OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_mac.h" | 5 #include "net/socket/ssl_client_socket_mac.h" |
6 | 6 |
7 #include <CoreServices/CoreServices.h> | 7 #include <CoreServices/CoreServices.h> |
8 #include <netdb.h> | 8 #include <netdb.h> |
9 #include <sys/socket.h> | 9 #include <sys/socket.h> |
10 #include <sys/types.h> | 10 #include <sys/types.h> |
11 | 11 |
12 #include <algorithm> | 12 #include <algorithm> |
13 | 13 |
14 #include "base/bind.h" | 14 #include "base/bind.h" |
15 #include "base/lazy_instance.h" | 15 #include "base/lazy_instance.h" |
| 16 #include "base/mac/mac_logging.h" |
16 #include "base/mac/scoped_cftyperef.h" | 17 #include "base/mac/scoped_cftyperef.h" |
17 #include "base/string_util.h" | 18 #include "base/string_util.h" |
18 #include "net/base/address_list.h" | 19 #include "net/base/address_list.h" |
19 #include "net/base/cert_verifier.h" | 20 #include "net/base/cert_verifier.h" |
20 #include "net/base/io_buffer.h" | 21 #include "net/base/io_buffer.h" |
21 #include "net/base/net_errors.h" | 22 #include "net/base/net_errors.h" |
22 #include "net/base/net_log.h" | 23 #include "net/base/net_log.h" |
23 #include "net/base/ssl_cert_request_info.h" | 24 #include "net/base/ssl_cert_request_info.h" |
24 #include "net/base/ssl_connection_status_flags.h" | 25 #include "net/base/ssl_connection_status_flags.h" |
25 #include "net/base/ssl_info.h" | 26 #include "net/base/ssl_info.h" |
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
196 // access_denied | 197 // access_denied |
197 // bad_certificate | 198 // bad_certificate |
198 // unsupported_certificate | 199 // unsupported_certificate |
199 // certificate_expired | 200 // certificate_expired |
200 // certificate_revoked | 201 // certificate_revoked |
201 // certificate_unknown | 202 // certificate_unknown |
202 // unknown_ca | 203 // unknown_ca |
203 case errSSLPeerCertUnknown...errSSLPeerBadCert: | 204 case errSSLPeerCertUnknown...errSSLPeerBadCert: |
204 case errSSLPeerUnknownCA: | 205 case errSSLPeerUnknownCA: |
205 case errSSLPeerAccessDenied: | 206 case errSSLPeerAccessDenied: |
206 LOG(WARNING) << "Server rejected client cert (OSStatus=" << status << ")"; | 207 OSSTATUS_LOG(WARNING, status) << "Server rejected client cert"; |
207 return ERR_BAD_SSL_CLIENT_AUTH_CERT; | 208 return ERR_BAD_SSL_CLIENT_AUTH_CERT; |
208 | 209 |
209 case errSSLNegotiation: | 210 case errSSLNegotiation: |
210 case errSSLPeerInsufficientSecurity: | 211 case errSSLPeerInsufficientSecurity: |
211 case errSSLPeerProtocolVersion: | 212 case errSSLPeerProtocolVersion: |
212 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; | 213 return ERR_SSL_VERSION_OR_CIPHER_MISMATCH; |
213 | 214 |
214 case errSSLBufferOverflow: | 215 case errSSLBufferOverflow: |
215 case errSSLModuleAttach: | 216 case errSSLModuleAttach: |
216 case errSSLSessionNotFound: | 217 case errSSLSessionNotFound: |
217 default: | 218 default: |
218 LOG(WARNING) << "Unknown error " << status << | 219 OSSTATUS_LOG(WARNING, status) |
219 " mapped to net::ERR_FAILED"; | 220 << "Unknown error mapped to net::ERR_FAILED"; |
220 return ERR_FAILED; | 221 return ERR_FAILED; |
221 } | 222 } |
222 } | 223 } |
223 | 224 |
224 OSStatus OSStatusFromNetError(int net_error) { | 225 OSStatus OSStatusFromNetError(int net_error) { |
225 switch (net_error) { | 226 switch (net_error) { |
226 case ERR_IO_PENDING: | 227 case ERR_IO_PENDING: |
227 return errSSLWouldBlock; | 228 return errSSLWouldBlock; |
228 case ERR_INTERNET_DISCONNECTED: | 229 case ERR_INTERNET_DISCONNECTED: |
229 case ERR_TIMED_OUT: | 230 case ERR_TIMED_OUT: |
230 case ERR_CONNECTION_ABORTED: | 231 case ERR_CONNECTION_ABORTED: |
231 case ERR_CONNECTION_RESET: | 232 case ERR_CONNECTION_RESET: |
232 case ERR_CONNECTION_REFUSED: | 233 case ERR_CONNECTION_REFUSED: |
233 case ERR_ADDRESS_UNREACHABLE: | 234 case ERR_ADDRESS_UNREACHABLE: |
234 case ERR_ADDRESS_INVALID: | 235 case ERR_ADDRESS_INVALID: |
