| OLD | NEW |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/nss_ssl_util.h" | 5 #include "net/socket/nss_ssl_util.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <secerr.h> | 8 #include <secerr.h> |
| 9 #include <ssl.h> | 9 #include <ssl.h> |
| 10 #include <sslerr.h> | 10 #include <sslerr.h> |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 172 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; | 172 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; |
| 173 // A handshake (initial or renegotiation) may fail because some signature | 173 // A handshake (initial or renegotiation) may fail because some signature |
| 174 // (for example, the signature in the ServerKeyExchange message for an | 174 // (for example, the signature in the ServerKeyExchange message for an |
| 175 // ephemeral Diffie-Hellman cipher suite) is invalid. | 175 // ephemeral Diffie-Hellman cipher suite) is invalid. |
| 176 case SEC_ERROR_BAD_SIGNATURE: | 176 case SEC_ERROR_BAD_SIGNATURE: |
| 177 return ERR_SSL_PROTOCOL_ERROR; | 177 return ERR_SSL_PROTOCOL_ERROR; |
| 178 | 178 |
| 179 case SSL_ERROR_SSL_DISABLED: | 179 case SSL_ERROR_SSL_DISABLED: |
| 180 return ERR_NO_SSL_VERSIONS_ENABLED; | 180 return ERR_NO_SSL_VERSIONS_ENABLED; |
| 181 case SSL_ERROR_NO_CYPHER_OVERLAP: | 181 case SSL_ERROR_NO_CYPHER_OVERLAP: |
| 182 case SSL_ERROR_PROTOCOL_VERSION_ALERT: |
| 182 case SSL_ERROR_UNSUPPORTED_VERSION: | 183 case SSL_ERROR_UNSUPPORTED_VERSION: |
| 183 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; | 184 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; |
| 184 case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: | 185 case SSL_ERROR_HANDSHAKE_FAILURE_ALERT: |
| 185 case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: | 186 case SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT: |
| 186 case SSL_ERROR_ILLEGAL_PARAMETER_ALERT: | 187 case SSL_ERROR_ILLEGAL_PARAMETER_ALERT: |
| 187 return ERR_SSL_PROTOCOL_ERROR; | 188 return ERR_SSL_PROTOCOL_ERROR; |
| 188 case SSL_ERROR_DECOMPRESSION_FAILURE_ALERT: | 189 case SSL_ERROR_DECOMPRESSION_FAILURE_ALERT: |
| 189 return ERR_SSL_DECOMPRESSION_FAILURE_ALERT; | 190 return ERR_SSL_DECOMPRESSION_FAILURE_ALERT; |
| 190 case SSL_ERROR_BAD_MAC_ALERT: | 191 case SSL_ERROR_BAD_MAC_ALERT: |
| 191 return ERR_SSL_BAD_RECORD_MAC_ALERT; | 192 return ERR_SSL_BAD_RECORD_MAC_ALERT; |
| (...skipping 20 matching lines...) Expand all Loading... |
| 212 LOG(WARNING) << "Unknown SSL error " << err | 213 LOG(WARNING) << "Unknown SSL error " << err |
| 213 << " mapped to net::ERR_SSL_PROTOCOL_ERROR"; | 214 << " mapped to net::ERR_SSL_PROTOCOL_ERROR"; |
| 214 return ERR_SSL_PROTOCOL_ERROR; | 215 return ERR_SSL_PROTOCOL_ERROR; |
| 215 } | 216 } |
| 216 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; | 217 LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED"; |
| 217 return ERR_FAILED; | 218 return ERR_FAILED; |
| 218 } | 219 } |
| 219 } | 220 } |
| 220 } | 221 } |
| 221 | 222 |
| 222 // Context-sensitive error mapping functions. | |
| 223 int MapNSSHandshakeError(PRErrorCode err) { | |
| 224 switch (err) { | |
| 225 // If the server closed on us, it is a protocol error. | |
| 226 // Some TLS-intolerant servers do this when we request TLS. | |
| 227 case PR_END_OF_FILE_ERROR: | |
| 228 return ERR_SSL_PROTOCOL_ERROR; | |
| 229 default: | |
| 230 return MapNSSError(err); | |
| 231 } | |
| 232 } | |
| 233 | |
| 234 // Extra parameters to attach to the NetLog when we receive an error in response | 223 // Extra parameters to attach to the NetLog when we receive an error in response |
| 235 // to a call to an NSS function. Used instead of SSLErrorParams with | 224 // to a call to an NSS function. Used instead of SSLErrorParams with |
| 236 // events of type TYPE_SSL_NSS_ERROR. Automatically looks up last PR error. | 225 // events of type TYPE_SSL_NSS_ERROR. Automatically looks up last PR error. |
| 237 class SSLFailedNSSFunctionParams : public NetLog::EventParameters { | 226 class SSLFailedNSSFunctionParams : public NetLog::EventParameters { |
| 238 public: | 227 public: |
| 239 // |param| is ignored if it has a length of 0. | 228 // |param| is ignored if it has a length of 0. |
| 240 SSLFailedNSSFunctionParams(const std::string& function, | 229 SSLFailedNSSFunctionParams(const std::string& function, |
| 241 const std::string& param) | 230 const std::string& param) |
| 242 : function_(function), param_(param), ssl_lib_error_(PR_GetError()) { | 231 : function_(function), param_(param), ssl_lib_error_(PR_GetError()) { |
| 243 } | 232 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 262 | 251 |
| 263 void LogFailedNSSFunction(const BoundNetLog& net_log, | 252 void LogFailedNSSFunction(const BoundNetLog& net_log, |
| 264 const char* function, | 253 const char* function, |
| 265 const char* param) { | 254 const char* param) { |
| 266 net_log.AddEvent( | 255 net_log.AddEvent( |
| 267 NetLog::TYPE_SSL_NSS_ERROR, | 256 NetLog::TYPE_SSL_NSS_ERROR, |
| 268 make_scoped_refptr(new SSLFailedNSSFunctionParams(function, param))); | 257 make_scoped_refptr(new SSLFailedNSSFunctionParams(function, param))); |
| 269 } | 258 } |
| 270 | 259 |
| 271 } // namespace net | 260 } // namespace net |
| OLD | NEW |