diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-25 01:55:04 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-08-25 01:55:04 +0000 |
| commit | baaf64aa6a8f6c6d4fb5f7f24a7864df240ce019 (patch) | |
| tree | baa9fc057d49603b01470fdb503c564a00b079b0 /net/socket | |
| parent | fd061a6017827421b66782eb576b480b939627e3 (diff) | |
| download | chromium_src-baaf64aa6a8f6c6d4fb5f7f24a7864df240ce019.zip chromium_src-baaf64aa6a8f6c6d4fb5f7f24a7864df240ce019.tar.gz chromium_src-baaf64aa6a8f6c6d4fb5f7f24a7864df240ce019.tar.bz2 | |
Fix a typo IsCertStatusError. It should be IsCertificateError.
This typo causes us to call GetServerCert at the wrong time. We found
that SSLCopyPeerCertificates may succeed (return noErr) but return a
nil CFArrayRef. So we check for that to avoid a crash.
Finally, errSSLIllegalParam means we received an SSL invalid_parameter
error alert message, rather than an invalid function argument. It
should be mapped to ERR_SSL_PROTOCOL_ERROR.
R=avi
BUG=http://crbug.com/19837
TEST=Visit https://stud.infostud.uniroma1.it:4445/Sest/Log/Corpo.html.
Chromium should not crash.
Review URL: http://codereview.chromium.org/173328
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24209 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_mac.cc | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc index 2fe9743..6684398 100644 --- a/net/socket/ssl_client_socket_mac.cc +++ b/net/socket/ssl_client_socket_mac.cc @@ -92,7 +92,6 @@ int NetErrorFromOSStatus(OSStatus status) { switch (status) { case errSSLWouldBlock: return ERR_IO_PENDING; - case errSSLIllegalParam: case errSSLBadCipherSuite: case errSSLBadConfiguration: return ERR_INVALID_ARGUMENT; @@ -105,6 +104,8 @@ int NetErrorFromOSStatus(OSStatus status) { case errSSLInternal: case errSSLCrypto: case errSSLFatalAlert: + case errSSLIllegalParam: // Received an illegal_parameter alert. + case errSSLPeerUnexpectedMsg: // Received an unexpected_message alert. case errSSLProtocol: return ERR_SSL_PROTOCOL_ERROR; case errSSLHostNameMismatch: @@ -246,7 +247,8 @@ int KeySizeOfCipherSuite(SSLCipherSuite suite) { X509Certificate* GetServerCert(SSLContextRef ssl_context) { CFArrayRef certs; OSStatus status = SSLCopyPeerCertificates(ssl_context, &certs); - if (status != noErr) + // SSLCopyPeerCertificates may succeed but return a null |certs|. + if (status != noErr || !certs) return NULL; DCHECK_GT(CFArrayGetCount(certs), 0); @@ -529,7 +531,7 @@ int SSLClientSocketMac::DoHandshake() { } } } - } else if (IsCertStatusError(net_error)) { + } else if (IsCertificateError(net_error)) { server_cert_ = GetServerCert(ssl_context_); DCHECK(server_cert_); server_cert_status_ |= MapNetErrorToCertStatus(net_error); |