| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 913 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 924 rv = BufferSend(); | 924 rv = BufferSend(); |
| 925 if (rv != ERR_IO_PENDING && rv != 0) | 925 if (rv != ERR_IO_PENDING && rv != 0) |
| 926 network_moved = true; | 926 network_moved = true; |
| 927 } while (rv > 0); | 927 } while (rv > 0); |
| 928 if (transport_read_error_ == OK && BufferRecv() != ERR_IO_PENDING) | 928 if (transport_read_error_ == OK && BufferRecv() != ERR_IO_PENDING) |
| 929 network_moved = true; | 929 network_moved = true; |
| 930 return network_moved; | 930 return network_moved; |
| 931 } | 931 } |
| 932 | 932 |
| 933 int SSLClientSocketOpenSSL::DoHandshake() { | 933 int SSLClientSocketOpenSSL::DoHandshake() { |
| 934 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
| 935 tracked_objects::ScopedTracker tracking_profile1( | |
| 936 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
| 937 "424386 SSLClientSocketOpenSSL::DoHandshake1")); | |
| 938 | |
| 939 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 934 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 940 int net_error = OK; | 935 int net_error = OK; |
| 941 int rv = SSL_do_handshake(ssl_); | 936 |
| 937 int rv; |
| 938 |
| 939 // TODO(vadimt): Leave only 1 call to SSL_do_handshake once crbug.com/424386 |
| 940 // is fixed. |
| 941 if (ssl_config_.send_client_cert && ssl_config_.client_cert.get()) { |
| 942 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 943 tracked_objects::ScopedTracker tracking_profile1( |
| 944 FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 DoHandshake_WithCert")); |
| 945 |
| 946 rv = SSL_do_handshake(ssl_); |
| 947 } else { |
| 948 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 949 tracked_objects::ScopedTracker tracking_profile1( |
| 950 FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 DoHandshake_WithoutCert")); |
| 951 |
| 952 rv = SSL_do_handshake(ssl_); |
| 953 } |
| 942 | 954 |
| 943 if (client_auth_cert_needed_) { | 955 if (client_auth_cert_needed_) { |
| 944 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 956 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 945 tracked_objects::ScopedTracker tracking_profile2( | 957 tracked_objects::ScopedTracker tracking_profile2( |
| 946 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 958 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 947 "424386 SSLClientSocketOpenSSL::DoHandshake2")); | 959 "424386 SSLClientSocketOpenSSL::DoHandshake2")); |
| 948 | 960 |
| 949 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 961 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
| 950 // If the handshake already succeeded (because the server requests but | 962 // If the handshake already succeeded (because the server requests but |
| 951 // doesn't require a client cert), we need to invalidate the SSL session | 963 // doesn't require a client cert), we need to invalidate the SSL session |
| (...skipping 270 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1222 } | 1234 } |
| 1223 } | 1235 } |
| 1224 | 1236 |
| 1225 void SSLClientSocketOpenSSL::UpdateServerCert() { | 1237 void SSLClientSocketOpenSSL::UpdateServerCert() { |
| 1226 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | 1238 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 1227 tracked_objects::ScopedTracker tracking_profile( | 1239 tracked_objects::ScopedTracker tracking_profile( |
| 1228 FROM_HERE_WITH_EXPLICIT_FUNCTION( | 1240 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 1229 "424386 SSLClientSocketOpenSSL::UpdateServerCert")); | 1241 "424386 SSLClientSocketOpenSSL::UpdateServerCert")); |
| 1230 | 1242 |
| 1231 server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_)); | 1243 server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_)); |
| 1244 |
| 1245 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. |
| 1246 tracked_objects::ScopedTracker tracking_profile1( |
| 1247 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 1248 "424386 SSLClientSocketOpenSSL::UpdateServerCert1")); |
| 1232 server_cert_ = server_cert_chain_->AsOSChain(); | 1249 server_cert_ = server_cert_chain_->AsOSChain(); |
| 1233 | 1250 |
| 1234 if (server_cert_.get()) { | 1251 if (server_cert_.get()) { |
| 1235 net_log_.AddEvent( | 1252 net_log_.AddEvent( |
| 1236 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | 1253 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, |
| 1237 base::Bind(&NetLogX509CertificateCallback, | 1254 base::Bind(&NetLogX509CertificateCallback, |
| 1238 base::Unretained(server_cert_.get()))); | 1255 base::Unretained(server_cert_.get()))); |
| 1239 | 1256 |
| 1240 // TODO(rsleevi): Plumb an OCSP response into the Mac system library and | 1257 // TODO(rsleevi): Plumb an OCSP response into the Mac system library and |
| 1241 // update IsOCSPStaplingSupported for Mac. https://crbug.com/430714 | 1258 // update IsOCSPStaplingSupported for Mac. https://crbug.com/430714 |
| 1242 if (IsOCSPStaplingSupported()) { | 1259 if (IsOCSPStaplingSupported()) { |
| 1243 #if defined(OS_WIN) | 1260 #if defined(OS_WIN) |
| 1261 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is |
| 1262 // fixed. |
| 1263 tracked_objects::ScopedTracker tracking_profile2( |
| 1264 FROM_HERE_WITH_EXPLICIT_FUNCTION( |
| 1265 "424386 SSLClientSocketOpenSSL::UpdateServerCert2")); |
| 1266 |
| 1244 const uint8_t* ocsp_response_raw; | 1267 const uint8_t* ocsp_response_raw; |
| 1245 size_t ocsp_response_len; | 1268 size_t ocsp_response_len; |
| 1246 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); | 1269 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); |
| 1247 | 1270 |
| 1248 CRYPT_DATA_BLOB ocsp_response_blob; | 1271 CRYPT_DATA_BLOB ocsp_response_blob; |
| 1249 ocsp_response_blob.cbData = ocsp_response_len; | 1272 ocsp_response_blob.cbData = ocsp_response_len; |
| 1250 ocsp_response_blob.pbData = const_cast<BYTE*>(ocsp_response_raw); | 1273 ocsp_response_blob.pbData = const_cast<BYTE*>(ocsp_response_raw); |
| 1251 BOOL ok = CertSetCertificateContextProperty( | 1274 BOOL ok = CertSetCertificateContextProperty( |
| 1252 server_cert_->os_cert_handle(), | 1275 server_cert_->os_cert_handle(), |
| 1253 CERT_OCSP_RESPONSE_PROP_ID, | 1276 CERT_OCSP_RESPONSE_PROP_ID, |
| (...skipping 716 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1970 ct::SCT_STATUS_LOG_UNKNOWN)); | 1993 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 1971 } | 1994 } |
| 1972 } | 1995 } |
| 1973 | 1996 |
| 1974 scoped_refptr<X509Certificate> | 1997 scoped_refptr<X509Certificate> |
| 1975 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1998 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1976 return server_cert_; | 1999 return server_cert_; |
| 1977 } | 2000 } |
| 1978 | 2001 |
| 1979 } // namespace net | 2002 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 817653003:
Update from https://crrev.com/309717 (Closed)
Base URL: git@github.com:domokit/mojo.git@master