235 return errSSLClosedAbort; | 236 return errSSLClosedAbort; |
236 case ERR_UNEXPECTED: | 237 case ERR_UNEXPECTED: |
237 return errSSLInternal; | 238 return errSSLInternal; |
238 case ERR_INVALID_ARGUMENT: | 239 case ERR_INVALID_ARGUMENT: |
239 return paramErr; | 240 return paramErr; |
240 case OK: | 241 case OK: |
241 return noErr; | 242 return noErr; |
242 default: | 243 default: |
243 LOG(WARNING) << "Unknown error " << net_error << | 244 LOG(WARNING) << "Unknown error " << net_error << " mapped to paramErr"; |
244 " mapped to paramErr"; | |
245 return paramErr; | 245 return paramErr; |
246 } | 246 } |
247 } | 247 } |
248 | 248 |
249 // Converts from a cipher suite to its key size. If the suite is marked with a | 249 // Converts from a cipher suite to its key size. If the suite is marked with a |
250 // **, it's not actually implemented in Secure Transport and won't be returned | 250 // **, it's not actually implemented in Secure Transport and won't be returned |
251 // (but we'll code for it anyway). The reference here is | 251 // (but we'll code for it anyway). The reference here is |
252 // http://www.opensource.apple.com/darwinsource/10.5.5/libsecurity_ssl-32463/lib
/cipherSpecs.c | 252 // http://www.opensource.apple.com/darwinsource/10.5.5/libsecurity_ssl-32463/lib
/cipherSpecs.c |
253 // Seriously, though, there has to be an API for this, but I can't find one. | 253 // Seriously, though, there has to be an API for this, but I can't find one. |
254 // Anybody? | 254 // Anybody? |
(...skipping 934 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1189 | 1189 |
1190 int SSLClientSocketMac::SetClientCert() { | 1190 int SSLClientSocketMac::SetClientCert() { |
1191 if (!ssl_config_.send_client_cert || !ssl_config_.client_cert) | 1191 if (!ssl_config_.send_client_cert || !ssl_config_.client_cert) |
1192 return noErr; | 1192 return noErr; |
1193 | 1193 |
1194 base::mac::ScopedCFTypeRef<CFArrayRef> cert_refs( | 1194 base::mac::ScopedCFTypeRef<CFArrayRef> cert_refs( |
1195 ssl_config_.client_cert->CreateClientCertificateChain()); | 1195 ssl_config_.client_cert->CreateClientCertificateChain()); |
1196 VLOG(1) << "SSLSetCertificate(" << CFArrayGetCount(cert_refs) << " certs)"; | 1196 VLOG(1) << "SSLSetCertificate(" << CFArrayGetCount(cert_refs) << " certs)"; |
1197 OSStatus result = SSLSetCertificate(ssl_context_, cert_refs); | 1197 OSStatus result = SSLSetCertificate(ssl_context_, cert_refs); |
1198 if (result) | 1198 if (result) |
1199 LOG(ERROR) << "SSLSetCertificate returned OSStatus " << result; | 1199 OSSTATUS_LOG(ERROR, result) << "SSLSetCertificate failed"; |
1200 return result; | 1200 return result; |
1201 } | 1201 } |
1202 | 1202 |
1203 int SSLClientSocketMac::DoPayloadRead() { | 1203 int SSLClientSocketMac::DoPayloadRead() { |
1204 size_t processed = 0; | 1204 size_t processed = 0; |
1205 OSStatus status = SSLRead(ssl_context_, user_read_buf_->data(), | 1205 OSStatus status = SSLRead(ssl_context_, user_read_buf_->data(), |
1206 user_read_buf_len_, &processed); | 1206 user_read_buf_len_, &processed); |
1207 if (status == errSSLWouldBlock && renegotiating_) { | 1207 if (status == errSSLWouldBlock && renegotiating_) { |
1208 CHECK_EQ(static_cast<size_t>(0), processed); | 1208 CHECK_EQ(static_cast<size_t>(0), processed); |
1209 next_handshake_state_ = STATE_HANDSHAKE; | 1209 next_handshake_state_ = STATE_HANDSHAKE; |
(...skipping 216 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1426 if (rv < 0 && rv != ERR_IO_PENDING) { | 1426 if (rv < 0 && rv != ERR_IO_PENDING) { |
1427 us->write_io_buf_ = NULL; | 1427 us->write_io_buf_ = NULL; |
1428 return OSStatusFromNetError(rv); | 1428 return OSStatusFromNetError(rv); |
1429 } | 1429 } |
1430 | 1430 |
1431 // always lie to our caller | 1431 // always lie to our caller |
1432 return noErr; | 1432 return noErr; |
1433 } | 1433 } |
1434 | 1434 |
1435 } // namespace net | 1435 } // namespace net |
OLD | NEW |