diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-06 17:41:47 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-10-06 17:41:47 +0000 |
| commit | 728c72f5abd14fada1f1ee94da5e9f2dc82a7a14 (patch) | |
| tree | e7ecb67940f9d6cbd8321ee1b38b9b21bc03863b /net/socket/ssl_client_socket_win.cc | |
| parent | d5e2907a440bde300cd270f7056b270837c606f7 (diff) | |
| download | chromium_src-728c72f5abd14fada1f1ee94da5e9f2dc82a7a14.zip chromium_src-728c72f5abd14fada1f1ee94da5e9f2dc82a7a14.tar.gz chromium_src-728c72f5abd14fada1f1ee94da5e9f2dc82a7a14.tar.bz2 | |
Use the SecInvalidateHandle and SecIsValidHandle macros
to reset and test a CredHandle.
Pass 0 instead of SECURITY_NATIVE_DREP to InitializeSecurityContext,
according MSDN documentation.
Print the contents of creds_ when InitializeSecurityContext
fails with SEC_E_INVALID_HANDLE.
R=eroman
BUG=55678
TEST=none
Review URL: http://codereview.chromium.org/3588009
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61667 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket_win.cc')
| -rw-r--r-- | net/socket/ssl_client_socket_win.cc | 27 |
1 files changed, 18 insertions, 9 deletions
diff --git a/net/socket/ssl_client_socket_win.cc b/net/socket/ssl_client_socket_win.cc index 1146fdf..67e3f3f 100644 --- a/net/socket/ssl_client_socket_win.cc +++ b/net/socket/ssl_client_socket_win.cc @@ -89,12 +89,11 @@ enum { class CredHandleClass : public CredHandle { public: CredHandleClass() { - dwLower = 0; - dwUpper = 0; + SecInvalidateHandle(this); } ~CredHandleClass() { - if (dwLower || dwUpper) { + if (SecIsValidHandle(this)) { SECURITY_STATUS status = FreeCredentialsHandle(this); DCHECK(status == SEC_E_OK); } @@ -128,7 +127,7 @@ class CredHandleTable { } else { handle = &anonymous_creds_[ssl_version_mask]; } - if (!handle->dwLower && !handle->dwUpper) + if (!SecIsValidHandle(handle)) InitializeHandle(handle, client_cert, ssl_version_mask); return handle; } @@ -224,7 +223,7 @@ void CredHandleTable::InitializeHandle(CredHandle* handle, handle, &expiry); // Optional if (status != SEC_E_OK) { - DLOG(ERROR) << "AcquireCredentialsHandle failed: " << status; + LOG(ERROR) << "AcquireCredentialsHandle failed: " << status; // GetHandle will return a pointer to an uninitialized CredHandle, which // will cause InitializeSecurityContext to fail with SEC_E_INVALID_HANDLE. } @@ -564,7 +563,7 @@ int SSLClientSocketWin::InitializeSSLContext() { const_cast<wchar_t*>(ASCIIToWide(hostname_).c_str()), flags, 0, // Reserved - SECURITY_NATIVE_DREP, // TODO(wtc): MSDN says this should be set to 0. + 0, // Not used with Schannel. NULL, // NULL on the first call 0, // Reserved &ctxt_, // Receives the new context handle @@ -573,6 +572,16 @@ int SSLClientSocketWin::InitializeSSLContext() { &expiry); if (status != SEC_I_CONTINUE_NEEDED) { LOG(ERROR) << "InitializeSecurityContext failed: " << status; + if (status == SEC_E_INVALID_HANDLE) { + // The only handle we passed to this InitializeSecurityContext call is + // creds_, so print its contents to figure out why it's invalid. + if (creds_) { + LOG(ERROR) << "creds_->dwLower = " << creds_->dwLower + << "; creds_->dwUpper = " << creds_->dwUpper; + } else { + LOG(ERROR) << "creds_ is NULL"; + } + } return MapSecurityError(status); } @@ -590,9 +599,9 @@ void SSLClientSocketWin::Disconnect() { if (send_buffer_.pvBuffer) FreeSendBuffer(); - if (ctxt_.dwLower || ctxt_.dwUpper) { + if (SecIsValidHandle(&ctxt_)) { DeleteSecurityContext(&ctxt_); - memset(&ctxt_, 0, sizeof(ctxt_)); + SecInvalidateHandle(&ctxt_); } if (server_cert_) server_cert_ = NULL; @@ -906,7 +915,7 @@ int SSLClientSocketWin::DoHandshakeReadComplete(int result) { NULL, flags, 0, - SECURITY_NATIVE_DREP, + 0, &in_buffer_desc, 0, NULL, |