OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | |
6 // of operation is derived from SSLClientSocketNSS. | |
7 | |
8 #include "net/socket/ssl_client_socket_openssl.h" | |
9 | |
10 #include <errno.h> | |
11 #include <openssl/bio.h> | |
12 #include <openssl/err.h> | |
13 #include <openssl/ssl.h> | |
14 #include <string.h> | |
15 | |
16 #include "base/bind.h" | |
17 #include "base/callback_helpers.h" | |
18 #include "base/environment.h" | |
19 #include "base/memory/singleton.h" | |
20 #include "base/metrics/histogram.h" | |
21 #include "base/profiler/scoped_tracker.h" | |
22 #include "base/strings/string_piece.h" | |
23 #include "base/synchronization/lock.h" | |
24 #include "base/threading/thread_local.h" | |
25 #include "crypto/ec_private_key.h" | |
26 #include "crypto/openssl_util.h" | |
27 #include "crypto/scoped_openssl_types.h" | |
28 #include "net/base/net_errors.h" | |
29 #include "net/cert/cert_policy_enforcer.h" | |
30 #include "net/cert/cert_verifier.h" | |
31 #include "net/cert/ct_ev_whitelist.h" | |
32 #include "net/cert/ct_verifier.h" | |
33 #include "net/cert/single_request_cert_verifier.h" | |
34 #include "net/cert/x509_certificate_net_log_param.h" | |
35 #include "net/cert/x509_util_openssl.h" | |
36 #include "net/http/transport_security_state.h" | |
37 #include "net/socket/ssl_session_cache_openssl.h" | |
38 #include "net/ssl/ssl_cert_request_info.h" | |
39 #include "net/ssl/ssl_connection_status_flags.h" | |
40 #include "net/ssl/ssl_info.h" | |
41 | |
42 #if defined(OS_WIN) | |
43 #include "base/win/windows_version.h" | |
44 #endif | |
45 | |
46 #if defined(USE_OPENSSL_CERTS) | |
47 #include "net/ssl/openssl_client_key_store.h" | |
48 #else | |
49 #include "net/ssl/openssl_platform_key.h" | |
50 #endif | |
51 | |
52 namespace net { | |
53 | |
54 namespace { | |
55 | |
56 // Enable this to see logging for state machine state transitions. | |
57 #if 0 | |
58 #define GotoState(s) do { DVLOG(2) << (void *)this << " " << __FUNCTION__ << \ | |
59 " jump to state " << s; \ | |
60 next_handshake_state_ = s; } while (0) | |
61 #else | |
62 #define GotoState(s) next_handshake_state_ = s | |
63 #endif | |
64 | |
65 // This constant can be any non-negative/non-zero value (eg: it does not | |
66 // overlap with any value of the net::Error range, including net::OK). | |
67 const int kNoPendingReadResult = 1; | |
68 | |
69 // If a client doesn't have a list of protocols that it supports, but | |
70 // the server supports NPN, choosing "http/1.1" is the best answer. | |
71 const char kDefaultSupportedNPNProtocol[] = "http/1.1"; | |
72 | |
73 // Default size of the internal BoringSSL buffers. | |
74 const int KDefaultOpenSSLBufferSize = 17 * 1024; | |
75 | |
76 void FreeX509Stack(STACK_OF(X509)* ptr) { | |
77 sk_X509_pop_free(ptr, X509_free); | |
78 } | |
79 | |
80 typedef crypto::ScopedOpenSSL<X509, X509_free>::Type ScopedX509; | |
81 typedef crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>::Type | |
82 ScopedX509Stack; | |
83 | |
84 #if OPENSSL_VERSION_NUMBER < 0x1000103fL | |
85 // This method doesn't seem to have made it into the OpenSSL headers. | |
86 unsigned long SSL_CIPHER_get_id(const SSL_CIPHER* cipher) { return cipher->id; } | |
87 #endif | |
88 | |
89 // Used for encoding the |connection_status| field of an SSLInfo object. | |
90 int EncodeSSLConnectionStatus(uint16 cipher_suite, | |
91 int compression, | |
92 int version) { | |
93 return cipher_suite | | |
94 ((compression & SSL_CONNECTION_COMPRESSION_MASK) << | |
95 SSL_CONNECTION_COMPRESSION_SHIFT) | | |
96 ((version & SSL_CONNECTION_VERSION_MASK) << | |
97 SSL_CONNECTION_VERSION_SHIFT); | |
98 } | |
99 | |
100 // Returns the net SSL version number (see ssl_connection_status_flags.h) for | |
101 // this SSL connection. | |
102 int GetNetSSLVersion(SSL* ssl) { | |
103 switch (SSL_version(ssl)) { | |
104 case SSL2_VERSION: | |
105 return SSL_CONNECTION_VERSION_SSL2; | |
106 case SSL3_VERSION: | |
107 return SSL_CONNECTION_VERSION_SSL3; | |
108 case TLS1_VERSION: | |
109 return SSL_CONNECTION_VERSION_TLS1; | |
110 case TLS1_1_VERSION: | |
111 return SSL_CONNECTION_VERSION_TLS1_1; | |
112 case TLS1_2_VERSION: | |
113 return SSL_CONNECTION_VERSION_TLS1_2; | |
114 default: | |
115 return SSL_CONNECTION_VERSION_UNKNOWN; | |
116 } | |
117 } | |
118 | |
119 ScopedX509 OSCertHandleToOpenSSL( | |
120 X509Certificate::OSCertHandle os_handle) { | |
121 #if defined(USE_OPENSSL_CERTS) | |
122 return ScopedX509(X509Certificate::DupOSCertHandle(os_handle)); | |
123 #else // !defined(USE_OPENSSL_CERTS) | |
124 std::string der_encoded; | |
125 if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded)) | |
126 return ScopedX509(); | |
127 const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data()); | |
128 return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size())); | |
129 #endif // defined(USE_OPENSSL_CERTS) | |
130 } | |
131 | |
132 ScopedX509Stack OSCertHandlesToOpenSSL( | |
133 const X509Certificate::OSCertHandles& os_handles) { | |
134 ScopedX509Stack stack(sk_X509_new_null()); | |
135 for (size_t i = 0; i < os_handles.size(); i++) { | |
136 ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]); | |
137 if (!x509) | |
138 return ScopedX509Stack(); | |
139 sk_X509_push(stack.get(), x509.release()); | |
140 } | |
141 return stack.Pass(); | |
142 } | |
143 | |
144 int LogErrorCallback(const char* str, size_t len, void* context) { | |
145 LOG(ERROR) << base::StringPiece(str, len); | |
146 return 1; | |
147 } | |
148 | |
149 bool IsOCSPStaplingSupported() { | |
150 #if defined(OS_WIN) | |
151 // CERT_OCSP_RESPONSE_PROP_ID is only implemented on Vista+, but it can be | |
152 // set on Windows XP without error. There is some overhead from the server | |
153 // sending the OCSP response if it supports the extension, for the subset of | |
154 // XP clients who will request it but be unable to use it, but this is an | |
155 // acceptable trade-off for simplicity of implementation. | |
156 return true; | |
157 #else | |
158 return false; | |
159 #endif | |
160 } | |
161 | |
162 } // namespace | |
163 | |
164 class SSLClientSocketOpenSSL::SSLContext { | |
165 public: | |
166 static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); } | |
167 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } | |
168 SSLSessionCacheOpenSSL* session_cache() { return &session_cache_; } | |
169 | |
170 SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) { | |
171 DCHECK(ssl); | |
172 SSLClientSocketOpenSSL* socket = static_cast<SSLClientSocketOpenSSL*>( | |
173 SSL_get_ex_data(ssl, ssl_socket_data_index_)); | |
174 DCHECK(socket); | |
175 return socket; | |
176 } | |
177 | |
178 bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketOpenSSL* socket) { | |
179 return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0; | |
180 } | |
181 | |
182 private: | |
183 friend struct DefaultSingletonTraits<SSLContext>; | |
184 | |
185 SSLContext() { | |
186 crypto::EnsureOpenSSLInit(); | |
187 ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0); | |
188 DCHECK_NE(ssl_socket_data_index_, -1); | |
189 ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); | |
190 session_cache_.Reset(ssl_ctx_.get(), kDefaultSessionCacheConfig); | |
191 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL); | |
192 SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL); | |
193 SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL); | |
194 // This stops |SSL_shutdown| from generating the close_notify message, which | |
195 // is currently not sent on the network. | |
196 // TODO(haavardm): Remove setting quiet shutdown once 118366 is fixed. | |
197 SSL_CTX_set_quiet_shutdown(ssl_ctx_.get(), 1); | |
198 // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty. | |
199 // It would be better if the callback were not a global setting, | |
200 // but that is an OpenSSL issue. | |
201 SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, | |
202 NULL); | |
203 ssl_ctx_->tlsext_channel_id_enabled_new = 1; | |
204 | |
205 scoped_ptr<base::Environment> env(base::Environment::Create()); | |
206 std::string ssl_keylog_file; | |
207 if (env->GetVar("SSLKEYLOGFILE", &ssl_keylog_file) && | |
208 !ssl_keylog_file.empty()) { | |
209 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
210 BIO* bio = BIO_new_file(ssl_keylog_file.c_str(), "a"); | |
211 if (!bio) { | |
212 LOG(ERROR) << "Failed to open " << ssl_keylog_file; | |
213 ERR_print_errors_cb(&LogErrorCallback, NULL); | |
214 } else { | |
215 SSL_CTX_set_keylog_bio(ssl_ctx_.get(), bio); | |
216 } | |
217 } | |
218 } | |
219 | |
220 static std::string GetSessionCacheKey(const SSL* ssl) { | |
221 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | |
222 DCHECK(socket); | |
223 return socket->GetSessionCacheKey(); | |
224 } | |
225 | |
226 static SSLSessionCacheOpenSSL::Config kDefaultSessionCacheConfig; | |
227 | |
228 static int ClientCertRequestCallback(SSL* ssl, void* arg) { | |
229 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | |
230 DCHECK(socket); | |
231 return socket->ClientCertRequestCallback(ssl); | |
232 } | |
233 | |
234 static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) { | |
235 SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data( | |
236 store_ctx, SSL_get_ex_data_X509_STORE_CTX_idx())); | |
237 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | |
238 CHECK(socket); | |
239 | |
240 return socket->CertVerifyCallback(store_ctx); | |
241 } | |
242 | |
243 static int SelectNextProtoCallback(SSL* ssl, | |
244 unsigned char** out, unsigned char* outlen, | |
245 const unsigned char* in, | |
246 unsigned int inlen, void* arg) { | |
247 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | |
248 return socket->SelectNextProtoCallback(out, outlen, in, inlen); | |
249 } | |
250 | |
251 // This is the index used with SSL_get_ex_data to retrieve the owner | |
252 // SSLClientSocketOpenSSL object from an SSL instance. | |
253 int ssl_socket_data_index_; | |
254 | |
255 crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free>::Type ssl_ctx_; | |
256 // |session_cache_| must be destroyed before |ssl_ctx_|. | |
