OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
111 #include <wincrypt.h> | 111 #include <wincrypt.h> |
112 #elif defined(OS_MACOSX) | 112 #elif defined(OS_MACOSX) |
113 #include <Security/SecBase.h> | 113 #include <Security/SecBase.h> |
114 #include <Security/SecCertificate.h> | 114 #include <Security/SecCertificate.h> |
115 #include <Security/SecIdentity.h> | 115 #include <Security/SecIdentity.h> |
116 #include "base/mac/mac_logging.h" | 116 #include "base/mac/mac_logging.h" |
117 #elif defined(USE_NSS) | 117 #elif defined(USE_NSS) |
118 #include <dlfcn.h> | 118 #include <dlfcn.h> |
119 #endif | 119 #endif |
120 | 120 |
121 static const int kRecvBufferSize = 4096; | 121 // SSL plaintext fragments are shorter than 16KB. Although the record layer |
| 122 // overhead is allowed to be 2K + 5 bytes, in practice the overhead is much |
| 123 // smaller than 1KB. So a 17KB buffer should be large enough to hold an |
| 124 // entire SSL record. |
| 125 static const int kRecvBufferSize = 17 * 1024; |
| 126 static const int kSendBufferSize = 17 * 1024; |
122 | 127 |
123 #if defined(OS_WIN) | 128 #if defined(OS_WIN) |
124 // CERT_OCSP_RESPONSE_PROP_ID is only implemented on Vista+, but it can be | 129 // CERT_OCSP_RESPONSE_PROP_ID is only implemented on Vista+, but it can be |
125 // set on Windows XP without error. There is some overhead from the server | 130 // set on Windows XP without error. There is some overhead from the server |
126 // sending the OCSP response if it supports the extension, for the subset of | 131 // sending the OCSP response if it supports the extension, for the subset of |
127 // XP clients who will request it but be unable to use it, but this is an | 132 // XP clients who will request it but be unable to use it, but this is an |
128 // acceptable trade-off for simplicity of implementation. | 133 // acceptable trade-off for simplicity of implementation. |
129 static bool IsOCSPStaplingSupported() { | 134 static bool IsOCSPStaplingSupported() { |
130 return true; | 135 return true; |
131 } | 136 } |
(...skipping 2928 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3060 } | 3065 } |
3061 | 3066 |
3062 void SSLClientSocketNSS::InitCore() { | 3067 void SSLClientSocketNSS::InitCore() { |
3063 core_ = new Core(base::ThreadTaskRunnerHandle::Get(), nss_task_runner_, | 3068 core_ = new Core(base::ThreadTaskRunnerHandle::Get(), nss_task_runner_, |
3064 transport_.get(), host_and_port_, ssl_config_, &net_log_, | 3069 transport_.get(), host_and_port_, ssl_config_, &net_log_, |
3065 server_bound_cert_service_); | 3070 server_bound_cert_service_); |
3066 } | 3071 } |
3067 | 3072 |
3068 int SSLClientSocketNSS::InitializeSSLOptions() { | 3073 int SSLClientSocketNSS::InitializeSSLOptions() { |
3069 // Transport connected, now hook it up to nss | 3074 // Transport connected, now hook it up to nss |
3070 // TODO(port): specify rx and tx buffer sizes separately | 3075 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize); |
3071 nss_fd_ = memio_CreateIOLayer(kRecvBufferSize); | |
3072 if (nss_fd_ == NULL) { | 3076 if (nss_fd_ == NULL) { |
3073 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. | 3077 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. |
3074 } | 3078 } |
3075 | 3079 |
3076 // Grab pointer to buffers | 3080 // Grab pointer to buffers |
3077 memio_Private* nss_bufs = memio_GetSecret(nss_fd_); | 3081 memio_Private* nss_bufs = memio_GetSecret(nss_fd_); |
3078 | 3082 |
3079 /* Create SSL state machine */ | 3083 /* Create SSL state machine */ |
3080 /* Push SSL onto our fake I/O socket */ | 3084 /* Push SSL onto our fake I/O socket */ |
3081 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); | 3085 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); |
(...skipping 435 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3517 EnsureThreadIdAssigned(); | 3521 EnsureThreadIdAssigned(); |
3518 base::AutoLock auto_lock(lock_); | 3522 base::AutoLock auto_lock(lock_); |
3519 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3523 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
3520 } | 3524 } |
3521 | 3525 |
3522 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3526 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
3523 return server_bound_cert_service_; | 3527 return server_bound_cert_service_; |
3524 } | 3528 } |
3525 | 3529 |
3526 } // namespace net | 3530 } // namespace net |
OLD | NEW |