_null()) {
1089 base::TimeDelta verify_time = 1089 base::TimeDelta verify_time =
1090 base::TimeTicks::Now() - start_cert_verification_time_; 1090 base::TimeTicks::Now() - start_cert_verification_time_;
1091 if (result == OK) { 1091 if (result == OK) {
1092 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); 1092 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time);
1093 } else { 1093 } else {
1094 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); 1094 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time);
1095 } 1095 }
1096 } 1096 }
1097 1097
1098 if (result == OK)
1099 RecordConnectionTypeMetrics(GetNetSSLVersion(ssl_));
1100
1098 const CertStatus cert_status = server_cert_verify_result_.cert_status; 1101 const CertStatus cert_status = server_cert_verify_result_.cert_status;
1099 if (transport_security_state_ && 1102 if (transport_security_state_ &&
1100 (result == OK || 1103 (result == OK ||
1101 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && 1104 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
1102 !transport_security_state_->CheckPublicKeyPins( 1105 !transport_security_state_->CheckPublicKeyPins(
1103 host_and_port_.host(), 1106 host_and_port_.host(),
1104 server_cert_verify_result_.is_issued_by_known_root, 1107 server_cert_verify_result_.is_issued_by_known_root,
1105 server_cert_verify_result_.public_key_hashes, 1108 server_cert_verify_result_.public_key_hashes,
1106 &pinning_failure_log_)) { 1109 &pinning_failure_log_)) {
1107 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 1110 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
(...skipping 710 matching lines...) Expand 10 before | Expand all | Expand 10 after
1818 ct::SCT_STATUS_LOG_UNKNOWN)); 1821 ct::SCT_STATUS_LOG_UNKNOWN));
1819 } 1822 }
1820 } 1823 }
1821 1824
1822 scoped_refptr<X509Certificate> 1825 scoped_refptr<X509Certificate>
1823 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1826 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1824 return server_cert_; 1827 return server_cert_;
1825 } 1828 }
1826 1829
1827 } // namespace net 1830 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_nss.cc ('k') | net/socket/ssl_server_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698