257 SSLSessionCacheOpenSSL session_cache_; | |
258 }; | |
259 | |
260 // PeerCertificateChain is a helper object which extracts the certificate | |
261 // chain, as given by the server, from an OpenSSL socket and performs the needed | |
262 // resource management. The first element of the chain is the leaf certificate | |
263 // and the other elements are in the order given by the server. | |
264 class SSLClientSocketOpenSSL::PeerCertificateChain { | |
265 public: | |
266 explicit PeerCertificateChain(STACK_OF(X509)* chain) { Reset(chain); } | |
267 PeerCertificateChain(const PeerCertificateChain& other) { *this = other; } | |
268 ~PeerCertificateChain() {} | |
269 PeerCertificateChain& operator=(const PeerCertificateChain& other); | |
270 | |
271 // Resets the PeerCertificateChain to the set of certificates in|chain|, | |
272 // which may be NULL, indicating to empty the store certificates. | |
273 // Note: If an error occurs, such as being unable to parse the certificates, | |
274 // this will behave as if Reset(NULL) was called. | |
275 void Reset(STACK_OF(X509)* chain); | |
276 | |
277 // Note that when USE_OPENSSL is defined, OSCertHandle is X509* | |
278 scoped_refptr<X509Certificate> AsOSChain() const; | |
279 | |
280 size_t size() const { | |
281 if (!openssl_chain_.get()) | |
282 return 0; | |
283 return sk_X509_num(openssl_chain_.get()); | |
284 } | |
285 | |
286 bool empty() const { | |
287 return size() == 0; | |
288 } | |
289 | |
290 X509* Get(size_t index) const { | |
291 DCHECK_LT(index, size()); | |
292 return sk_X509_value(openssl_chain_.get(), index); | |
293 } | |
294 | |
295 private: | |
296 ScopedX509Stack openssl_chain_; | |
297 }; | |
298 | |
299 SSLClientSocketOpenSSL::PeerCertificateChain& | |
300 SSLClientSocketOpenSSL::PeerCertificateChain::operator=( | |
301 const PeerCertificateChain& other) { | |
302 if (this == &other) | |
303 return *this; | |
304 | |
305 openssl_chain_.reset(X509_chain_up_ref(other.openssl_chain_.get())); | |
306 return *this; | |
307 } | |
308 | |
309 void SSLClientSocketOpenSSL::PeerCertificateChain::Reset( | |
310 STACK_OF(X509)* chain) { | |
311 openssl_chain_.reset(chain ? X509_chain_up_ref(chain) : NULL); | |
312 } | |
313 | |
314 scoped_refptr<X509Certificate> | |
315 SSLClientSocketOpenSSL::PeerCertificateChain::AsOSChain() const { | |
316 #if defined(USE_OPENSSL_CERTS) | |
317 // When OSCertHandle is typedef'ed to X509, this implementation does a short | |
318 // cut to avoid converting back and forth between DER and the X509 struct. | |
319 X509Certificate::OSCertHandles intermediates; | |
320 for (size_t i = 1; i < sk_X509_num(openssl_chain_.get()); ++i) { | |
321 intermediates.push_back(sk_X509_value(openssl_chain_.get(), i)); | |
322 } | |
323 | |
324 return make_scoped_refptr(X509Certificate::CreateFromHandle( | |
325 sk_X509_value(openssl_chain_.get(), 0), intermediates)); | |
326 #else | |
327 // DER-encode the chain and convert to a platform certificate handle. | |
328 std::vector<base::StringPiece> der_chain; | |
329 for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) { | |
330 X509* x = sk_X509_value(openssl_chain_.get(), i); | |
331 base::StringPiece der; | |
332 if (!x509_util::GetDER(x, &der)) | |
333 return NULL; | |
334 der_chain.push_back(der); | |
335 } | |
336 | |
337 return make_scoped_refptr(X509Certificate::CreateFromDERCertChain(der_chain)); | |
338 #endif | |
339 } | |
340 | |
341 // static | |
342 SSLSessionCacheOpenSSL::Config | |
343 SSLClientSocketOpenSSL::SSLContext::kDefaultSessionCacheConfig = { | |
344 &GetSessionCacheKey, // key_func | |
345 1024, // max_entries | |
346 256, // expiration_check_count | |
347 60 * 60, // timeout_seconds | |
348 }; | |
349 | |
350 // static | |
351 void SSLClientSocket::ClearSessionCache() { | |
352 SSLClientSocketOpenSSL::SSLContext* context = | |
353 SSLClientSocketOpenSSL::SSLContext::GetInstance(); | |
354 context->session_cache()->Flush(); | |
355 } | |
356 | |
357 // static | |
358 uint16 SSLClientSocket::GetMaxSupportedSSLVersion() { | |
359 return SSL_PROTOCOL_VERSION_TLS1_2; | |
360 } | |
361 | |
362 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( | |
363 scoped_ptr<ClientSocketHandle> transport_socket, | |
364 const HostPortPair& host_and_port, | |
365 const SSLConfig& ssl_config, | |
366 const SSLClientSocketContext& context) | |
367 : transport_send_busy_(false), | |
368 transport_recv_busy_(false), | |
369 pending_read_error_(kNoPendingReadResult), | |
370 pending_read_ssl_error_(SSL_ERROR_NONE), | |
371 transport_read_error_(OK), | |
372 transport_write_error_(OK), | |
373 server_cert_chain_(new PeerCertificateChain(NULL)), | |
374 completed_connect_(false), | |
375 was_ever_used_(false), | |
376 client_auth_cert_needed_(false), | |
377 cert_verifier_(context.cert_verifier), | |
378 cert_transparency_verifier_(context.cert_transparency_verifier), | |
379 channel_id_service_(context.channel_id_service), | |
380 ssl_(NULL), | |
381 transport_bio_(NULL), | |
382 transport_(transport_socket.Pass()), | |
383 host_and_port_(host_and_port), | |
384 ssl_config_(ssl_config), | |
385 ssl_session_cache_shard_(context.ssl_session_cache_shard), | |
386 trying_cached_session_(false), | |
387 next_handshake_state_(STATE_NONE), | |
388 npn_status_(kNextProtoUnsupported), | |
389 channel_id_xtn_negotiated_(false), | |
390 handshake_succeeded_(false), | |
391 marked_session_as_good_(false), | |
392 transport_security_state_(context.transport_security_state), | |
393 policy_enforcer_(context.cert_policy_enforcer), | |
394 net_log_(transport_->socket()->NetLog()), | |
395 weak_factory_(this) { | |
396 } | |
397 | |
398 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() { | |
399 Disconnect(); | |
400 } | |
401 | |
402 std::string SSLClientSocketOpenSSL::GetSessionCacheKey() const { | |
403 std::string result = host_and_port_.ToString(); | |
404 result.append("/"); | |
405 result.append(ssl_session_cache_shard_); | |
406 return result; | |
407 } | |
408 | |
409 bool SSLClientSocketOpenSSL::InSessionCache() const { | |
410 SSLContext* context = SSLContext::GetInstance(); | |
411 std::string cache_key = GetSessionCacheKey(); | |
412 return context->session_cache()->SSLSessionIsInCache(cache_key); | |
413 } | |
414 | |
415 void SSLClientSocketOpenSSL::SetHandshakeCompletionCallback( | |
416 const base::Closure& callback) { | |
417 handshake_completion_callback_ = callback; | |
418 } | |
419 | |
420 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( | |
421 SSLCertRequestInfo* cert_request_info) { | |
422 cert_request_info->host_and_port = host_and_port_; | |
423 cert_request_info->cert_authorities = cert_authorities_; | |
424 cert_request_info->cert_key_types = cert_key_types_; | |
425 } | |
426 | |
427 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( | |
428 std::string* proto) { | |
429 *proto = npn_proto_; | |
430 return npn_status_; | |
431 } | |
432 | |
433 ChannelIDService* | |
434 SSLClientSocketOpenSSL::GetChannelIDService() const { | |
435 return channel_id_service_; | |
436 } | |
437 | |
438 int SSLClientSocketOpenSSL::ExportKeyingMaterial( | |
439 const base::StringPiece& label, | |
440 bool has_context, const base::StringPiece& context, | |
441 unsigned char* out, unsigned int outlen) { | |
442 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
443 | |
444 int rv = SSL_export_keying_material( | |
445 ssl_, out, outlen, label.data(), label.size(), | |
446 reinterpret_cast<const unsigned char*>(context.data()), | |
447 context.length(), context.length() > 0); | |
448 | |
449 if (rv != 1) { | |
450 int ssl_error = SSL_get_error(ssl_, rv); | |
451 LOG(ERROR) << "Failed to export keying material;" | |
452 << " returned " << rv | |
453 << ", SSL error code " << ssl_error; | |
454 return MapOpenSSLError(ssl_error, err_tracer); | |
455 } | |
456 return OK; | |
457 } | |
458 | |
459 int SSLClientSocketOpenSSL::GetTLSUniqueChannelBinding(std::string* out) { | |
460 NOTIMPLEMENTED(); | |
461 return ERR_NOT_IMPLEMENTED; | |
462 } | |
463 | |
464 int SSLClientSocketOpenSSL::Connect(const CompletionCallback& callback) { | |
465 // It is an error to create an SSLClientSocket whose context has no | |
466 // TransportSecurityState. | |
467 DCHECK(transport_security_state_); | |
468 | |
469 net_log_.BeginEvent(NetLog::TYPE_SSL_CONNECT); | |
470 | |
471 // Set up new ssl object. | |
472 int rv = Init(); | |
473 if (rv != OK) { | |
474 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
475 return rv; | |
476 } | |
477 | |
478 // Set SSL to client mode. Handshake happens in the loop below. | |
479 SSL_set_connect_state(ssl_); | |
480 | |
481 // Enable fastradio padding. | |
482 SSL_enable_fastradio_padding(ssl_, | |
483 ssl_config_.fastradio_padding_enabled && | |
484 ssl_config_.fastradio_padding_eligible); | |
485 | |
486 GotoState(STATE_HANDSHAKE); | |
487 rv = DoHandshakeLoop(OK); | |
488 if (rv == ERR_IO_PENDING) { | |
489 user_connect_callback_ = callback; | |
490 } else { | |
491 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
492 if (rv < OK) | |
493 OnHandshakeCompletion(); | |
494 } | |
495 | |
496 return rv > OK ? OK : rv; | |
497 } | |
498 | |
499 void SSLClientSocketOpenSSL::Disconnect() { | |
500 // If a handshake was pending (Connect() had been called), notify interested | |
501 // parties that it's been aborted now. If the handshake had already | |
502 // completed, this is a no-op. | |
503 OnHandshakeCompletion(); | |
504 if (ssl_) { | |
505 // Calling SSL_shutdown prevents the session from being marked as | |
506 // unresumable. | |
507 SSL_shutdown(ssl_); | |
508 SSL_free(ssl_); | |
509 ssl_ = NULL; | |
510 } | |
511 if (transport_bio_) { | |
512 BIO_free_all(transport_bio_); | |
513 transport_bio_ = NULL; | |
514 } | |
515 | |
516 // Shut down anything that may call us back. | |
517 verifier_.reset(); | |
518 transport_->socket()->Disconnect(); | |
519 | |
520 // Null all callbacks, delete all buffers. | |
521 transport_send_busy_ = false; | |
522 send_buffer_ = NULL; | |
523 transport_recv_busy_ = false; | |
524 recv_buffer_ = NULL; | |
525 | |
526 user_connect_callback_.Reset(); | |
