| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 900 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 911 rv = BufferSend(); | 911 rv = BufferSend(); |
| 912 if (rv != ERR_IO_PENDING && rv != 0) | 912 if (rv != ERR_IO_PENDING && rv != 0) |
| 913 network_moved = true; | 913 network_moved = true; |
| 914 } while (rv > 0); | 914 } while (rv > 0); |
| 915 if (transport_read_error_ == OK && BufferRecv() != ERR_IO_PENDING) | 915 if (transport_read_error_ == OK && BufferRecv() != ERR_IO_PENDING) |
| 916 network_moved = true; | 916 network_moved = true; |
| 917 return network_moved; | 917 return network_moved; |
| 918 } | 918 } |
| 919 | 919 |
| 920 int SSLClientSocketOpenSSL::DoHandshake() { | 920 int SSLClientSocketOpenSSL::DoHandshake() { |
| 921 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
| 922 tracked_objects::ScopedTracker tracking_profile1( | |
| 923 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
| 924 "424386 SSLClientSocketOpenSSL::DoHandshake1")); | |
| 925 | |
| 926 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 921 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 927 int net_error = OK; | 922 int net_error = OK; |
| 928 int rv = SSL_do_handshake(ssl_); | 923 |
| 924 int rv; |
| 925 |
| 926 // TODO(vadimt): Leave only 1 call to SSL_do_handshake once crbug.com/424386 |
| 927 // is fixed. |
| 928 if (ssl_config_.send_client_cert && ssl_config_.client_cert.get()) { |
| 929 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 930 tracked_objects::ScopedTracker tracking_profile1( |
| 931 FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 DoHandshake_WithCert")); |
| 932 |
| 933 rv = SSL_do_handshake(ssl_); |
| 934 } else { |
| 935 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 936 tracked_objects::ScopedTracker tracking_profile1( |
| 937 FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 DoHandshake_WithoutCert")); |
| 938 |
| 939 rv = SSL_do_handshake(ssl_); |
| 940 } |
| 929 | 941 |
| 930 if (client_auth_cert_needed_) { | 942 if (client_auth_cert_needed_) { |
| 931 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 943 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 932 tracked_objects::ScopedTracker tracking_profile2( | 944 tracked_objects::ScopedTracker tracking_profile2( |
| 933 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 945 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 934 "424386 SSLClientSocketOpenSSL::DoHandshake2")); | 946 "424386 SSLClientSocketOpenSSL::DoHandshake2")); |
| 935 | 947 |
| 936 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 948 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 937 // If the handshake already succeeded (because the server requests but | 949 // If the handshake already succeeded (because the server requests but |
| 938 // doesn't require a client cert), we need to invalidate the SSL session | 950 // doesn't require a client cert), we need to invalidate the SSL session |
| (...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1209 } | 1221 } |
| 1210 } | 1222 } |
| 1211 | 1223 |
| 1212 void SSLClientSocketOpenSSL::UpdateServerCert() { | 1224 void SSLClientSocketOpenSSL::UpdateServerCert() { |
| 1213 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 1225 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 1214 tracked_objects::ScopedTracker tracking_profile( | 1226 tracked_objects::ScopedTracker tracking_profile( |
| 1215 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 1227 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 1216 "424386 SSLClientSocketOpenSSL::UpdateServerCert")); | 1228 "424386 SSLClientSocketOpenSSL::UpdateServerCert")); |
| 1217 | 1229 |
| 1218 server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_)); | 1230 server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_)); |
| 1231 |
| 1232 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 1233 tracked_objects::ScopedTracker tracking_profile1( |
| 1234 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 1235 "424386 SSLClientSocketOpenSSL::UpdateServerCert1")); |
| 1219 server_cert_ = server_cert_chain_->AsOSChain(); | 1236 server_cert_ = server_cert_chain_->AsOSChain(); |
| 1220 | 1237 |
| 1221 if (server_cert_.get()) { | 1238 if (server_cert_.get()) { |
| 1222 net_log_.AddEvent( | 1239 net_log_.AddEvent( |
| 1223 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | 1240 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, |
| 1224 base::Bind(&NetLogX509CertificateCallback, | 1241 base::Bind(&NetLogX509CertificateCallback, |
| 1225 base::Unretained(server_cert_.get()))); | 1242 base::Unretained(server_cert_.get()))); |
| 1226 | 1243 |
| 1227 // TODO(rsleevi): Plumb an OCSP response into the Mac system library and | 1244 // TODO(rsleevi): Plumb an OCSP response into the Mac system library and |
| 1228 // update IsOCSPStaplingSupported for Mac. https://crbug.com/430714 | 1245 // update IsOCSPStaplingSupported for Mac. https://crbug.com/430714 |
| 1229 if (IsOCSPStaplingSupported()) { | 1246 if (IsOCSPStaplingSupported()) { |
| 1230 #if defined(OS_WIN) | 1247 #if defined(OS_WIN) |
| 1248 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is |
| 1249 // fixed. |
| 1250 tracked_objects::ScopedTracker tracking_profile2( |
| 1251 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 1252 "424386 SSLClientSocketOpenSSL::UpdateServerCert2")); |
| 1253 |
| 1231 const uint8_t* ocsp_response_raw; | 1254 const uint8_t* ocsp_response_raw; |
| 1232 size_t ocsp_response_len; | 1255 size_t ocsp_response_len; |
| 1233 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); | 1256 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); |
| 1234 | 1257 |
| 1235 CRYPT_DATA_BLOB ocsp_response_blob; | 1258 CRYPT_DATA_BLOB ocsp_response_blob; |
| 1236 ocsp_response_blob.cbData = ocsp_response_len; | 1259 ocsp_response_blob.cbData = ocsp_response_len; |
| 1237 ocsp_response_blob.pbData = const_cast<BYTE*>(ocsp_response_raw); | 1260 ocsp_response_blob.pbData = const_cast<BYTE*>(ocsp_response_raw); |
| 1238 BOOL ok = CertSetCertificateContextProperty( | 1261 BOOL ok = CertSetCertificateContextProperty( |
| 1239 server_cert_->os_cert_handle(), | 1262 server_cert_->os_cert_handle(), |
| 1240 CERT_OCSP_RESPONSE_PROP_ID, | 1263 CERT_OCSP_RESPONSE_PROP_ID, |
| (...skipping 707 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1948 ct::SCT_STATUS_LOG_UNKNOWN)); | 1971 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 1949 } | 1972 } |
| 1950 } | 1973 } |
| 1951 | 1974 |
| 1952 scoped_refptr<X509Certificate> | 1975 scoped_refptr<X509Certificate> |
| 1953 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1976 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1954 return server_cert_; | 1977 return server_cert_; |
| 1955 } | 1978 } |
| 1956 | 1979 |
| 1957 } // namespace net | 1980 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 787913003:
Instrumenting SSL_do_handshake and UpdateServerCert to find jank (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master