| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 1272 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1283 DCHECK(core->OnNSSTaskRunner()); | 1283 DCHECK(core->OnNSSTaskRunner()); |
| 1284 | 1284 |
| 1285 core->PostOrRunCallback( | 1285 core->PostOrRunCallback( |
| 1286 FROM_HERE, | 1286 FROM_HERE, |
| 1287 base::Bind(&AddLogEvent, core->weak_net_log_, | 1287 base::Bind(&AddLogEvent, core->weak_net_log_, |
| 1288 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED)); | 1288 NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED)); |
| 1289 | 1289 |
| 1290 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; | 1290 core->client_auth_cert_needed_ = !core->ssl_config_.send_client_cert; |
| 1291 #if defined(OS_WIN) | 1291 #if defined(OS_WIN) |
| 1292 if (core->ssl_config_.send_client_cert) { | 1292 if (core->ssl_config_.send_client_cert) { |
| 1293 if (core->ssl_config_.client_cert) { | 1293 if (core->ssl_config_.client_cert.get()) { |
| 1294 PCCERT_CONTEXT cert_context = | 1294 PCCERT_CONTEXT cert_context = |
| 1295 core->ssl_config_.client_cert->os_cert_handle(); | 1295 core->ssl_config_.client_cert->os_cert_handle(); |
| 1296 | 1296 |
| 1297 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0; | 1297 HCRYPTPROV_OR_NCRYPT_KEY_HANDLE crypt_prov = 0; |
| 1298 DWORD key_spec = 0; | 1298 DWORD key_spec = 0; |
| 1299 BOOL must_free = FALSE; | 1299 BOOL must_free = FALSE; |
| 1300 DWORD flags = 0; | 1300 DWORD flags = 0; |
| 1301 if (base::win::GetVersion() >= base::win::VERSION_VISTA) | 1301 if (base::win::GetVersion() >= base::win::VERSION_VISTA) |
| 1302 flags |= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; | 1302 flags |= CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG; |
| 1303 | 1303 |
| (...skipping 374 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1678 // caching in X509Certificate, this failure ends up preventing client | 1678 // caching in X509Certificate, this failure ends up preventing client |
| 1679 // certificate authentication with the same certificate for all future | 1679 // certificate authentication with the same certificate for all future |
| 1680 // attempts, even after the smart card has been re-inserted. By setting | 1680 // attempts, even after the smart card has been re-inserted. By setting |
| 1681 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will | 1681 // the CERT_KEY_PROV_HANDLE_PROP_ID to NULL, the cached HCRYPTPROV will |
| 1682 // typically be freed. This allows a new HCRYPTPROV to be obtained from | 1682 // typically be freed. This allows a new HCRYPTPROV to be obtained from |
| 1683 // the certificate on the next attempt, which should succeed if the smart | 1683 // the certificate on the next attempt, which should succeed if the smart |
| 1684 // card has been re-inserted, or will typically prompt the user to | 1684 // card has been re-inserted, or will typically prompt the user to |
| 1685 // re-insert the smart card if not. | 1685 // re-insert the smart card if not. |
| 1686 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY || | 1686 if ((net_error == ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY || |
| 1687 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) && | 1687 net_error == ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED) && |
| 1688 ssl_config_.send_client_cert && ssl_config_.client_cert) { | 1688 ssl_config_.send_client_cert && ssl_config_.client_cert.get()) { |
| 1689 CertSetCertificateContextProperty( | 1689 CertSetCertificateContextProperty( |
| 1690 ssl_config_.client_cert->os_cert_handle(), | 1690 ssl_config_.client_cert->os_cert_handle(), |
| 1691 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL); | 1691 CERT_KEY_PROV_HANDLE_PROP_ID, 0, NULL); |
| 1692 } | 1692 } |
| 1693 #endif | 1693 #endif |
| 1694 | 1694 |
| 1695 return net_error; | 1695 return net_error; |
| 1696 } | 1696 } |
| 1697 | 1697 |
| 1698 int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) { | 1698 int SSLClientSocketNSS::Core::DoHandshakeLoop(int last_io_result) { |
| (...skipping 730 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2429 UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_responses_present); | 2429 UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_responses_present); |
| 2430 if (!ocsp_responses_present) | 2430 if (!ocsp_responses_present) |
| 2431 return; | 2431 return; |
| 2432 | 2432 |
| 2433 nss_handshake_state_.stapled_ocsp_response = std::string( | 2433 nss_handshake_state_.stapled_ocsp_response = std::string( |
| 2434 reinterpret_cast<char*>(ocsp_responses->items[0].data), | 2434 reinterpret_cast<char*>(ocsp_responses->items[0].data), |
| 2435 ocsp_responses->items[0].len); | 2435 ocsp_responses->items[0].len); |
| 2436 | 2436 |
| 2437 if (IsOCSPStaplingSupported()) { | 2437 if (IsOCSPStaplingSupported()) { |
| 2438 #if defined(OS_WIN) | 2438 #if defined(OS_WIN) |
| 2439 if (nss_handshake_state_.server_cert) { | 2439 if (nss_handshake_state_.server_cert.get()) { |
| 2440 CRYPT_DATA_BLOB ocsp_response_blob; | 2440 CRYPT_DATA_BLOB ocsp_response_blob; |
| 2441 ocsp_response_blob.cbData = ocsp_responses->items[0].len; | 2441 ocsp_response_blob.cbData = ocsp_responses->items[0].len; |
| 2442 ocsp_response_blob.pbData = ocsp_responses->items[0].data; | 2442 ocsp_response_blob.pbData = ocsp_responses->items[0].data; |
| 2443 BOOL ok = CertSetCertificateContextProperty( | 2443 BOOL ok = CertSetCertificateContextProperty( |
| 2444 nss_handshake_state_.server_cert->os_cert_handle(), | 2444 nss_handshake_state_.server_cert->os_cert_handle(), |
| 2445 CERT_OCSP_RESPONSE_PROP_ID, | 2445 CERT_OCSP_RESPONSE_PROP_ID, |
| 2446 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, | 2446 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, |
| 2447 &ocsp_response_blob); | 2447 &ocsp_response_blob); |
| 2448 if (!ok) { | 2448 if (!ok) { |
| 2449 VLOG(1) << "Failed to set OCSP response property: " | 2449 VLOG(1) << "Failed to set OCSP response property: " |
| (...skipping 1160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3610 scoped_refptr<X509Certificate> | 3610 scoped_refptr<X509Certificate> |
| 3611 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { | 3611 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { |
| 3612 return core_->state().server_cert.get(); | 3612 return core_->state().server_cert.get(); |
| 3613 } | 3613 } |
| 3614 | 3614 |
| 3615 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { | 3615 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { |
| 3616 return channel_id_service_; | 3616 return channel_id_service_; |
| 3617 } | 3617 } |
| 3618 | 3618 |
| 3619 } // namespace net | 3619 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 724553002:
Remove implicit conversions from scoped_refptr to T* in net/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master