Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 994373004: Properly handle alerts from the peer in SSL_read. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix CrOS tests Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 1464 matching lines...) Expand 10 before | Expand all | Expand 10 after
1475 // DoPayloadRead() (e.g.: after the current data is handled). 1475 // DoPayloadRead() (e.g.: after the current data is handled).
1476 int *next_result = &rv; 1476 int *next_result = &rv;
1477 if (total_bytes_read > 0) { 1477 if (total_bytes_read > 0) {
1478 pending_read_error_ = rv; 1478 pending_read_error_ = rv;
1479 rv = total_bytes_read; 1479 rv = total_bytes_read;
1480 next_result = &pending_read_error_; 1480 next_result = &pending_read_error_;
1481 } 1481 }
1482 1482
1483 if (client_auth_cert_needed_) { 1483 if (client_auth_cert_needed_) {
1484 *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; 1484 *next_result = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
1485 } else if (*next_result < 0) { 1485 } else if (*next_result <= 0) {
1486 // A zero return from SSL_read may mean any of:
1487 // - The underlying BIO_read returned 0.
1488 // - The peer sent a close_notify.
1489 // - Any arbitrary error. https://crbug.com/466303
1490 //
1491 // TransportReadComplete converts the first to an ERR_CONNECTION_CLOSED
1492 // error, so it does not occur. The second and third are distinguished by
1493 // SSL_ERROR_ZERO_RETURN.
1486 pending_read_ssl_error_ = SSL_get_error(ssl_, *next_result); 1494 pending_read_ssl_error_ = SSL_get_error(ssl_, *next_result);
1487 *next_result = MapOpenSSLErrorWithDetails(pending_read_ssl_error_, 1495 if (pending_read_ssl_error_ == SSL_ERROR_ZERO_RETURN) {
1488 err_tracer, 1496 *next_result = 0;
1489 &pending_read_error_info_); 1497 } else {
1498 *next_result = MapOpenSSLErrorWithDetails(
1499 pending_read_ssl_error_, err_tracer, &pending_read_error_info_);
1500 }
1490 1501
1491 // Many servers do not reliably send a close_notify alert when shutting 1502 // Many servers do not reliably send a close_notify alert when shutting
1492 // down a connection, and instead terminate the TCP connection. This is 1503 // down a connection, and instead terminate the TCP connection. This is
1493 // reported as ERR_CONNECTION_CLOSED. Because of this, map the unclean 1504 // reported as ERR_CONNECTION_CLOSED. Because of this, map the unclean
1494 // shutdown to a graceful EOF, instead of treating it as an error as it 1505 // shutdown to a graceful EOF, instead of treating it as an error as it
1495 // should be. 1506 // should be.
1496 if (*next_result == ERR_CONNECTION_CLOSED) 1507 if (*next_result == ERR_CONNECTION_CLOSED)
1497 *next_result = 0; 1508 *next_result = 0;
1498 1509
1499 if (rv > 0 && *next_result == ERR_IO_PENDING) { 1510 if (rv > 0 && *next_result == ERR_IO_PENDING) {
(...skipping 460 matching lines...) Expand 10 before | Expand all | Expand 10 after
1960 1971
1961 return result; 1972 return result;
1962 } 1973 }
1963 1974
1964 scoped_refptr<X509Certificate> 1975 scoped_refptr<X509Certificate>
1965 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1976 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1966 return server_cert_; 1977 return server_cert_;
1967 } 1978 }
1968 1979
1969 } // namespace net 1980 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698