Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(239)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 12468002: Report the correct os_error in the SOCKET_READ_ERROR event (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Remove a potentially misleading comment. Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/socket/tcp_client_socket_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 1886 matching lines...) Expand 10 before | Expand all | Expand 10 after
1897 } 1897 }
1898 // Done! 1898 // Done!
1899 } else { 1899 } else {
1900 PRErrorCode prerr = PR_GetError(); 1900 PRErrorCode prerr = PR_GetError();
1901 net_error = HandleNSSError(prerr, true); 1901 net_error = HandleNSSError(prerr, true);
1902 1902
1903 // Some network devices that inspect application-layer packets seem to 1903 // Some network devices that inspect application-layer packets seem to
1904 // inject TCP reset packets to break the connections when they see 1904 // inject TCP reset packets to break the connections when they see
1905 // TLS 1.1 in ClientHello or ServerHello. See http://crbug.com/130293. 1905 // TLS 1.1 in ClientHello or ServerHello. See http://crbug.com/130293.
1906 // 1906 //
1907 // Only allow ERR_CONNECTION_RESET/ABORTED to trigger a TLS 1.1 -> TLS 1.0 1907 // Only allow ERR_CONNECTION_RESET to trigger a TLS 1.1 -> TLS 1.0
1908 // fallback. We don't lose much in this fallback because the explicit IV 1908 // fallback. We don't lose much in this fallback because the explicit
1909 // for CBC mode in TLS 1.1 is approximated by record splitting in TLS 1.0. 1909 // IV for CBC mode in TLS 1.1 is approximated by record splitting in
1910 // TLS 1.0.
1910 // 1911 //
1911 // ERR_CONNECTION_RESET/ABORTED are common network errors, so we don't want 1912 // ERR_CONNECTION_RESET is a common network error, so we don't want it
1912 // them to trigger a version fallback in general, especially the TLS 1.0 -> 1913 // to trigger a version fallback in general, especially the TLS 1.0 ->
1913 // SSL 3.0 fallback, which would drop TLS extensions. 1914 // SSL 3.0 fallback, which would drop TLS extensions.
1914 // 1915 if (prerr == PR_CONNECT_RESET_ERROR &&
1915 // ERR_CONNECTION_ABORTED was added because we get this error message when
1916 // using non-blocking reads instead of async/overlapped reads. See
1917 // crbug.com/178672.
1918 if ((prerr == PR_CONNECT_RESET_ERROR ||
1919 prerr == PR_CONNECT_ABORTED_ERROR) &&
1920 ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1_1) { 1916 ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1_1) {
1921 net_error = ERR_SSL_PROTOCOL_ERROR; 1917 net_error = ERR_SSL_PROTOCOL_ERROR;
1922 } 1918 }
1923 1919
1924 // If not done, stay in this state 1920 // If not done, stay in this state
1925 if (net_error == ERR_IO_PENDING) { 1921 if (net_error == ERR_IO_PENDING) {
1926 GotoState(STATE_HANDSHAKE); 1922 GotoState(STATE_HANDSHAKE);
1927 } else { 1923 } else {
1928 PostOrRunCallback( 1924 PostOrRunCallback(
1929 FROM_HERE, 1925 FROM_HERE,
(...skipping 1604 matching lines...) Expand 10 before | Expand all | Expand 10 after
3534 EnsureThreadIdAssigned(); 3530 EnsureThreadIdAssigned();
3535 base::AutoLock auto_lock(lock_); 3531 base::AutoLock auto_lock(lock_);
3536 return valid_thread_id_ == base::PlatformThread::CurrentId(); 3532 return valid_thread_id_ == base::PlatformThread::CurrentId();
3537 } 3533 }
3538 3534
3539 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { 3535 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
3540 return server_bound_cert_service_; 3536 return server_bound_cert_service_;
3541 } 3537 }
3542 3538
3543 } // namespace net 3539 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/socket/tcp_client_socket_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698