| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| 11 #include <openssl/bio.h> | 11 #include <openssl/bio.h> |
| 12 #include <openssl/err.h> | 12 #include <openssl/err.h> |
| 13 #include <openssl/ssl.h> | 13 #include <openssl/ssl.h> |
| 14 #include <string.h> | 14 #include <string.h> |
| 15 | 15 |
| 16 #include "base/bind.h" | 16 #include "base/bind.h" |
| 17 #include "base/callback_helpers.h" | 17 #include "base/callback_helpers.h" |
| 18 #include "base/environment.h" | 18 #include "base/environment.h" |
| 19 #include "base/memory/singleton.h" | 19 #include "base/memory/singleton.h" |
| 20 #include "base/metrics/histogram.h" | 20 #include "base/metrics/histogram.h" |
| 21 #include "base/metrics/sparse_histogram.h" | |
| 22 #include "base/profiler/scoped_tracker.h" | 21 #include "base/profiler/scoped_tracker.h" |
| 23 #include "base/strings/string_piece.h" | 22 #include "base/strings/string_piece.h" |
| 24 #include "base/synchronization/lock.h" | 23 #include "base/synchronization/lock.h" |
| 25 #include "base/threading/thread_local.h" | 24 #include "base/threading/thread_local.h" |
| 26 #include "crypto/ec_private_key.h" | 25 #include "crypto/ec_private_key.h" |
| 27 #include "crypto/openssl_util.h" | 26 #include "crypto/openssl_util.h" |
| 28 #include "crypto/scoped_openssl_types.h" | 27 #include "crypto/scoped_openssl_types.h" |
| 29 #include "net/base/net_errors.h" | 28 #include "net/base/net_errors.h" |
| 30 #include "net/cert/cert_policy_enforcer.h" | 29 #include "net/cert/cert_policy_enforcer.h" |
| 31 #include "net/cert/cert_verifier.h" | 30 #include "net/cert/cert_verifier.h" |
| (...skipping 434 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 466 // It is an error to create an SSLClientSocket whose context has no | 465 // It is an error to create an SSLClientSocket whose context has no |
| 467 // TransportSecurityState. | 466 // TransportSecurityState. |
| 468 DCHECK(transport_security_state_); | 467 DCHECK(transport_security_state_); |
| 469 | 468 |
| 470 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT); | 469 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT); |
| 471 | 470 |
| 472 // Set up new ssl object. | 471 // Set up new ssl object. |
| 473 int rv = Init(); | 472 int rv = Init(); |
| 474 if (rv != OK) { | 473 if (rv != OK) { |
| 475 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 474 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 476 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv)); | |
| 477 return rv; | 475 return rv; |
| 478 } | 476 } |
| 479 | 477 |
| 480 // Set SSL to client mode. Handshake happens in the loop below. | 478 // Set SSL to client mode. Handshake happens in the loop below. |
| 481 SSL_set_connect_state(ssl_); | 479 SSL_set_connect_state(ssl_); |
| 482 | 480 |
| 481 // Enable fastradio padding. |
| 482 SSL_enable_fastradio_padding(ssl_, |
| 483 ssl_config_.fastradio_padding_enabled && |
| 484 ssl_config_.fastradio_padding_eligible); |
| 485 |
| 483 GotoState(STATE_HANDSHAKE); | 486 GotoState(STATE_HANDSHAKE); |
| 484 rv = DoHandshakeLoop(OK); | 487 rv = DoHandshakeLoop(OK); |
| 485 if (rv == ERR_IO_PENDING) { | 488 if (rv == ERR_IO_PENDING) { |
| 486 user_connect_callback_ = callback; | 489 user_connect_callback_ = callback; |
| 487 } else { | 490 } else { |
| 488 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 491 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 489 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv)); | |
| 490 if (rv < OK) | 492 if (rv < OK) |
| 491 OnHandshakeCompletion(); | 493 OnHandshakeCompletion(); |
| 492 } | 494 } |
| 493 | 495 |
| 494 return rv > OK ? OK : rv; | 496 return rv > OK ? OK : rv; |
| 495 } | 497 } |
| 496 | 498 |
| 497 void SSLClientSocketOpenSSL::Disconnect() { | 499 void SSLClientSocketOpenSSL::Disconnect() { |
| 498 // If a handshake was pending (Connect() had been called), notify interested | 500 // If a handshake was pending (Connect() had been called), notify interested |
| 499 // parties that it's been aborted now. If the handshake had already | 501 // parties that it's been aborted now. If the handshake had already |
| (...skipping 580 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1080 << ", net_error " << net_error; | 1082 << ", net_error " << net_error; |
| 1081 net_log_.AddEvent( | 1083 net_log_.AddEvent( |
| 1082 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1084 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 1083 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); | 1085 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| 1084 } | 1086 } |
