Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_win.cc

Issue 11739004: Add server certificate request parameters to be stored in SSLCertRequestInfo. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Address Ryan's remark ( ASSERT_TRUE(ptr) ) Created 7 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_win.h" 5 #include "net/socket/ssl_client_socket_win.h"
6 6
7 #include <schnlsp.h> 7 #include <schnlsp.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 #include <map> 10 #include <map>
(...skipping 438 matching lines...) Expand 10 before | Expand all | Expand 10 after
449 449
450 if (ssl_config_.version_fallback) 450 if (ssl_config_.version_fallback)
451 ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK; 451 ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK;
452 452
453 return true; 453 return true;
454 } 454 }
455 455
456 void SSLClientSocketWin::GetSSLCertRequestInfo( 456 void SSLClientSocketWin::GetSSLCertRequestInfo(
457 SSLCertRequestInfo* cert_request_info) { 457 SSLCertRequestInfo* cert_request_info) {
458 cert_request_info->host_and_port = host_and_port_.ToString(); 458 cert_request_info->host_and_port = host_and_port_.ToString();
459 cert_request_info->cert_authorities.clear();
460 cert_request_info->cert_key_types.clear();
459 cert_request_info->client_certs.clear(); 461 cert_request_info->client_certs.clear();
460 462
461 // Get the certificate_authorities field of the CertificateRequest message. 463 // Get the server criteria for client certificates. Schannel doesn't return
462 // Schannel doesn't return the certificate_types field of the 464 // the certificate_types field of the CertificateRequest message to us, so we
463 // CertificateRequest message to us, so we can't filter the client 465 // can't fill the |cert_key_types| field.
464 // certificates properly. :-(
465 SecPkgContext_IssuerListInfoEx issuer_list; 466 SecPkgContext_IssuerListInfoEx issuer_list;
466 SECURITY_STATUS status = QueryContextAttributes( 467 SECURITY_STATUS status = QueryContextAttributes(
467 &ctxt_, SECPKG_ATTR_ISSUER_LIST_EX, &issuer_list); 468 &ctxt_, SECPKG_ATTR_ISSUER_LIST_EX, &issuer_list);
468 if (status != SEC_E_OK) { 469 if (status != SEC_E_OK) {
469 DLOG(ERROR) << "QueryContextAttributes (issuer list) failed: " << status; 470 DLOG(ERROR) << "QueryContextAttributes (issuer list) failed: " << status;
470 return; 471 return;
471 } 472 }
472 473
474 for (size_t i = 0; i < issuer_list.cIssuers; i++) {
475 cert_request_info->cert_authorities.push_back(std::string(
476 reinterpret_cast<const char*>(issuer_list.aIssuers[i].pbData),
477 static_cast<size_t>(issuer_list.aIssuers[i].cbData)));
478 }
479
480 // Retrieve the list of matching client certificates. This is to be moved out
481 // of here as a part of refactoring effort being tracked in
482 // http://crbug.com/166642.
483
473 // Client certificates of the user are in the "MY" system certificate store. 484 // Client certificates of the user are in the "MY" system certificate store.
474 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY"); 485 HCERTSTORE my_cert_store = CertOpenSystemStore(NULL, L"MY");
475 if (!my_cert_store) { 486 if (!my_cert_store) {
476 LOG(ERROR) << "Could not open the \"MY\" system certificate store: " 487 LOG(ERROR) << "Could not open the \"MY\" system certificate store: "
477 << GetLastError(); 488 << GetLastError();
478 FreeContextBuffer(issuer_list.aIssuers); 489 FreeContextBuffer(issuer_list.aIssuers);
479 return; 490 return;
480 } 491 }
481 492
482 // Enumerate the client certificates. 493 // Enumerate the client certificates.
(...skipping 1132 matching lines...) Expand 10 before | Expand all | Expand 10 after
1615 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA); 1626 UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
1616 } 1627 }
1617 1628
1618 void SSLClientSocketWin::FreeSendBuffer() { 1629 void SSLClientSocketWin::FreeSendBuffer() {
1619 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer); 1630 SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
1620 DCHECK(status == SEC_E_OK); 1631 DCHECK(status == SEC_E_OK);
1621 memset(&send_buffer_, 0, sizeof(send_buffer_)); 1632 memset(&send_buffer_, 0, sizeof(send_buffer_));
1622 } 1633 }
1623 1634
1624 } // namespace net 1635 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698