OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 1545 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1556 // DoPayloadRead() (e.g.: after the current data is handled). | 1556 // DoPayloadRead() (e.g.: after the current data is handled). |
1557 int *next_result = &rv; | 1557 int *next_result = &rv; |
1558 if (total_bytes_read > 0) { | 1558 if (total_bytes_read > 0) { |
1559 pending_read_error_ = rv; | 1559 pending_read_error_ = rv; |
1560 rv = total_bytes_read; | 1560 rv = total_bytes_read; |
1561 next_result = &pending_read_error_; | 1561 next_result = &pending_read_error_; |
1562 } | 1562 } |
1563 | 1563 |
1564 if (client_auth_cert_needed_) { | 1564 if (client_auth_cert_needed_) { |
1565 *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; | 1565 *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; |
1566 } else if (*next_result < 0) { | 1566 } else if (*next_result <= 0) { |
1567 // A zero return from SSL_read may mean any of: | |
1568 // - The underlying BIO_read returned 0. | |
1569 // - The peer sent a close_notify. | |
1570 // - Any arbitrary error. https://crbug.com/466303 | |
1571 // | |
1572 // TransportReadComplete converts the first to an ERR_CONNECTION_CLOSED | |
1573 // error, so it does not occur. The second and third are distinguished by | |
1574 // SSL_ERROR_ZERO_RETURN. | |
Ryan Sleevi
2015/03/17 01:01:28
Thanks, I conformed that ssl3_get_record does inde
| |
1567 pending_read_ssl_error_ = SSL_get_error(ssl_, *next_result); | 1575 pending_read_ssl_error_ = SSL_get_error(ssl_, *next_result); |
1568 *next_result = MapOpenSSLErrorWithDetails(pending_read_ssl_error_, | 1576 if (pending_read_ssl_error_ == SSL_ERROR_ZERO_RETURN) { |
1569 err_tracer, | 1577 *next_result = 0; |
1570 &pending_read_error_info_); | 1578 } else { |
1579 *next_result = MapOpenSSLErrorWithDetails( | |
1580 pending_read_ssl_error_, err_tracer, &pending_read_error_info_); | |
davidben
2015/03/11 21:47:18
This logic is totally incomprehensible and insane.
| |
1581 } | |
1571 | 1582 |
1572 // Many servers do not reliably send a close_notify alert when shutting | 1583 // Many servers do not reliably send a close_notify alert when shutting |
1573 // down a connection, and instead terminate the TCP connection. This is | 1584 // down a connection, and instead terminate the TCP connection. This is |
1574 // reported as ERR_CONNECTION_CLOSED. Because of this, map the unclean | 1585 // reported as ERR_CONNECTION_CLOSED. Because of this, map the unclean |
1575 // shutdown to a graceful EOF, instead of treating it as an error as it | 1586 // shutdown to a graceful EOF, instead of treating it as an error as it |
1576 // should be. | 1587 // should be. |
1577 if (*next_result == ERR_CONNECTION_CLOSED) | 1588 if (*next_result == ERR_CONNECTION_CLOSED) |
1578 *next_result = 0; | 1589 *next_result = 0; |
1579 | 1590 |
1580 if (rv > 0 && *next_result == ERR_IO_PENDING) { | 1591 if (rv > 0 && *next_result == ERR_IO_PENDING) { |
(...skipping 462 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2043 ct::SCT_STATUS_LOG_UNKNOWN)); | 2054 ct::SCT_STATUS_LOG_UNKNOWN)); |
2044 } | 2055 } |
2045 } | 2056 } |
2046 | 2057 |
2047 scoped_refptr<X509Certificate> | 2058 scoped_refptr<X509Certificate> |
2048 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 2059 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
2049 return server_cert_; | 2060 return server_cert_; |
2050 } | 2061 } |
2051 | 2062 |
2052 } // namespace net | 2063 } // namespace net |
OLD | NEW |