| 1085 } | 1087 } |
| 1086 return net_error; | 1088 return net_error; |
| 1087 } | 1089 } |
| 1088 | 1090 |
| 1089 int SSLClientSocketOpenSSL::DoChannelIDLookup() { | 1091 int SSLClientSocketOpenSSL::DoChannelIDLookup() { |
| 1092 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED); |
| 1090 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); | 1093 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); |
| 1091 return channel_id_service_->GetOrCreateChannelID( | 1094 return channel_id_service_->GetOrCreateChannelID( |
| 1092 host_and_port_.host(), | 1095 host_and_port_.host(), |
| 1093 &channel_id_private_key_, | 1096 &channel_id_private_key_, |
| 1094 &channel_id_cert_, | 1097 &channel_id_cert_, |
| 1095 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | 1098 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, |
| 1096 base::Unretained(this)), | 1099 base::Unretained(this)), |
| 1097 &channel_id_request_handle_); | 1100 &channel_id_request_handle_); |
| 1098 } | 1101 } |
| 1099 | 1102 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 1126 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 1129 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 1127 int rv = SSL_set1_tls_channel_id(ssl_, ec_private_key->key()); | 1130 int rv = SSL_set1_tls_channel_id(ssl_, ec_private_key->key()); |
| 1128 if (!rv) { | 1131 if (!rv) { |
| 1129 LOG(ERROR) << "Failed to set Channel ID."; | 1132 LOG(ERROR) << "Failed to set Channel ID."; |
| 1130 int err = SSL_get_error(ssl_, rv); | 1133 int err = SSL_get_error(ssl_, rv); |
| 1131 return MapOpenSSLError(err, err_tracer); | 1134 return MapOpenSSLError(err, err_tracer); |
| 1132 } | 1135 } |
| 1133 | 1136 |
| 1134 // Return to the handshake. | 1137 // Return to the handshake. |
| 1135 set_channel_id_sent(true); | 1138 set_channel_id_sent(true); |
| 1139 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED); |
| 1136 GotoState(STATE_HANDSHAKE); | 1140 GotoState(STATE_HANDSHAKE); |
| 1137 return OK; | 1141 return OK; |
| 1138 } | 1142 } |
| 1139 | 1143 |
| 1140 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { | 1144 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { |
| 1141 DCHECK(!server_cert_chain_->empty()); | 1145 DCHECK(!server_cert_chain_->empty()); |
| 1142 DCHECK(start_cert_verification_time_.is_null()); | 1146 DCHECK(start_cert_verification_time_.is_null()); |
| 1143 | 1147 |
| 1144 GotoState(STATE_VERIFY_CERT_COMPLETE); | 1148 GotoState(STATE_VERIFY_CERT_COMPLETE); |
| 1145 | 1149 |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1359 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | 1363 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; |
| 1360 } | 1364 } |
| 1361 } | 1365 } |
| 1362 } | 1366 } |
| 1363 } | 1367 } |
| 1364 | 1368 |
| 1365 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) { | 1369 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) { |
| 1366 int rv = DoHandshakeLoop(result); | 1370 int rv = DoHandshakeLoop(result); |
| 1367 if (rv != ERR_IO_PENDING) { | 1371 if (rv != ERR_IO_PENDING) { |
| 1368 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | 1372 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); |
| 1369 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSL_Connection_Error", std::abs(rv)); | |
| 1370 DoConnectCallback(rv); | 1373 DoConnectCallback(rv); |
| 1371 } | 1374 } |
| 1372 } | 1375 } |
| 1373 | 1376 |
| 1374 void SSLClientSocketOpenSSL::OnSendComplete(int result) { | 1377 void SSLClientSocketOpenSSL::OnSendComplete(int result) { |
| 1375 if (next_handshake_state_ == STATE_HANDSHAKE) { | 1378 if (next_handshake_state_ == STATE_HANDSHAKE) { |
| 1376 // In handshake phase. | 1379 // In handshake phase. |
| 1377 OnHandshakeIOComplete(result); | 1380 OnHandshakeIOComplete(result); |
| 1378 return; | 1381 return; |
| 1379 } | 1382 } |
| (...skipping 643 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2023 ct::SCT_STATUS_LOG_UNKNOWN)); | 2026 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 2024 } | 2027 } |
| 2025 } | 2028 } |
| 2026 | 2029 |
| 2027 scoped_refptr<X509Certificate> | 2030 scoped_refptr<X509Certificate> |
| 2028 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 2031 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 2029 return server_cert_; | 2032 return server_cert_; |
| 2030 } | 2033 } |
| 2031 | 2034 |
| 2032 } // namespace net | 2035 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 935333002:
Update from https://crrev.com/316786 (Closed)
Base URL: git@github.com:domokit/mojo.git@master