| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 1837 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1848 PostOrRunCallback( | 1848 PostOrRunCallback( |
| 1849 FROM_HERE, | 1849 FROM_HERE, |
| 1850 base::Bind(&AddLogEventWithCallback, weak_net_log_, | 1850 base::Bind(&AddLogEventWithCallback, weak_net_log_, |
| 1851 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 1851 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 1852 CreateNetLogSSLErrorCallback(net_error, 0))); | 1852 CreateNetLogSSLErrorCallback(net_error, 0))); |
| 1853 } else { | 1853 } else { |
| 1854 #if defined(SSL_ENABLE_OCSP_STAPLING) | 1854 #if defined(SSL_ENABLE_OCSP_STAPLING) |
| 1855 // TODO(agl): figure out how to plumb an OCSP response into the Mac | 1855 // TODO(agl): figure out how to plumb an OCSP response into the Mac |
| 1856 // system library and update IsOCSPStaplingSupported for Mac. | 1856 // system library and update IsOCSPStaplingSupported for Mac. |
| 1857 if (IsOCSPStaplingSupported()) { | 1857 if (IsOCSPStaplingSupported()) { |
| 1858 unsigned int len = 0; | 1858 const SECItemArray* ocsp_responses = |
| 1859 SSL_GetStapledOCSPResponse(nss_fd_, NULL, &len); | 1859 SSL_PeerStapledOCSPResponses(nss_fd_); |
| 1860 if (len) { | 1860 if (ocsp_responses->len) { |
| 1861 const unsigned int orig_len = len; | |
| 1862 scoped_ptr<uint8[]> ocsp_response(new uint8[orig_len]); | |
| 1863 SSL_GetStapledOCSPResponse(nss_fd_, ocsp_response.get(), &len); | |
| 1864 DCHECK_EQ(orig_len, len); | |
| 1865 | |
| 1866 #if defined(OS_WIN) | 1861 #if defined(OS_WIN) |
| 1867 if (nss_handshake_state_.server_cert) { | 1862 if (nss_handshake_state_.server_cert) { |
| 1868 CRYPT_DATA_BLOB ocsp_response_blob; | 1863 CRYPT_DATA_BLOB ocsp_response_blob; |
| 1869 ocsp_response_blob.cbData = len; | 1864 ocsp_response_blob.cbData = ocsp_responses->items[0].len; |
| 1870 ocsp_response_blob.pbData = ocsp_response.get(); | 1865 ocsp_response_blob.pbData = ocsp_responses->items[0].data; |
| 1871 BOOL ok = CertSetCertificateContextProperty( | 1866 BOOL ok = CertSetCertificateContextProperty( |
| 1872 nss_handshake_state_.server_cert->os_cert_handle(), | 1867 nss_handshake_state_.server_cert->os_cert_handle(), |
| 1873 CERT_OCSP_RESPONSE_PROP_ID, | 1868 CERT_OCSP_RESPONSE_PROP_ID, |
| 1874 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, | 1869 CERT_SET_PROPERTY_IGNORE_PERSIST_ERROR_FLAG, |
| 1875 &ocsp_response_blob); | 1870 &ocsp_response_blob); |
| 1876 if (!ok) { | 1871 if (!ok) { |
| 1877 VLOG(1) << "Failed to set OCSP response property: " | 1872 VLOG(1) << "Failed to set OCSP response property: " |
| 1878 << GetLastError(); | 1873 << GetLastError(); |
| 1879 } | 1874 } |
| 1880 } | 1875 } |
| 1881 #elif defined(USE_NSS) | 1876 #elif defined(USE_NSS) |
| 1882 CacheOCSPResponseFromSideChannelFunction cache_ocsp_response = | 1877 CacheOCSPResponseFromSideChannelFunction cache_ocsp_response = |
| 1883 GetCacheOCSPResponseFromSideChannelFunction(); | 1878 GetCacheOCSPResponseFromSideChannelFunction(); |
| 1884 SECItem ocsp_response_item; | |
| 1885 ocsp_response_item.type = siBuffer; | |
| 1886 ocsp_response_item.data = ocsp_response.get(); | |
| 1887 ocsp_response_item.len = len; | |
| 1888 | 1879 |
| 1889 cache_ocsp_response( | 1880 cache_ocsp_response( |
| 1890 CERT_GetDefaultCertDB(), | 1881 CERT_GetDefaultCertDB(), |
| 1891 nss_handshake_state_.server_cert_chain[0], PR_Now(), | 1882 nss_handshake_state_.server_cert_chain[0], PR_Now(), |
| 1892 &ocsp_response_item, NULL); | 1883 &ocsp_responses->items[0], NULL); |
| 1893 #endif | 1884 #endif |
| 1894 } | 1885 } |
| 1895 } | 1886 } |
| 1896 #endif | 1887 #endif |
| 1897 } | 1888 } |
| 1898 // Done! | 1889 // Done! |
| 1899 } else { | 1890 } else { |
| 1900 PRErrorCode prerr = PR_GetError(); | 1891 PRErrorCode prerr = PR_GetError(); |
| 1901 net_error = HandleNSSError(prerr, true); | 1892 net_error = HandleNSSError(prerr, true); |
| 1902 | 1893 |
| (...skipping 1619 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3522 EnsureThreadIdAssigned(); | 3513 EnsureThreadIdAssigned(); |
| 3523 base::AutoLock auto_lock(lock_); | 3514 base::AutoLock auto_lock(lock_); |
| 3524 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 3515 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
| 3525 } | 3516 } |
| 3526 | 3517 |
| 3527 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3518 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3528 return server_bound_cert_service_; | 3519 return server_bound_cert_service_; |
| 3529 } | 3520 } |
| 3530 | 3521 |
| 3531 } // namespace net | 3522 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 14522022:
Update NSS libSSL to NSS_3_15_BETA2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/