527 user_read_callback_.Reset(); | |
528 user_write_callback_.Reset(); | |
529 user_read_buf_ = NULL; | |
530 user_read_buf_len_ = 0; | |
531 user_write_buf_ = NULL; | |
532 user_write_buf_len_ = 0; | |
533 | |
534 pending_read_error_ = kNoPendingReadResult; | |
535 pending_read_ssl_error_ = SSL_ERROR_NONE; | |
536 pending_read_error_info_ = OpenSSLErrorInfo(); | |
537 | |
538 transport_read_error_ = OK; | |
539 transport_write_error_ = OK; | |
540 | |
541 server_cert_verify_result_.Reset(); | |
542 completed_connect_ = false; | |
543 | |
544 cert_authorities_.clear(); | |
545 cert_key_types_.clear(); | |
546 client_auth_cert_needed_ = false; | |
547 | |
548 start_cert_verification_time_ = base::TimeTicks(); | |
549 | |
550 npn_status_ = kNextProtoUnsupported; | |
551 npn_proto_.clear(); | |
552 | |
553 channel_id_xtn_negotiated_ = false; | |
554 channel_id_request_handle_.Cancel(); | |
555 } | |
556 | |
557 bool SSLClientSocketOpenSSL::IsConnected() const { | |
558 // If the handshake has not yet completed. | |
559 if (!completed_connect_) | |
560 return false; | |
561 // If an asynchronous operation is still pending. | |
562 if (user_read_buf_.get() || user_write_buf_.get()) | |
563 return true; | |
564 | |
565 return transport_->socket()->IsConnected(); | |
566 } | |
567 | |
568 bool SSLClientSocketOpenSSL::IsConnectedAndIdle() const { | |
569 // If the handshake has not yet completed. | |
570 if (!completed_connect_) | |
571 return false; | |
572 // If an asynchronous operation is still pending. | |
573 if (user_read_buf_.get() || user_write_buf_.get()) | |
574 return false; | |
575 // If there is data waiting to be sent, or data read from the network that | |
576 // has not yet been consumed. | |
577 if (BIO_pending(transport_bio_) > 0 || | |
578 BIO_wpending(transport_bio_) > 0) { | |
579 return false; | |
580 } | |
581 | |
582 return transport_->socket()->IsConnectedAndIdle(); | |
583 } | |
584 | |
585 int SSLClientSocketOpenSSL::GetPeerAddress(IPEndPoint* addressList) const { | |
586 return transport_->socket()->GetPeerAddress(addressList); | |
587 } | |
588 | |
589 int SSLClientSocketOpenSSL::GetLocalAddress(IPEndPoint* addressList) const { | |
590 return transport_->socket()->GetLocalAddress(addressList); | |
591 } | |
592 | |
593 const BoundNetLog& SSLClientSocketOpenSSL::NetLog() const { | |
594 return net_log_; | |
595 } | |
596 | |
597 void SSLClientSocketOpenSSL::SetSubresourceSpeculation() { | |
598 if (transport_.get() && transport_->socket()) { | |
599 transport_->socket()->SetSubresourceSpeculation(); | |
600 } else { | |
601 NOTREACHED(); | |
602 } | |
603 } | |
604 | |
605 void SSLClientSocketOpenSSL::SetOmniboxSpeculation() { | |
606 if (transport_.get() && transport_->socket()) { | |
607 transport_->socket()->SetOmniboxSpeculation(); | |
608 } else { | |
609 NOTREACHED(); | |
610 } | |
611 } | |
612 | |
613 bool SSLClientSocketOpenSSL::WasEverUsed() const { | |
614 return was_ever_used_; | |
615 } | |
616 | |
617 bool SSLClientSocketOpenSSL::UsingTCPFastOpen() const { | |
618 if (transport_.get() && transport_->socket()) | |
619 return transport_->socket()->UsingTCPFastOpen(); | |
620 | |
621 NOTREACHED(); | |
622 return false; | |
623 } | |
624 | |
625 bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { | |
626 ssl_info->Reset(); | |
627 if (server_cert_chain_->empty()) | |
628 return false; | |
629 | |
630 ssl_info->cert = server_cert_verify_result_.verified_cert; | |
631 ssl_info->cert_status = server_cert_verify_result_.cert_status; | |
632 ssl_info->is_issued_by_known_root = | |
633 server_cert_verify_result_.is_issued_by_known_root; | |
634 ssl_info->public_key_hashes = | |
635 server_cert_verify_result_.public_key_hashes; | |
636 ssl_info->client_cert_sent = | |
637 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | |
638 ssl_info->channel_id_sent = WasChannelIDSent(); | |
639 ssl_info->pinning_failure_log = pinning_failure_log_; | |
640 | |
641 AddSCTInfoToSSLInfo(ssl_info); | |
642 | |
643 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | |
644 CHECK(cipher); | |
645 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | |
646 | |
647 ssl_info->connection_status = EncodeSSLConnectionStatus( | |
648 static_cast<uint16>(SSL_CIPHER_get_id(cipher)), 0 /* no compression */, | |
649 GetNetSSLVersion(ssl_)); | |
650 | |
651 if (!SSL_get_secure_renegotiation_support(ssl_)) | |
652 ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION; | |
653 | |
654 if (ssl_config_.version_fallback) | |
655 ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK; | |
656 | |
657 ssl_info->handshake_type = SSL_session_reused(ssl_) ? | |
658 SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL; | |
659 | |
660 DVLOG(3) << "Encoded connection status: cipher suite = " | |
661 << SSLConnectionStatusToCipherSuite(ssl_info->connection_status) | |
662 << " version = " | |
663 << SSLConnectionStatusToVersion(ssl_info->connection_status); | |
664 return true; | |
665 } | |
666 | |
667 int SSLClientSocketOpenSSL::Read(IOBuffer* buf, | |
668 int buf_len, | |
669 const CompletionCallback& callback) { | |
670 user_read_buf_ = buf; | |
671 user_read_buf_len_ = buf_len; | |
672 | |
673 int rv = DoReadLoop(); | |
674 | |
675 if (rv == ERR_IO_PENDING) { | |
676 user_read_callback_ = callback; | |
677 } else { | |
678 if (rv > 0) | |
679 was_ever_used_ = true; | |
680 user_read_buf_ = NULL; | |
681 user_read_buf_len_ = 0; | |
682 if (rv <= 0) { | |
683 // Failure of a read attempt may indicate a failed false start | |
684 // connection. | |
685 OnHandshakeCompletion(); | |
686 } | |
687 } | |
688 | |
689 return rv; | |
690 } | |
691 | |
692 int SSLClientSocketOpenSSL::Write(IOBuffer* buf, | |
693 int buf_len, | |
694 const CompletionCallback& callback) { | |
695 user_write_buf_ = buf; | |
696 user_write_buf_len_ = buf_len; | |
697 | |
698 int rv = DoWriteLoop(); | |
699 | |
700 if (rv == ERR_IO_PENDING) { | |
701 user_write_callback_ = callback; | |
702 } else { | |
703 if (rv > 0) | |
704 was_ever_used_ = true; | |
705 user_write_buf_ = NULL; | |
706 user_write_buf_len_ = 0; | |
707 if (rv < 0) { | |
708 // Failure of a write attempt may indicate a failed false start | |
709 // connection. | |
710 OnHandshakeCompletion(); | |
711 } | |
712 } | |
713 | |
714 return rv; | |
715 } | |
716 | |
717 int SSLClientSocketOpenSSL::SetReceiveBufferSize(int32 size) { | |
718 return transport_->socket()->SetReceiveBufferSize(size); | |
719 } | |
720 | |
721 int SSLClientSocketOpenSSL::SetSendBufferSize(int32 size) { | |
722 return transport_->socket()->SetSendBufferSize(size); | |
723 } | |
724 | |
725 int SSLClientSocketOpenSSL::Init() { | |
726 DCHECK(!ssl_); | |
727 DCHECK(!transport_bio_); | |
728 | |
729 SSLContext* context = SSLContext::GetInstance(); | |
730 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
731 | |
732 ssl_ = SSL_new(context->ssl_ctx()); | |
733 if (!ssl_ || !context->SetClientSocketForSSL(ssl_, this)) | |
734 return ERR_UNEXPECTED; | |
735 | |
736 if (!SSL_set_tlsext_host_name(ssl_, host_and_port_.host().c_str())) | |
737 return ERR_UNEXPECTED; | |
738 | |
739 // Set an OpenSSL callback to monitor this SSL*'s connection. | |
740 SSL_set_info_callback(ssl_, &InfoCallback); | |
741 | |
742 trying_cached_session_ = context->session_cache()->SetSSLSessionWithKey( | |
743 ssl_, GetSessionCacheKey()); | |
744 | |
745 send_buffer_ = new GrowableIOBuffer(); | |
746 send_buffer_->SetCapacity(KDefaultOpenSSLBufferSize); | |
747 recv_buffer_ = new GrowableIOBuffer(); | |
748 recv_buffer_->SetCapacity(KDefaultOpenSSLBufferSize); | |
749 | |
750 BIO* ssl_bio = NULL; | |
751 | |
752 // SSLClientSocketOpenSSL retains ownership of the BIO buffers. | |
753 if (!BIO_new_bio_pair_external_buf( | |
754 &ssl_bio, send_buffer_->capacity(), | |
755 reinterpret_cast<uint8_t*>(send_buffer_->data()), &transport_bio_, | |
756 recv_buffer_->capacity(), | |
757 reinterpret_cast<uint8_t*>(recv_buffer_->data()))) | |
758 return ERR_UNEXPECTED; | |
759 DCHECK(ssl_bio); | |
760 DCHECK(transport_bio_); | |
761 | |
762 // Install a callback on OpenSSL's end to plumb transport errors through. | |
763 BIO_set_callback(ssl_bio, BIOCallback); | |
764 BIO_set_callback_arg(ssl_bio, reinterpret_cast<char*>(this)); | |
765 | |
766 SSL_set_bio(ssl_, ssl_bio, ssl_bio); | |
767 | |
768 // OpenSSL defaults some options to on, others to off. To avoid ambiguity, | |
769 // set everything we care about to an absolute value. | |
770 SslSetClearMask options; | |
771 options.ConfigureFlag(SSL_OP_NO_SSLv2, true); | |
772 bool ssl3_enabled = (ssl_config_.version_min == SSL_PROTOCOL_VERSION_SSL3); | |
773 options.ConfigureFlag(SSL_OP_NO_SSLv3, !ssl3_enabled); | |
774 bool tls1_enabled = (ssl_config_.version_min <= SSL_PROTOCOL_VERSION_TLS1 && | |
775 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1); | |
776 options.ConfigureFlag(SSL_OP_NO_TLSv1, !tls1_enabled); | |
777 bool tls1_1_enabled = | |
778 (ssl_config_.version_min <= SSL_PROTOCOL_VERSION_TLS1_1 && | |
779 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_1); | |
780 options.ConfigureFlag(SSL_OP_NO_TLSv1_1, !tls1_1_enabled); | |
781 bool tls1_2_enabled = | |
782 (ssl_config_.version_min <= SSL_PROTOCOL_VERSION_TLS1_2 && | |
783 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_2); | |
784 options.ConfigureFlag(SSL_OP_NO_TLSv1_2, !tls1_2_enabled); | |
785 | |
786 options.ConfigureFlag(SSL_OP_NO_COMPRESSION, true); | |
787 | |
788 // TODO(joth): Set this conditionally, see http://crbug.com/55410 | |
789 options.ConfigureFlag(SSL_OP_LEGACY_SERVER_CONNECT, true); | |
790 | |
791 SSL_set_options(ssl_, options.set_mask); | |
792 SSL_clear_options(ssl_, options.clear_mask); | |
793 | |
794 // Same as above, this time for the SSL mode. | |
795 SslSetClearMask mode; | |
796 | |
797 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); | |
798 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); | |
799 | |
800 mode.ConfigureFlag(SSL_MODE_HANDSHAKE_CUTTHROUGH, | |
801 ssl_config_.false_start_enabled); | |
802 | |
803 SSL_set_mode(ssl_, mode.set_mask); | |
804 SSL_clear_mode(ssl_, mode.clear_mask); | |
805 | |
806 // Removing ciphers by ID from OpenSSL is a bit involved as we must use the | |
807 // textual name with SSL_set_cipher_list because there is no public API to | |
808 // directly remove a cipher by ID. | |
809 STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl_); | |
810 DCHECK(ciphers); | |
811 // See SSLConfig::disabled_cipher_suites for description of the suites | |
812 // disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256 | |
813 // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384 | |
814 // as the handshake hash. | |
815 std::string command( | |
816 "DEFAULT:!NULL:!aNULL:!SHA256:!SHA384:!aECDH:!AESGCM+AES256:!aPSK"); | |
817 // Walk through all the installed ciphers, seeing if any need to be | |
818 // appended to the cipher removal |command|. | |
819 for (size_t i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) { | |
820 const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(ciphers, i); | |
821 const uint16 id = static_cast<uint16>(SSL_CIPHER_get_id(cipher)); | |
822 // Remove any ciphers with a strength of less than 80 bits. Note the NSS | |
823 // implementation uses "effective" bits here but OpenSSL does not provide | |
824 // this detail. This only impacts Triple DES: reports 112 vs. 168 bits, | |
825 // both of which are greater than 80 anyway. | |
826 bool disable = SSL_CIPHER_get_bits(cipher, NULL) < 80; | |
827 if (!disable) { | |
828 disable = std::find(ssl_config_.disabled_cipher_suites.begin(), | |
829 ssl_config_.disabled_cipher_suites.end(), id) != | |
830 ssl_config_.disabled_cipher_suites.end(); | |
831 } | |
832 if (disable) { | |
833 const char* name = SSL_CIPHER_get_name(cipher); | |
834 DVLOG(3) << "Found cipher to remove: '" << name << "', ID: " << id | |
835 << " strength: " << SSL_CIPHER_get_bits(cipher, NULL); | |
836 command.append(":!"); | |
837 command.append(name); | |
838 } | |
839 } | |
840 | |
841 // Disable ECDSA cipher suites on platforms that do not support ECDSA | |
842 // signed certificates, as servers may use the presence of such | |
843 // ciphersuites as a hint to send an ECDSA certificate. | |
844 #if defined(OS_WIN) | |
845 if (base::win::GetVersion() < base::win::VERSION_VISTA) | |
846 command.append(":!ECDSA"); | |
847 #endif | |
848 | |
849 int rv = SSL_set_cipher_list(ssl_, command.c_str()); | |
850 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL. | |
851 // This will almost certainly result in the socket failing to complete the | |
852 // handshake at which point the appropriate error is bubbled up to the client. | |
853 LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') " | |
854 "returned " << rv; | |
855 | |
856 if (ssl_config_.version_fallback) | |
857 SSL_enable_fallback_scsv(ssl_); | |
858 | |
859 // TLS channel ids. | |
860 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) { | |
861 SSL_enable_tls_channel_id(ssl_); | |
862 } | |
863 | |
864 if (!ssl_config_.next_protos.empty()) { | |
865 // Get list of ciphers that are enabled. | |
866 STACK_OF(SSL_CIPHER)* enabled_ciphers = SSL_get_ciphers(ssl_); | |
867 DCHECK(enabled_ciphers); | |
868 std::vector<uint16> enabled_ciphers_vector; | |
869 for (size_t i = 0; i < sk_SSL_CIPHER_num(enabled_ciphers); ++i) { | |
870 const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(enabled_ciphers, i); | |
871 const uint16 id = static_cast<uint16>(SSL_CIPHER_get_id(cipher)); | |
872 enabled_ciphers_vector.push_back(id); | |
873 } | |
874 | |
875 std::vector<uint8_t> wire_protos = | |
876 SerializeNextProtos(ssl_config_.next_protos, | |
877 HasCipherAdequateForHTTP2(enabled_ciphers_vector) && | |
878 IsTLSVersionAdequateForHTTP2(ssl_config_)); | |
879 SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0], | |
880 wire_protos.size()); | |
881 } | |
882 | |
883 if (ssl_config_.signed_cert_timestamps_enabled) { | |
884 SSL_enable_signed_cert_timestamps(ssl_); | |
885 SSL_enable_ocsp_stapling(ssl_); | |
886 } | |
887 | |
888 if (IsOCSPStaplingSupported()) | |
889 SSL_enable_ocsp_stapling(ssl_); | |
890 | |
891 return OK; | |
892 } | |
893 | |
894 void SSLClientSocketOpenSSL::DoReadCallback(int rv) { | |
895 // Since Run may result in Read being called, clear |user_read_callback_| | |
896 // up front. | |
897 if (rv > 0) | |
898 was_ever_used_ = true; | |
899 user_read_buf_ = NULL; | |
900 user_read_buf_len_ = 0; | |
901 if (rv <= 0) { | |
902 // Failure of a read attempt may indicate a failed false start | |
903 // connection. | |
904 OnHandshakeCompletion(); | |
905 } | |
906 base::ResetAndReturn(&user_read_callback_).Run(rv); | |
907 } | |
908 | |
909 void SSLClientSocketOpenSSL::DoWriteCallback(int rv) { | |
910 // Since Run may result in Write being called, clear |user_write_callback_| | |
911 // up front. | |
912 if (rv > 0) | |
913 was_ever_used_ = true; | |
914 user_write_buf_ = NULL; | |
915 user_write_buf_len_ = 0; | |
916 if (rv < 0) { | |
917 // Failure of a write attempt may indicate a failed false start | |
918 // connection. | |
919 OnHandshakeCompletion(); | |
920 } | |
921 base::ResetAndReturn(&user_write_callback_).Run(rv); | |
922 } | |
923 | |
924 void SSLClientSocketOpenSSL::OnHandshakeCompletion() { | |
925 if (!handshake_completion_callback_.is_null()) | |
926 base::ResetAndReturn(&handshake_completion_callback_).Run(); | |
927 } | |
928 | |
929 bool SSLClientSocketOpenSSL::DoTransportIO() { | |
930 bool network_moved = false; | |
931 int rv; | |
932 // Read and write as much data as possible. The loop is necessary because | |
933 // Write() may return synchronously. | |
934 do { | |
935 rv = BufferSend(); | |
936 if (rv != ERR_IO_PENDING && rv != 0) | |
937 network_moved = true; | |
938 } while (rv > 0); | |
939 if (transport_read_error_ == OK && BufferRecv() != ERR_IO_PENDING) | |
940 network_moved = true; | |
941 return network_moved; | |
942 } | |
943 | |
944 // TODO(vadimt): Remove including "base/threading/thread_local.h" and | |
945 // g_first_run_completed once crbug.com/424386 is fixed. | |
946 base::LazyInstance<base::ThreadLocalBoolean>::Leaky g_first_run_completed = | |
947 LAZY_INSTANCE_INITIALIZER; | |
948 | |
949 int SSLClientSocketOpenSSL::DoHandshake() { | |
950 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
951 int net_error = OK; | |
952 | |
953 int rv; | |
954 | |
955 // TODO(vadimt): Leave only 1 call to SSL_do_handshake once crbug.com/424386 | |
956 // is fixed. | |
957 if (ssl_config_.send_client_cert && ssl_config_.client_cert.get()) { | |
958 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
959 tracked_objects::ScopedTracker tracking_profile1( | |
960 FROM_HERE_WITH_EXPLICIT_FUNCTION("424386 DoHandshake_WithCert")); | |
961 | |
962 rv = SSL_do_handshake(ssl_); | |
963 } else { | |
964 if (g_first_run_completed.Get().Get()) { | |
965 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is | |
966 // fixed. | |
967 tracked_objects::ScopedTracker tracking_profile1( | |
968 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
969 "424386 DoHandshake_WithoutCert Not First")); | |
970 | |
971 rv = SSL_do_handshake(ssl_); | |
972 } else { | |
973 g_first_run_completed.Get().Set(true); | |
974 | |
975 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is | |
976 // fixed. | |
977 tracked_objects::ScopedTracker tracking_profile1( | |
978 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
979 "424386 DoHandshake_WithoutCert First")); | |
980 | |
981 rv = SSL_do_handshake(ssl_); | |
982 } | |
983 } | |
984 | |
985 if (client_auth_cert_needed_) { | |
986 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
987 tracked_objects::ScopedTracker tracking_profile2( | |
988 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
989 "424386 SSLClientSocketOpenSSL::DoHandshake2")); | |
990 | |
991 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | |
992 // If the handshake already succeeded (because the server requests but | |
993 // doesn't require a client cert), we need to invalidate the SSL session | |
994 // so that we won't try to resume the non-client-authenticated session in | |
995 // the next handshake. This will cause the server to ask for a client | |
996 // cert again. | |
997 if (rv == 1) { | |
998 // Remove from session cache but don't clear this connection. | |
999 SSL_SESSION* session = SSL_get_session(ssl_); | |
1000 if (session) { | |
1001 int rv = SSL_CTX_remove_session(SSL_get_SSL_CTX(ssl_), session); | |
1002 LOG_IF(WARNING, !rv) << "Couldn't invalidate SSL session: " << session; | |
1003 } | |
1004 } | |
1005 } else if (rv == 1) { | |
1006 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1007 tracked_objects::ScopedTracker tracking_profile3( | |
1008 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1009 "424386 SSLClientSocketOpenSSL::DoHandshake3")); | |
1010 | |
1011 if (trying_cached_session_ && logging::DEBUG_MODE) { | |
1012 DVLOG(2) << "Result of session reuse for " << host_and_port_.ToString() | |
1013 << " is: " << (SSL_session_reused(ssl_) ? "Success" : "Fail"); | |
1014 } | |
1015 | |
1016 if (ssl_config_.version_fallback && | |
1017 ssl_config_.version_max < ssl_config_.version_fallback_min) { | |
1018 return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION; | |
1019 } | |
1020 | |
1021 // SSL handshake is completed. If NPN wasn't negotiated, see if ALPN was. | |
1022 if (npn_status_ == kNextProtoUnsupported) { | |
1023 const uint8_t* alpn_proto = NULL; | |
1024 unsigned alpn_len = 0; | |
1025 SSL_get0_alpn_selected(ssl_, &alpn_proto, &alpn_len); | |
1026 if (alpn_len > 0) { | |
1027 npn_proto_.assign(reinterpret_cast<const char*>(alpn_proto), alpn_len); | |
1028 npn_status_ = kNextProtoNegotiated; | |
1029 set_negotiation_extension(kExtensionALPN); | |
1030 } | |
1031 } | |
1032 | |
1033 RecordChannelIDSupport(channel_id_service_, | |
1034 channel_id_xtn_negotiated_, | |
1035 ssl_config_.channel_id_enabled, | |
1036 crypto::ECPrivateKey::IsSupported()); | |
1037 | |
1038 // Only record OCSP histograms if OCSP was requested. | |
1039 if (ssl_config_.signed_cert_timestamps_enabled || | |
1040 IsOCSPStaplingSupported()) { | |
1041 const uint8_t* ocsp_response; | |
1042 size_t ocsp_response_len; | |
1043 SSL_get0_ocsp_response(ssl_, &ocsp_response, &ocsp_response_len); | |
1044 | |
1045 set_stapled_ocsp_response_received(ocsp_response_len != 0); | |
1046 UMA_HISTOGRAM_BOOLEAN("Net.OCSPResponseStapled", ocsp_response_len != 0); | |
1047 } | |
1048 | |
1049 const uint8_t* sct_list; | |
1050 size_t sct_list_len; | |
1051 SSL_get0_signed_cert_timestamp_list(ssl_, &sct_list, &sct_list_len); | |
1052 set_signed_cert_timestamps_received(sct_list_len != 0); | |
1053 | |
1054 // Verify the certificate. | |
1055 UpdateServerCert(); | |
1056 GotoState(STATE_VERIFY_CERT); | |
1057 } else { | |
1058 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1059 tracked_objects::ScopedTracker tracking_profile4( | |
1060 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1061 "424386 SSLClientSocketOpenSSL::DoHandshake4")); | |
1062 | |
1063 int ssl_error = SSL_get_error(ssl_, rv); | |
1064 | |
1065 if (ssl_error == SSL_ERROR_WANT_CHANNEL_ID_LOOKUP) { | |
1066 // The server supports channel ID. Stop to look one up before returning to | |
1067 // the handshake. | |
1068 channel_id_xtn_negotiated_ = true; | |
1069 GotoState(STATE_CHANNEL_ID_LOOKUP); | |
1070 return OK; | |
1071 } | |
1072 | |
1073 OpenSSLErrorInfo error_info; | |
1074 net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, &error_info); | |
1075 | |
1076 // If not done, stay in this state | |
1077 if (net_error == ERR_IO_PENDING) { | |
1078 GotoState(STATE_HANDSHAKE); | |
1079 } else { | |
1080 LOG(ERROR) << "handshake failed; returned " << rv | |
1081 << ", SSL error code " << ssl_error | |
1082 << ", net_error " << net_error; | |
1083 net_log_.AddEvent( | |
1084 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | |
1085 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); | |
1086 } | |
1087 } | |
1088 return net_error; | |
1089 } | |
1090 | |
1091 int SSLClientSocketOpenSSL::DoChannelIDLookup() { | |
1092 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED); | |
1093 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); | |
1094 return channel_id_service_->GetOrCreateChannelID( | |
1095 host_and_port_.host(), | |
1096 &channel_id_private_key_, | |
1097 &channel_id_cert_, | |
1098 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | |
1099 base::Unretained(this)), | |
1100 &channel_id_request_handle_); | |
1101 } | |
1102 | |
1103 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) { | |
1104 if (result < 0) | |
1105 return result; | |
1106 | |
1107 DCHECK_LT(0u, channel_id_private_key_.size()); | |
1108 // Decode key. | |
1109 std::vector<uint8> encrypted_private_key_info; | |
1110 std::vector<uint8> subject_public_key_info; | |
1111 encrypted_private_key_info.assign( | |
1112 channel_id_private_key_.data(), | |
1113 channel_id_private_key_.data() + channel_id_private_key_.size()); | |
1114 subject_public_key_info.assign( | |
1115 channel_id_cert_.data(), | |
1116 channel_id_cert_.data() + channel_id_cert_.size()); | |
1117 scoped_ptr<crypto::ECPrivateKey> ec_private_key( | |
1118 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | |
1119 ChannelIDService::kEPKIPassword, | |
1120 encrypted_private_key_info, | |
1121 subject_public_key_info)); | |
1122 if (!ec_private_key) { | |
1123 LOG(ERROR) << "Failed to import Channel ID."; | |
1124 return ERR_CHANNEL_ID_IMPORT_FAILED; | |
1125 } | |
1126 | |
1127 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key | |
1128 // type. | |
1129 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
1130 int rv = SSL_set1_tls_channel_id(ssl_, ec_private_key->key()); | |
1131 if (!rv) { | |
1132 LOG(ERROR) << "Failed to set Channel ID."; | |
1133 int err = SSL_get_error(ssl_, rv); | |
1134 return MapOpenSSLError(err, err_tracer); | |
1135 } | |
1136 | |
1137 // Return to the handshake. | |
1138 set_channel_id_sent(true); | |
1139 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED); | |
1140 GotoState(STATE_HANDSHAKE); | |
1141 return OK; | |
1142 } | |
1143 | |
1144 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { | |
1145 DCHECK(!server_cert_chain_->empty()); | |
1146 DCHECK(start_cert_verification_time_.is_null()); | |
1147 | |
1148 GotoState(STATE_VERIFY_CERT_COMPLETE); | |
1149 | |
1150 // If the certificate is bad and has been previously accepted, use | |
1151 // the previous status and bypass the error. | |
1152 base::StringPiece der_cert; | |
1153 if (!x509_util::GetDER(server_cert_chain_->Get(0), &der_cert)) { | |
1154 NOTREACHED(); | |
1155 return ERR_CERT_INVALID; | |
1156 } | |
1157 CertStatus cert_status; | |
1158 if (ssl_config_.IsAllowedBadCert(der_cert, &cert_status)) { | |
1159 VLOG(1) << "Received an expected bad cert with status: " << cert_status; | |
1160 server_cert_verify_result_.Reset(); | |
1161 server_cert_verify_result_.cert_status = cert_status; | |
1162 server_cert_verify_result_.verified_cert = server_cert_; | |
1163 return OK; | |
1164 } | |
1165 | |
1166 // When running in a sandbox, it may not be possible to create an | |
1167 // X509Certificate*, as that may depend on OS functionality blocked | |
1168 // in the sandbox. | |
1169 if (!server_cert_.get()) { | |
1170 server_cert_verify_result_.Reset(); | |
1171 server_cert_verify_result_.cert_status = CERT_STATUS_INVALID; | |
1172 return ERR_CERT_INVALID; | |
1173 } | |
1174 | |
1175 start_cert_verification_time_ = base::TimeTicks::Now(); | |
1176 | |
1177 int flags = 0; | |
1178 if (ssl_config_.rev_checking_enabled) | |
1179 flags |= CertVerifier::VERIFY_REV_CHECKING_ENABLED; | |
1180 if (ssl_config_.verify_ev_cert) | |
1181 flags |= CertVerifier::VERIFY_EV_CERT; | |
1182 if (ssl_config_.cert_io_enabled) | |
1183 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | |
1184 if (ssl_config_.rev_checking_required_local_anchors) | |
1185 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; | |
1186 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | |
1187 return verifier_->Verify( | |
1188 server_cert_.get(), | |
1189 host_and_port_.host(), | |
1190 flags, | |
1191 // TODO(davidben): Route the CRLSet through SSLConfig so | |
1192 // SSLClientSocket doesn't depend on SSLConfigService. | |
1193 SSLConfigService::GetCRLSet().get(), | |
1194 &server_cert_verify_result_, | |
1195 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | |
1196 base::Unretained(this)), | |
1197 net_log_); | |
1198 } | |
1199 | |
1200 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { | |
1201 verifier_.reset(); | |
1202 | |
1203 if (!start_cert_verification_time_.is_null()) { | |
1204 base::TimeDelta verify_time = | |
1205 base::TimeTicks::Now() - start_cert_verification_time_; | |
1206 if (result == OK) { | |
1207 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | |
1208 } else { | |
1209 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | |
1210 } | |
1211 } | |
1212 | |
1213 if (result == OK) { | |
1214 RecordConnectionTypeMetrics(GetNetSSLVersion(ssl_)); | |
1215 | |
1216 if (SSL_session_reused(ssl_)) { | |
1217 // Record whether or not the server tried to resume a session for a | |
1218 // different version. See https://crbug.com/441456. | |
1219 UMA_HISTOGRAM_BOOLEAN( | |
1220 "Net.SSLSessionVersionMatch", | |
1221 SSL_version(ssl_) == SSL_get_session(ssl_)->ssl_version); | |
1222 } | |
1223 } | |
1224 | |
1225 const CertStatus cert_status = server_cert_verify_result_.cert_status; | |
1226 if (transport_security_state_ && | |
1227 (result == OK || | |
1228 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | |
1229 !transport_security_state_->CheckPublicKeyPins( | |
1230 host_and_port_.host(), | |
1231 server_cert_verify_result_.is_issued_by_known_root, | |
1232 server_cert_verify_result_.public_key_hashes, | |
1233 &pinning_failure_log_)) { | |
1234 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | |
1235 } | |
1236 | |
1237 if (result == OK) { | |
1238 // Only check Certificate Transparency if there were no other errors with | |
1239 // the connection. | |
1240 VerifyCT(); | |
1241 | |
1242 // TODO(joth): Work out if we need to remember the intermediate CA certs | |
1243 // when the server sends them to us, and do so here. | |
1244 SSLContext::GetInstance()->session_cache()->MarkSSLSessionAsGood(ssl_); | |
1245 marked_session_as_good_ = true; | |
1246 CheckIfHandshakeFinished(); | |
1247 } else { | |
1248 DVLOG(1) << "DoVerifyCertComplete error " << ErrorToString(result) | |
1249 << " (" << result << ")"; | |
1250 } | |
1251 | |
1252 completed_connect_ = true; | |
1253 | |
1254 // Exit DoHandshakeLoop and return the result to the caller to Connect. | |
1255 DCHECK_EQ(STATE_NONE, next_handshake_state_); | |
1256 return result; | |
1257 } | |
1258 | |
1259 void SSLClientSocketOpenSSL::DoConnectCallback(int rv) { | |
1260 if (rv < OK) | |
1261 OnHandshakeCompletion(); | |
1262 if (!user_connect_callback_.is_null()) { | |
1263 CompletionCallback c = user_connect_callback_; | |
1264 user_connect_callback_.Reset(); | |
1265 c.Run(rv > OK ? OK : rv); | |
1266 } | |
1267 } | |
1268 | |
1269 void SSLClientSocketOpenSSL::UpdateServerCert() { | |
1270 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1271 tracked_objects::ScopedTracker tracking_profile( | |
1272 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1273 "424386 SSLClientSocketOpenSSL::UpdateServerCert")); | |
1274 | |
1275 server_cert_chain_->Reset(SSL_get_peer_cert_chain(ssl_)); | |
1276 | |
1277 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1278 tracked_objects::ScopedTracker tracking_profile1( | |
1279 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1280 "424386 SSLClientSocketOpenSSL::UpdateServerCert1")); | |
1281 server_cert_ = server_cert_chain_->AsOSChain(); | |
1282 | |
1283 if (server_cert_.get()) { | |
1284 net_log_.AddEvent( | |
1285 NetLog::TYPE_SSL_CERTIFICATES_RECEIVED, | |
1286 base::Bind(&NetLogX509CertificateCallback, | |
1287 base::Unretained(server_cert_.get()))); | |
1288 | |
1289 // TODO(rsleevi): Plumb an OCSP response into the Mac system library and | |
1290 // update IsOCSPStaplingSupported for Mac. https://crbug.com/430714 | |
1291 if (IsOCSPStaplingSupported()) { | |
1292 #if defined(OS_WIN) | |
1293 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is | |
1294 // fixed. | |
1295 tracked_objects::ScopedTracker tracking_profile2( | |
1296 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1297 "424386 SSLClientSocketOpenSSL::UpdateServerCert2")); | |
1298 | |
1299 const uint8_t* ocsp_response_raw; | |
1300 size_t ocsp_response_len; | |
1301 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); | |
1302 | |
1303 CRYPT_DATA_BLOB ocsp_response_blob; | |
1304 ocsp_response_blob.cbData = ocsp_response_len; | |
1305 ocsp_response_blob.pbData = const_cast<BYTE*>(ocsp_response_raw); | |
1306 BOOL ok = CertSetCertificateContextProperty( | |
1307 server_cert_->os_cert_handle(), | |
1308 CERT_OCSP_RESPONSE_PROP_ID, | |
1309 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, | |
1310 &ocsp_response_blob); | |
1311 if (!ok) { | |
1312 VLOG(1) << "Failed to set OCSP response property: " | |
1313 << GetLastError(); | |
1314 } | |
1315 #else | |
1316 NOTREACHED(); | |
1317 #endif | |
1318 } | |
1319 } | |
1320 } | |
1321 | |
1322 void SSLClientSocketOpenSSL::VerifyCT() { | |
1323 if (!cert_transparency_verifier_) | |
1324 return; | |
1325 | |
1326 const uint8_t* ocsp_response_raw; | |
1327 size_t ocsp_response_len; | |
1328 SSL_get0_ocsp_response(ssl_, &ocsp_response_raw, &ocsp_response_len); | |
1329 std::string ocsp_response; | |
1330 if (ocsp_response_len > 0) { | |
1331 ocsp_response.assign(reinterpret_cast<const char*>(ocsp_response_raw), | |
1332 ocsp_response_len); | |
1333 } | |
1334 | |
1335 const uint8_t* sct_list_raw; | |
1336 size_t sct_list_len; | |
1337 SSL_get0_signed_cert_timestamp_list(ssl_, &sct_list_raw, &sct_list_len); | |
1338 std::string sct_list; | |
1339 if (sct_list_len > 0) | |
1340 sct_list.assign(reinterpret_cast<const char*>(sct_list_raw), sct_list_len); | |
1341 | |
1342 // Note that this is a completely synchronous operation: The CT Log Verifier | |
1343 // gets all the data it needs for SCT verification and does not do any | |
1344 // external communication. | |
1345 cert_transparency_verifier_->Verify( | |
1346 server_cert_verify_result_.verified_cert.get(), ocsp_response, sct_list, | |
1347 &ct_verify_result_, net_log_); | |
1348 | |
1349 if (!policy_enforcer_) { | |
1350 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | |
1351 } else { | |
1352 if (server_cert_verify_result_.cert_status & CERT_STATUS_IS_EV) { | |
1353 scoped_refptr<ct::EVCertsWhitelist> ev_whitelist = | |
1354 SSLConfigService::GetEVCertsWhitelist(); | |
1355 if (!policy_enforcer_->DoesConformToCTEVPolicy( | |
1356 server_cert_verify_result_.verified_cert.get(), | |
1357 ev_whitelist.get(), ct_verify_result_, net_log_)) { | |
1358 // TODO(eranm): Log via the BoundNetLog, see crbug.com/437766 | |
1359 VLOG(1) << "EV certificate for " | |
1360 << server_cert_verify_result_.verified_cert->subject() | |
1361 .GetDisplayName() | |
1362 << " does not conform to CT policy, removing EV status."; | |
1363 server_cert_verify_result_.cert_status &= ~CERT_STATUS_IS_EV; | |
1364 } | |
1365 } | |
1366 } | |
1367 } | |
1368 | |
1369 void SSLClientSocketOpenSSL::OnHandshakeIOComplete(int result) { | |
1370 int rv = DoHandshakeLoop(result); | |
1371 if (rv != ERR_IO_PENDING) { | |
1372 net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv); | |
1373 DoConnectCallback(rv); | |
1374 } | |
1375 } | |
1376 | |
1377 void SSLClientSocketOpenSSL::OnSendComplete(int result) { | |
1378 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
1379 // In handshake phase. | |
1380 OnHandshakeIOComplete(result); | |
1381 return; | |
1382 } | |
1383 | |
1384 // OnSendComplete may need to call DoPayloadRead while the renegotiation | |
1385 // handshake is in progress. | |
1386 int rv_read = ERR_IO_PENDING; | |
1387 int rv_write = ERR_IO_PENDING; | |
1388 bool network_moved; | |
1389 do { | |
1390 if (user_read_buf_.get()) | |
1391 rv_read = DoPayloadRead(); | |
1392 if (user_write_buf_.get()) | |
1393 rv_write = DoPayloadWrite(); | |
1394 network_moved = DoTransportIO(); | |
1395 } while (rv_read == ERR_IO_PENDING && rv_write == ERR_IO_PENDING && | |
1396 (user_read_buf_.get() || user_write_buf_.get()) && network_moved); | |
1397 | |
1398 // Performing the Read callback may cause |this| to be deleted. If this | |
1399 // happens, the Write callback should not be invoked. Guard against this by | |
1400 // holding a WeakPtr to |this| and ensuring it's still valid. | |
1401 base::WeakPtr<SSLClientSocketOpenSSL> guard(weak_factory_.GetWeakPtr()); | |
1402 if (user_read_buf_.get() && rv_read != ERR_IO_PENDING) | |
1403 DoReadCallback(rv_read); | |
1404 | |
1405 if (!guard.get()) | |
1406 return; | |
1407 | |
1408 if (user_write_buf_.get() && rv_write != ERR_IO_PENDING) | |
1409 DoWriteCallback(rv_write); | |
1410 } | |
1411 | |
1412 void SSLClientSocketOpenSSL::OnRecvComplete(int result) { | |
1413 if (next_handshake_state_ == STATE_HANDSHAKE) { | |
1414 // In handshake phase. | |
1415 OnHandshakeIOComplete(result); | |
1416 return; | |
1417 } | |
1418 | |
1419 // Network layer received some data, check if client requested to read | |
1420 // decrypted data. | |
1421 if (!user_read_buf_.get()) | |
1422 return; | |
1423 | |
1424 int rv = DoReadLoop(); | |
1425 if (rv != ERR_IO_PENDING) | |
1426 DoReadCallback(rv); | |
1427 } | |
1428 | |
1429 int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) { | |
1430 int rv = last_io_result; | |
1431 do { | |
1432 // Default to STATE_NONE for next state. | |
1433 // (This is a quirk carried over from the windows | |
1434 // implementation. It makes reading the logs a bit harder.) | |
1435 // State handlers can and often do call GotoState just | |
1436 // to stay in the current state. | |
1437 State state = next_handshake_state_; | |
1438 GotoState(STATE_NONE); | |
1439 switch (state) { | |
1440 case STATE_HANDSHAKE: | |
1441 rv = DoHandshake(); | |
1442 break; | |
1443 case STATE_CHANNEL_ID_LOOKUP: | |
1444 DCHECK_EQ(OK, rv); | |
1445 rv = DoChannelIDLookup(); | |
1446 break; | |
1447 case STATE_CHANNEL_ID_LOOKUP_COMPLETE: | |
1448 rv = DoChannelIDLookupComplete(rv); | |
1449 break; | |
1450 case STATE_VERIFY_CERT: | |
1451 DCHECK_EQ(OK, rv); | |
1452 rv = DoVerifyCert(rv); | |
1453 break; | |
1454 case STATE_VERIFY_CERT_COMPLETE: | |
1455 rv = DoVerifyCertComplete(rv); | |
1456 break; | |
1457 case STATE_NONE: | |
1458 default: | |
1459 rv = ERR_UNEXPECTED; | |
1460 NOTREACHED() << "unexpected state" << state; | |
1461 break; | |
1462 } | |
1463 | |
1464 bool network_moved = DoTransportIO(); | |
1465 if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) { | |
1466 // In general we exit the loop if rv is ERR_IO_PENDING. In this | |
1467 // special case we keep looping even if rv is ERR_IO_PENDING because | |
1468 // the transport IO may allow DoHandshake to make progress. | |
1469 rv = OK; // This causes us to stay in the loop. | |
1470 } | |
1471 } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); | |
1472 | |
1473 return rv; | |
1474 } | |
1475 | |
1476 int SSLClientSocketOpenSSL::DoReadLoop() { | |
1477 bool network_moved; | |
1478 int rv; | |
1479 do { | |
1480 rv = DoPayloadRead(); | |
1481 network_moved = DoTransportIO(); | |
1482 } while (rv == ERR_IO_PENDING && network_moved); | |
1483 | |
1484 return rv; | |
1485 } | |
1486 | |
1487 int SSLClientSocketOpenSSL::DoWriteLoop() { | |
1488 bool network_moved; | |
1489 int rv; | |
1490 do { | |
1491 rv = DoPayloadWrite(); | |
1492 network_moved = DoTransportIO(); | |
1493 } while (rv == ERR_IO_PENDING && network_moved); | |
1494 | |
1495 return rv; | |
1496 } | |
1497 | |
1498 int SSLClientSocketOpenSSL::DoPayloadRead() { | |
1499 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
1500 | |
1501 int rv; | |
1502 if (pending_read_error_ != kNoPendingReadResult) { | |
1503 rv = pending_read_error_; | |
1504 pending_read_error_ = kNoPendingReadResult; | |
1505 if (rv == 0) { | |
1506 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, | |
1507 rv, user_read_buf_->data()); | |
1508 } else { | |
1509 net_log_.AddEvent( | |
1510 NetLog::TYPE_SSL_READ_ERROR, | |
1511 CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, | |
1512 pending_read_error_info_)); | |
1513 } | |
1514 pending_read_ssl_error_ = SSL_ERROR_NONE; | |
1515 pending_read_error_info_ = OpenSSLErrorInfo(); | |
1516 return rv; | |
1517 } | |
1518 | |
1519 int total_bytes_read = 0; | |
1520 do { | |
1521 rv = SSL_read(ssl_, user_read_buf_->data() + total_bytes_read, | |
1522 user_read_buf_len_ - total_bytes_read); | |
1523 if (rv > 0) | |
1524 total_bytes_read += rv; | |
1525 } while (total_bytes_read < user_read_buf_len_ && rv > 0); | |
1526 | |
1527 if (total_bytes_read == user_read_buf_len_) { | |
1528 rv = total_bytes_read; | |
1529 } else { | |
1530 // Otherwise, an error occurred (rv <= 0). The error needs to be handled | |
1531 // immediately, while the OpenSSL errors are still available in | |
1532 // thread-local storage. However, the handled/remapped error code should | |
1533 // only be returned if no application data was already read; if it was, the | |
1534 // error code should be deferred until the next call of DoPayloadRead. | |
1535 // | |
1536 // If no data was read, |*next_result| will point to the return value of | |
1537 // this function. If at least some data was read, |*next_result| will point | |
1538 // to |pending_read_error_|, to be returned in a future call to | |
1539 // DoPayloadRead() (e.g.: after the current data is handled). | |
1540 int *next_result = &rv; | |
1541 if (total_bytes_read > 0) { | |
1542 pending_read_error_ = rv; | |
1543 rv = total_bytes_read; | |
1544 next_result = &pending_read_error_; | |
1545 } | |
1546 | |
1547 if (client_auth_cert_needed_) { | |
1548 *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | |
1549 } else if (*next_result < 0) { | |
1550 pending_read_ssl_error_ = SSL_get_error(ssl_, *next_result); | |
1551 *next_result = MapOpenSSLErrorWithDetails(pending_read_ssl_error_, | |
1552 err_tracer, | |
1553 &pending_read_error_info_); | |
1554 | |
1555 // Many servers do not reliably send a close_notify alert when shutting | |
1556 // down a connection, and instead terminate the TCP connection. This is | |
