net/ssl/openssl_ssl_util.cc - Issue 834313002: Roll BoringSSL 306e520:aac2f6a

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/ssl/openssl_ssl_util.cc

Issue 834313002: Roll BoringSSL 306e520:aac2f6a (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: pick up windows fix Created 5 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/ssl/openssl_ssl_util.cc

diff --git a/net/ssl/openssl_ssl_util.cc b/net/ssl/openssl_ssl_util.cc

index 9fb83a43f5d7c89c041baa896574265f7bd342a7..eabf35de3aec3d4908118c5600fc30e458a8f2e7 100644

--- a/net/ssl/openssl_ssl_util.cc

+++ b/net/ssl/openssl_ssl_util.cc

@@ -118,13 +118,8 @@ int MapOpenSSLErrorSSL(uint32_t error_code) {

case SSL_R_INVALID_TICKET_KEYS_LENGTH:

// SSL_do_handshake reports this error when the server responds to a

// ClientHello with a fatal close_notify alert.

- case SSL_AD_REASON_OFFSET + SSL_AD_CLOSE_NOTIFY:

+ case SSL_R_SSLV3_ALERT_CLOSE_NOTIFY:

case SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE:

- // TODO(joth): SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the

- // server after receiving ClientHello if there's no common supported cipher.

- // Ideally we'd map that specific case to ERR_SSL_VERSION_OR_CIPHER_MISMATCH

- // to match the NSS implementation. See also http://goo.gl/oMtZW

- case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE:

case SSL_R_SSLV3_ALERT_NO_CERTIFICATE:

case SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER:

case SSL_R_TLSV1_ALERT_DECODE_ERROR:

@@ -139,8 +134,20 @@ int MapOpenSSLErrorSSL(uint32_t error_code) {

// The only way that the certificate verify callback can fail is if

// the leaf certificate changed during a renegotiation.

return ERR_SSL_SERVER_CERT_CHANGED;

- case SSL_AD_REASON_OFFSET + SSL3_AD_INAPPROPRIATE_FALLBACK:

+ case SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK:

return ERR_SSL_INAPPROPRIATE_FALLBACK;

+ // SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE may be returned from the server after

+ // receiving ClientHello if there's no common supported cipher. Map that

+ // specific case to ERR_SSL_VERSION_OR_CIPHER_MISMATCH to match the NSS

+ // implementation. See https://goo.gl/oMtZW and https://crbug.com/446505.

+ case SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE: {

+ uint32_t previous = ERR_peek_error();

+ if (previous != 0 && ERR_GET_LIB(previous) == ERR_LIB_SSL &&

+ ERR_GET_REASON(previous) == SSL_R_HANDSHAKE_FAILURE_ON_CLIENT_HELLO) {

+ return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;

+ }

+ return ERR_SSL_PROTOCOL_ERROR;

+ }

default:

LOG(WARNING) << "Unmapped error reason: " << ERR_GET_REASON(error_code);

return ERR_SSL_PROTOCOL_ERROR;

« no previous file with comments | « DEPS ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »