OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 1056 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1067 #else | 1067 #else |
1068 rv = SSL_GetClientAuthDataHook( | 1068 rv = SSL_GetClientAuthDataHook( |
1069 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); | 1069 nss_fd_, SSLClientSocketNSS::Core::ClientAuthHandler, this); |
1070 #endif | 1070 #endif |
1071 if (rv != SECSuccess) { | 1071 if (rv != SECSuccess) { |
1072 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); | 1072 LogFailedNSSFunction(*weak_net_log_, "SSL_GetClientAuthDataHook", ""); |
1073 return false; | 1073 return false; |
1074 } | 1074 } |
1075 | 1075 |
1076 if (ssl_config_.channel_id_enabled) { | 1076 if (ssl_config_.channel_id_enabled) { |
1077 // TODO(mattm): we can do this check on the network task runner only because | 1077 if (crypto::ECPrivateKey::IsSupported()) { |
1078 // we use the NSS internal slot. If we support other slots in the future, | |
1079 // checking whether they support ECDSA may block NSS, and thus this check | |
1080 // would have to be moved to the NSS task runner. | |
1081 crypto::ScopedPK11Slot slot(crypto::GetPublicNSSKeySlot()); | |
1082 if (PK11_DoesMechanism(slot.get(), CKM_EC_KEY_PAIR_GEN) && | |
1083 PK11_DoesMechanism(slot.get(), CKM_ECDSA)) { | |
1084 rv = SSL_SetClientChannelIDCallback( | 1078 rv = SSL_SetClientChannelIDCallback( |
1085 nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this); | 1079 nss_fd_, SSLClientSocketNSS::Core::ClientChannelIDHandler, this); |
1086 if (rv != SECSuccess) | 1080 if (rv != SECSuccess) |
1087 LogFailedNSSFunction(*weak_net_log_, "SSL_SetClientChannelIDCallback", | 1081 LogFailedNSSFunction(*weak_net_log_, "SSL_SetClientChannelIDCallback", |
1088 ""); | 1082 ""); |
1089 } else { | 1083 } else { |
1090 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; | 1084 DVLOG(1) << "Elliptic Curve not supported, not enabling channel ID."; |
1091 } | 1085 } |
1092 } | 1086 } |
1093 | 1087 |
(...skipping 1422 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2516 | 2510 |
2517 // Since this enum is used for a histogram, do not change or re-use values. | 2511 // Since this enum is used for a histogram, do not change or re-use values. |
2518 enum { | 2512 enum { |
2519 DISABLED = 0, | 2513 DISABLED = 0, |
2520 CLIENT_ONLY = 1, | 2514 CLIENT_ONLY = 1, |
2521 CLIENT_AND_SERVER = 2, | 2515 CLIENT_AND_SERVER = 2, |
2522 DOMAIN_BOUND_CERT_USAGE_MAX | 2516 DOMAIN_BOUND_CERT_USAGE_MAX |
2523 } supported = DISABLED; | 2517 } supported = DISABLED; |
2524 if (channel_id_xtn_negotiated_) | 2518 if (channel_id_xtn_negotiated_) |
2525 supported = CLIENT_AND_SERVER; | 2519 supported = CLIENT_AND_SERVER; |
2526 else if (ssl_config_.channel_id_enabled) | 2520 else if (ssl_config_.channel_id_enabled && |
| 2521 crypto::ECPrivateKey::IsSupported()) |
2527 supported = CLIENT_ONLY; | 2522 supported = CLIENT_ONLY; |
2528 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, | 2523 UMA_HISTOGRAM_ENUMERATION("DomainBoundCerts.Support", supported, |
2529 DOMAIN_BOUND_CERT_USAGE_MAX); | 2524 DOMAIN_BOUND_CERT_USAGE_MAX); |
2530 } | 2525 } |
2531 | 2526 |
2532 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) { | 2527 int SSLClientSocketNSS::Core::DoBufferRecv(IOBuffer* read_buffer, int len) { |
2533 DCHECK(OnNetworkTaskRunner()); | 2528 DCHECK(OnNetworkTaskRunner()); |
2534 DCHECK_GT(len, 0); | 2529 DCHECK_GT(len, 0); |
2535 | 2530 |
2536 if (detached_) | 2531 if (detached_) |
(...skipping 970 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3507 EnsureThreadIdAssigned(); | 3502 EnsureThreadIdAssigned(); |
3508 base::AutoLock auto_lock(lock_); | 3503 base::AutoLock auto_lock(lock_); |
3509 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3504 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
3510 } | 3505 } |
3511 | 3506 |
3512 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3507 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
3513 return server_bound_cert_service_; | 3508 return server_bound_cert_service_; |
3514 } | 3509 } |
3515 | 3510 |
3516 } // namespace net | 3511 } // namespace net |
OLD | NEW |