1557 // reported as ERR_CONNECTION_CLOSED. Because of this, map the unclean | |
1558 // shutdown to a graceful EOF, instead of treating it as an error as it | |
1559 // should be. | |
1560 if (*next_result == ERR_CONNECTION_CLOSED) | |
1561 *next_result = 0; | |
1562 | |
1563 if (rv > 0 && *next_result == ERR_IO_PENDING) { | |
1564 // If at least some data was read from SSL_read(), do not treat | |
1565 // insufficient data as an error to return in the next call to | |
1566 // DoPayloadRead() - instead, let the call fall through to check | |
1567 // SSL_read() again. This is because DoTransportIO() may complete | |
1568 // in between the next call to DoPayloadRead(), and thus it is | |
1569 // important to check SSL_read() on subsequent invocations to see | |
1570 // if a complete record may now be read. | |
1571 *next_result = kNoPendingReadResult; | |
1572 } | |
1573 } | |
1574 } | |
1575 | |
1576 if (rv >= 0) { | |
1577 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_RECEIVED, rv, | |
1578 user_read_buf_->data()); | |
1579 } else if (rv != ERR_IO_PENDING) { | |
1580 net_log_.AddEvent( | |
1581 NetLog::TYPE_SSL_READ_ERROR, | |
1582 CreateNetLogOpenSSLErrorCallback(rv, pending_read_ssl_error_, | |
1583 pending_read_error_info_)); | |
1584 pending_read_ssl_error_ = SSL_ERROR_NONE; | |
1585 pending_read_error_info_ = OpenSSLErrorInfo(); | |
1586 } | |
1587 return rv; | |
1588 } | |
1589 | |
1590 int SSLClientSocketOpenSSL::DoPayloadWrite() { | |
1591 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
1592 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); | |
1593 if (rv >= 0) { | |
1594 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | |
1595 user_write_buf_->data()); | |
1596 return rv; | |
1597 } | |
1598 | |
1599 int ssl_error = SSL_get_error(ssl_, rv); | |
1600 OpenSSLErrorInfo error_info; | |
1601 int net_error = MapOpenSSLErrorWithDetails(ssl_error, err_tracer, | |
1602 &error_info); | |
1603 | |
1604 if (net_error != ERR_IO_PENDING) { | |
1605 net_log_.AddEvent( | |
1606 NetLog::TYPE_SSL_WRITE_ERROR, | |
1607 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); | |
1608 } | |
1609 return net_error; | |
1610 } | |
1611 | |
1612 int SSLClientSocketOpenSSL::BufferSend(void) { | |
1613 if (transport_send_busy_) | |
1614 return ERR_IO_PENDING; | |
1615 | |
1616 size_t buffer_read_offset; | |
1617 uint8_t* read_buf; | |
1618 size_t max_read; | |
1619 int status = BIO_zero_copy_get_read_buf(transport_bio_, &read_buf, | |
1620 &buffer_read_offset, &max_read); | |
1621 DCHECK_EQ(status, 1); // Should never fail. | |
1622 if (!max_read) | |
1623 return 0; // Nothing pending in the OpenSSL write BIO. | |
1624 CHECK_EQ(read_buf, reinterpret_cast<uint8_t*>(send_buffer_->StartOfBuffer())); | |
1625 CHECK_LT(buffer_read_offset, static_cast<size_t>(send_buffer_->capacity())); | |
1626 send_buffer_->set_offset(buffer_read_offset); | |
1627 | |
1628 int rv = transport_->socket()->Write( | |
1629 send_buffer_.get(), max_read, | |
1630 base::Bind(&SSLClientSocketOpenSSL::BufferSendComplete, | |
1631 base::Unretained(this))); | |
1632 if (rv == ERR_IO_PENDING) { | |
1633 transport_send_busy_ = true; | |
1634 } else { | |
1635 TransportWriteComplete(rv); | |
1636 } | |
1637 return rv; | |
1638 } | |
1639 | |
1640 int SSLClientSocketOpenSSL::BufferRecv(void) { | |
1641 if (transport_recv_busy_) | |
1642 return ERR_IO_PENDING; | |
1643 | |
1644 // Determine how much was requested from |transport_bio_| that was not | |
1645 // actually available. | |
1646 size_t requested = BIO_ctrl_get_read_request(transport_bio_); | |
1647 if (requested == 0) { | |
1648 // This is not a perfect match of error codes, as no operation is | |
1649 // actually pending. However, returning 0 would be interpreted as | |
1650 // a possible sign of EOF, which is also an inappropriate match. | |
1651 return ERR_IO_PENDING; | |
1652 } | |
1653 | |
1654 // Known Issue: While only reading |requested| data is the more correct | |
1655 // implementation, it has the downside of resulting in frequent reads: | |
1656 // One read for the SSL record header (~5 bytes) and one read for the SSL | |
1657 // record body. Rather than issuing these reads to the underlying socket | |
1658 // (and constantly allocating new IOBuffers), a single Read() request to | |
1659 // fill |transport_bio_| is issued. As long as an SSL client socket cannot | |
1660 // be gracefully shutdown (via SSL close alerts) and re-used for non-SSL | |
1661 // traffic, this over-subscribed Read()ing will not cause issues. | |
1662 | |
1663 size_t buffer_write_offset; | |
1664 uint8_t* write_buf; | |
1665 size_t max_write; | |
1666 int status = BIO_zero_copy_get_write_buf(transport_bio_, &write_buf, | |
1667 &buffer_write_offset, &max_write); | |
1668 DCHECK_EQ(status, 1); // Should never fail. | |
1669 if (!max_write) | |
1670 return ERR_IO_PENDING; | |
1671 | |
1672 CHECK_EQ(write_buf, | |
1673 reinterpret_cast<uint8_t*>(recv_buffer_->StartOfBuffer())); | |
1674 CHECK_LT(buffer_write_offset, static_cast<size_t>(recv_buffer_->capacity())); | |
1675 | |
1676 recv_buffer_->set_offset(buffer_write_offset); | |
1677 int rv = transport_->socket()->Read( | |
1678 recv_buffer_.get(), | |
1679 max_write, | |
1680 base::Bind(&SSLClientSocketOpenSSL::BufferRecvComplete, | |
1681 base::Unretained(this))); | |
1682 if (rv == ERR_IO_PENDING) { | |
1683 transport_recv_busy_ = true; | |
1684 } else { | |
1685 rv = TransportReadComplete(rv); | |
1686 } | |
1687 return rv; | |
1688 } | |
1689 | |
1690 void SSLClientSocketOpenSSL::BufferSendComplete(int result) { | |
1691 TransportWriteComplete(result); | |
1692 OnSendComplete(result); | |
1693 } | |
1694 | |
1695 void SSLClientSocketOpenSSL::BufferRecvComplete(int result) { | |
1696 result = TransportReadComplete(result); | |
1697 OnRecvComplete(result); | |
1698 } | |
1699 | |
1700 void SSLClientSocketOpenSSL::TransportWriteComplete(int result) { | |
1701 DCHECK(ERR_IO_PENDING != result); | |
1702 int bytes_written = 0; | |
1703 if (result < 0) { | |
1704 // Record the error. Save it to be reported in a future read or write on | |
1705 // transport_bio_'s peer. | |
1706 transport_write_error_ = result; | |
1707 } else { | |
1708 bytes_written = result; | |
1709 } | |
1710 DCHECK_GE(send_buffer_->RemainingCapacity(), bytes_written); | |
1711 int ret = BIO_zero_copy_get_read_buf_done(transport_bio_, bytes_written); | |
1712 DCHECK_EQ(1, ret); | |
1713 transport_send_busy_ = false; | |
1714 } | |
1715 | |
1716 int SSLClientSocketOpenSSL::TransportReadComplete(int result) { | |
1717 DCHECK(ERR_IO_PENDING != result); | |
1718 // If an EOF, canonicalize to ERR_CONNECTION_CLOSED here so MapOpenSSLError | |
1719 // does not report success. | |
1720 if (result == 0) | |
1721 result = ERR_CONNECTION_CLOSED; | |
1722 int bytes_read = 0; | |
1723 if (result < 0) { | |
1724 DVLOG(1) << "TransportReadComplete result " << result; | |
1725 // Received an error. Save it to be reported in a future read on | |
1726 // transport_bio_'s peer. | |
1727 transport_read_error_ = result; | |
1728 } else { | |
1729 bytes_read = result; | |
1730 } | |
1731 DCHECK_GE(recv_buffer_->RemainingCapacity(), bytes_read); | |
1732 int ret = BIO_zero_copy_get_write_buf_done(transport_bio_, bytes_read); | |
1733 DCHECK_EQ(1, ret); | |
1734 transport_recv_busy_ = false; | |
1735 return result; | |
1736 } | |
1737 | |
1738 int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) { | |
1739 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1740 tracked_objects::ScopedTracker tracking_profile( | |
1741 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1742 "424386 SSLClientSocketOpenSSL::ClientCertRequestCallback")); | |
1743 | |
1744 DVLOG(3) << "OpenSSL ClientCertRequestCallback called"; | |
1745 DCHECK(ssl == ssl_); | |
1746 | |
1747 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_REQUESTED); | |
1748 | |
1749 // Clear any currently configured certificates. | |
1750 SSL_certs_clear(ssl_); | |
1751 | |
1752 #if defined(OS_IOS) | |
1753 // TODO(droger): Support client auth on iOS. See http://crbug.com/145954). | |
1754 LOG(WARNING) << "Client auth is not supported"; | |
1755 #else // !defined(OS_IOS) | |
1756 if (!ssl_config_.send_client_cert) { | |
1757 // First pass: we know that a client certificate is needed, but we do not | |
1758 // have one at hand. | |
1759 client_auth_cert_needed_ = true; | |
1760 STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl); | |
1761 for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) { | |
1762 X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i); | |
1763 unsigned char* str = NULL; | |
1764 int length = i2d_X509_NAME(ca_name, &str); | |
1765 cert_authorities_.push_back(std::string( | |
1766 reinterpret_cast<const char*>(str), | |
1767 static_cast<size_t>(length))); | |
1768 OPENSSL_free(str); | |
1769 } | |
1770 | |
1771 const unsigned char* client_cert_types; | |
1772 size_t num_client_cert_types = | |
1773 SSL_get0_certificate_types(ssl, &client_cert_types); | |
1774 for (size_t i = 0; i < num_client_cert_types; i++) { | |
1775 cert_key_types_.push_back( | |
1776 static_cast<SSLClientCertType>(client_cert_types[i])); | |
1777 } | |
1778 | |
1779 return -1; // Suspends handshake. | |
1780 } | |
1781 | |
1782 // Second pass: a client certificate should have been selected. | |
1783 if (ssl_config_.client_cert.get()) { | |
1784 ScopedX509 leaf_x509 = | |
1785 OSCertHandleToOpenSSL(ssl_config_.client_cert->os_cert_handle()); | |
1786 if (!leaf_x509) { | |
1787 LOG(WARNING) << "Failed to import certificate"; | |
1788 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); | |
1789 return -1; | |
1790 } | |
1791 | |
1792 ScopedX509Stack chain = OSCertHandlesToOpenSSL( | |
1793 ssl_config_.client_cert->GetIntermediateCertificates()); | |
1794 if (!chain) { | |
1795 LOG(WARNING) << "Failed to import intermediate certificates"; | |
1796 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); | |
1797 return -1; | |
1798 } | |
1799 | |
1800 // TODO(davidben): With Linux client auth support, this should be | |
1801 // conditioned on OS_ANDROID and then, with https://crbug.com/394131, | |
