Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(281)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 941743002: Add a dedicated SSL protocol version metric. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Carve some corners into the round hole so the square peg fits better Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_pool.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 3508 matching lines...) Expand 10 before | Expand all | Expand 10 after
3519 // We used to remember the intermediate CA certs in the NSS database 3519 // We used to remember the intermediate CA certs in the NSS database
3520 // persistently. However, NSS opens a connection to the SQLite database 3520 // persistently. However, NSS opens a connection to the SQLite database
3521 // during NSS initialization and doesn't close the connection until NSS 3521 // during NSS initialization and doesn't close the connection until NSS
3522 // shuts down. If the file system where the database resides is gone, 3522 // shuts down. If the file system where the database resides is gone,
3523 // the database connection goes bad. What's worse, the connection won't 3523 // the database connection goes bad. What's worse, the connection won't
3524 // recover when the file system comes back. Until this NSS or SQLite bug 3524 // recover when the file system comes back. Until this NSS or SQLite bug
3525 // is fixed, we need to avoid using the NSS database for non-essential 3525 // is fixed, we need to avoid using the NSS database for non-essential
3526 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and 3526 // purposes. See https://bugzilla.mozilla.org/show_bug.cgi?id=508081 and
3527 // http://crbug.com/15630 for more info. 3527 // http://crbug.com/15630 for more info.
3528 3528
3529 // TODO(hclam): Skip logging if server cert was expected to be bad because
3530 // |server_cert_verify_result_| doesn't contain all the information about
3531 // the cert.
3532 if (result == OK) {
3533 int ssl_version =
3534 SSLConnectionStatusToVersion(core_->state().ssl_connection_status);
3535 RecordConnectionTypeMetrics(ssl_version);
3536 }
3537
3538 const CertStatus cert_status = server_cert_verify_result_.cert_status; 3529 const CertStatus cert_status = server_cert_verify_result_.cert_status;
3539 if (transport_security_state_ && 3530 if (transport_security_state_ &&
3540 (result == OK || 3531 (result == OK ||
3541 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && 3532 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) &&
3542 !transport_security_state_->CheckPublicKeyPins( 3533 !transport_security_state_->CheckPublicKeyPins(
3543 host_and_port_.host(), 3534 host_and_port_.host(),
3544 server_cert_verify_result_.is_issued_by_known_root, 3535 server_cert_verify_result_.is_issued_by_known_root,
3545 server_cert_verify_result_.public_key_hashes, 3536 server_cert_verify_result_.public_key_hashes,
3546 &pinning_failure_log_)) { 3537 &pinning_failure_log_)) {
3547 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; 3538 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN;
(...skipping 87 matching lines...) Expand 10 before | Expand all | Expand 10 after
3635 scoped_refptr<X509Certificate> 3626 scoped_refptr<X509Certificate>
3636 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { 3627 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
3637 return core_->state().server_cert.get(); 3628 return core_->state().server_cert.get();
3638 } 3629 }
3639 3630
3640 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { 3631 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
3641 return channel_id_service_; 3632 return channel_id_service_;
3642 } 3633 }
3643 3634
3644 } // namespace net 3635 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_pool.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698