1802 // removed altogether. OpenSSLClientKeyStore is mostly an artifact of the | |
1803 // net/ client auth API lacking a private key handle. | |
1804 #if defined(USE_OPENSSL_CERTS) | |
1805 crypto::ScopedEVP_PKEY privkey = | |
1806 OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey( | |
1807 ssl_config_.client_cert.get()); | |
1808 #else // !defined(USE_OPENSSL_CERTS) | |
1809 crypto::ScopedEVP_PKEY privkey = | |
1810 FetchClientCertPrivateKey(ssl_config_.client_cert.get()); | |
1811 #endif // defined(USE_OPENSSL_CERTS) | |
1812 if (!privkey) { | |
1813 // Could not find the private key. Fail the handshake and surface an | |
1814 // appropriate error to the caller. | |
1815 LOG(WARNING) << "Client cert found without private key"; | |
1816 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); | |
1817 return -1; | |
1818 } | |
1819 | |
1820 if (!SSL_use_certificate(ssl_, leaf_x509.get()) || | |
1821 !SSL_use_PrivateKey(ssl_, privkey.get()) || | |
1822 !SSL_set1_chain(ssl_, chain.get())) { | |
1823 LOG(WARNING) << "Failed to set client certificate"; | |
1824 return -1; | |
1825 } | |
1826 | |
1827 int cert_count = 1 + sk_X509_num(chain.get()); | |
1828 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1829 NetLog::IntegerCallback("cert_count", cert_count)); | |
1830 return 1; | |
1831 } | |
1832 #endif // defined(OS_IOS) | |
1833 | |
1834 // Send no client certificate. | |
1835 net_log_.AddEvent(NetLog::TYPE_SSL_CLIENT_CERT_PROVIDED, | |
1836 NetLog::IntegerCallback("cert_count", 0)); | |
1837 return 1; | |
1838 } | |
1839 | |
1840 int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) { | |
1841 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1842 tracked_objects::ScopedTracker tracking_profile( | |
1843 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1844 "424386 SSLClientSocketOpenSSL::CertVerifyCallback")); | |
1845 | |
1846 if (!completed_connect_) { | |
1847 // If the first handshake hasn't completed then we accept any certificates | |
1848 // because we verify after the handshake. | |
1849 return 1; | |
1850 } | |
1851 | |
1852 // Disallow the server certificate to change in a renegotiation. | |
1853 if (server_cert_chain_->empty()) { | |
1854 LOG(ERROR) << "Received invalid certificate chain between handshakes"; | |
1855 return 0; | |
1856 } | |
1857 base::StringPiece old_der, new_der; | |
1858 if (store_ctx->cert == NULL || | |
1859 !x509_util::GetDER(server_cert_chain_->Get(0), &old_der) || | |
1860 !x509_util::GetDER(store_ctx->cert, &new_der)) { | |
1861 LOG(ERROR) << "Failed to encode certificates"; | |
1862 return 0; | |
1863 } | |
1864 if (old_der != new_der) { | |
1865 LOG(ERROR) << "Server certificate changed between handshakes"; | |
1866 return 0; | |
1867 } | |
1868 | |
1869 return 1; | |
1870 } | |
1871 | |
1872 // SelectNextProtoCallback is called by OpenSSL during the handshake. If the | |
1873 // server supports NPN, selects a protocol from the list that the server | |
1874 // provides. According to third_party/openssl/openssl/ssl/ssl_lib.c, the | |
1875 // callback can assume that |in| is syntactically valid. | |
1876 int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out, | |
1877 unsigned char* outlen, | |
1878 const unsigned char* in, | |
1879 unsigned int inlen) { | |
1880 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1881 tracked_objects::ScopedTracker tracking_profile( | |
1882 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1883 "424386 SSLClientSocketOpenSSL::SelectNextProtoCallback")); | |
1884 | |
1885 if (ssl_config_.next_protos.empty()) { | |
1886 *out = reinterpret_cast<uint8*>( | |
1887 const_cast<char*>(kDefaultSupportedNPNProtocol)); | |
1888 *outlen = arraysize(kDefaultSupportedNPNProtocol) - 1; | |
1889 npn_status_ = kNextProtoUnsupported; | |
1890 return SSL_TLSEXT_ERR_OK; | |
1891 } | |
1892 | |
1893 // Assume there's no overlap between our protocols and the server's list. | |
1894 npn_status_ = kNextProtoNoOverlap; | |
1895 | |
1896 // For each protocol in server preference order, see if we support it. | |
1897 for (unsigned int i = 0; i < inlen; i += in[i] + 1) { | |
1898 for (NextProto next_proto : ssl_config_.next_protos) { | |
1899 const std::string proto = NextProtoToString(next_proto); | |
1900 if (in[i] == proto.size() && | |
1901 memcmp(&in[i + 1], proto.data(), in[i]) == 0) { | |
1902 // We found a match. | |
1903 *out = const_cast<unsigned char*>(in) + i + 1; | |
1904 *outlen = in[i]; | |
1905 npn_status_ = kNextProtoNegotiated; | |
1906 break; | |
1907 } | |
1908 } | |
1909 if (npn_status_ == kNextProtoNegotiated) | |
1910 break; | |
1911 } | |
1912 | |
1913 // If we didn't find a protocol, we select the first one from our list. | |
1914 if (npn_status_ == kNextProtoNoOverlap) { | |
1915 // NextProtoToString returns a pointer to a static string. | |
1916 const char* proto = NextProtoToString(ssl_config_.next_protos[0]); | |
1917 *out = reinterpret_cast<unsigned char*>(const_cast<char*>(proto)); | |
1918 *outlen = strlen(proto); | |
1919 } | |
1920 | |
1921 npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen); | |
1922 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; | |
1923 set_negotiation_extension(kExtensionNPN); | |
1924 return SSL_TLSEXT_ERR_OK; | |
1925 } | |
1926 | |
1927 long SSLClientSocketOpenSSL::MaybeReplayTransportError( | |
1928 BIO *bio, | |
1929 int cmd, | |
1930 const char *argp, int argi, long argl, | |
1931 long retvalue) { | |
1932 if (cmd == (BIO_CB_READ|BIO_CB_RETURN) && retvalue <= 0) { | |
1933 // If there is no more data in the buffer, report any pending errors that | |
1934 // were observed. Note that both the readbuf and the writebuf are checked | |
1935 // for errors, since the application may have encountered a socket error | |
1936 // while writing that would otherwise not be reported until the application | |
1937 // attempted to write again - which it may never do. See | |
1938 // https://crbug.com/249848. | |
1939 if (transport_read_error_ != OK) { | |
1940 OpenSSLPutNetError(FROM_HERE, transport_read_error_); | |
1941 return -1; | |
1942 } | |
1943 if (transport_write_error_ != OK) { | |
1944 OpenSSLPutNetError(FROM_HERE, transport_write_error_); | |
1945 return -1; | |
1946 } | |
1947 } else if (cmd == BIO_CB_WRITE) { | |
1948 // Because of the write buffer, this reports a failure from the previous | |
1949 // write payload. If the current payload fails to write, the error will be | |
1950 // reported in a future write or read to |bio|. | |
1951 if (transport_write_error_ != OK) { | |
1952 OpenSSLPutNetError(FROM_HERE, transport_write_error_); | |
1953 return -1; | |
1954 } | |
1955 } | |
1956 return retvalue; | |
1957 } | |
1958 | |
1959 // static | |
1960 long SSLClientSocketOpenSSL::BIOCallback( | |
1961 BIO *bio, | |
1962 int cmd, | |
1963 const char *argp, int argi, long argl, | |
1964 long retvalue) { | |
1965 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1966 tracked_objects::ScopedTracker tracking_profile( | |
1967 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1968 "424386 SSLClientSocketOpenSSL::BIOCallback")); | |
1969 | |
1970 SSLClientSocketOpenSSL* socket = reinterpret_cast<SSLClientSocketOpenSSL*>( | |
1971 BIO_get_callback_arg(bio)); | |
1972 CHECK(socket); | |
1973 return socket->MaybeReplayTransportError( | |
1974 bio, cmd, argp, argi, argl, retvalue); | |
1975 } | |
1976 | |
1977 // static | |
1978 void SSLClientSocketOpenSSL::InfoCallback(const SSL* ssl, | |
1979 int type, | |
1980 int /*val*/) { | |
1981 // TODO(vadimt): Remove ScopedTracker below once crbug.com/424386 is fixed. | |
1982 tracked_objects::ScopedTracker tracking_profile( | |
1983 FROM_HERE_WITH_EXPLICIT_FUNCTION( | |
1984 "424386 SSLClientSocketOpenSSL::InfoCallback")); | |
1985 | |
1986 if (type == SSL_CB_HANDSHAKE_DONE) { | |
1987 SSLClientSocketOpenSSL* ssl_socket = | |
1988 SSLContext::GetInstance()->GetClientSocketFromSSL(ssl); | |
1989 ssl_socket->handshake_succeeded_ = true; | |
1990 ssl_socket->CheckIfHandshakeFinished(); | |
1991 } | |
1992 } | |
1993 | |
1994 // Determines if both the handshake and certificate verification have completed | |
1995 // successfully, and calls the handshake completion callback if that is the | |
1996 // case. | |
1997 // | |
1998 // CheckIfHandshakeFinished is called twice per connection: once after | |
1999 // MarkSSLSessionAsGood, when the certificate has been verified, and | |
2000 // once via an OpenSSL callback when the handshake has completed. On the | |
2001 // second call, when the certificate has been verified and the handshake | |
2002 // has completed, the connection's handshake completion callback is run. | |
2003 void SSLClientSocketOpenSSL::CheckIfHandshakeFinished() { | |
2004 if (handshake_succeeded_ && marked_session_as_good_) | |
2005 OnHandshakeCompletion(); | |
2006 } | |
2007 | |
2008 void SSLClientSocketOpenSSL::AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const { | |
2009 for (ct::SCTList::const_iterator iter = | |
2010 ct_verify_result_.verified_scts.begin(); | |
2011 iter != ct_verify_result_.verified_scts.end(); ++iter) { | |
2012 ssl_info->signed_certificate_timestamps.push_back( | |
2013 SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_OK)); | |
2014 } | |
2015 for (ct::SCTList::const_iterator iter = | |
2016 ct_verify_result_.invalid_scts.begin(); | |
2017 iter != ct_verify_result_.invalid_scts.end(); ++iter) { | |
2018 ssl_info->signed_certificate_timestamps.push_back( | |
2019 SignedCertificateTimestampAndStatus(*iter, ct::SCT_STATUS_INVALID)); | |
2020 } | |
2021 for (ct::SCTList::const_iterator iter = | |
2022 ct_verify_result_.unknown_logs_scts.begin(); | |
2023 iter != ct_verify_result_.unknown_logs_scts.end(); ++iter) { | |
2024 ssl_info->signed_certificate_timestamps.push_back( | |
2025 SignedCertificateTimestampAndStatus(*iter, | |
2026 ct::SCT_STATUS_LOG_UNKNOWN)); | |
2027 } | |
2028 } | |
2029 | |
2030 scoped_refptr<X509Certificate> | |
2031 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | |
2032 return server_cert_; | |
2033 } | |
2034 | |
2035 } // namespace net | |
OLD | NEW |