diff options
| author | hayato@chromium.org <hayato@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-11 03:12:08 +0000 |
|---|---|---|
| committer | hayato@chromium.org <hayato@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-06-11 03:12:08 +0000 |
| commit | 2028539fd25578e5725e528d8a2de8f53923576d (patch) | |
| tree | eb1ec876d2fcb69682da38588eb7d7468c9b937b /net | |
| parent | 772745f0895e84b6ba2dbc32ea26993e67d64b7e (diff) | |
| download | chromium_src-2028539fd25578e5725e528d8a2de8f53923576d.zip chromium_src-2028539fd25578e5725e528d8a2de8f53923576d.tar.gz chromium_src-2028539fd25578e5725e528d8a2de8f53923576d.tar.bz2 | |
Revert 49489 - Use NSS for SSL by default on Mac OS X.
To use Mac OS X Secure Transport in Chromium, specify the --use-system-ssl
command-line switch, which also replaced the --use-schannel command-line
switch for Windows. All other programs are hardcoded to use NSS for SSL.
If SSL client authentication is requested, fall back on Mac OS X Secure
Transport for now.
R=mark,mbelshe
BUG=30689
TEST=none
Review URL: http://codereview.chromium.org/2747002
TBR=wtc@chromium.org
Review URL: http://codereview.chromium.org/2775005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49496 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net')
| -rw-r--r-- | net/net.gyp | 18 | ||||
| -rw-r--r-- | net/socket/client_socket_factory.cc | 9 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_mac_factory.cc | 18 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_mac_factory.h | 20 | ||||
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 34 |
5 files changed, 11 insertions, 88 deletions
diff --git a/net/net.gyp b/net/net.gyp index 3dc5b4a..eb6686a 100644 --- a/net/net.gyp +++ b/net/net.gyp @@ -446,12 +446,10 @@ 'socket/ssl_client_socket.h', 'socket/ssl_client_socket_mac.cc', 'socket/ssl_client_socket_mac.h', - 'socket/ssl_client_socket_mac_factory.cc', - 'socket/ssl_client_socket_mac_factory.h', - 'socket/ssl_client_socket_nss.cc', - 'socket/ssl_client_socket_nss.h', 'socket/ssl_client_socket_nss_factory.cc', 'socket/ssl_client_socket_nss_factory.h', + 'socket/ssl_client_socket_nss.cc', + 'socket/ssl_client_socket_nss.h', 'socket/ssl_client_socket_win.cc', 'socket/ssl_client_socket_win.h', 'socket/tcp_client_socket.h', @@ -554,6 +552,10 @@ ], }], [ 'OS == "linux" or OS == "freebsd" or OS == "openbsd"', { + 'sources!': [ + 'socket/ssl_client_socket_nss_factory.cc', + 'socket/ssl_client_socket_nss_factory.h', + ], 'dependencies': [ '../build/linux/system.gyp:gconf', '../build/linux/system.gyp:gdk', @@ -586,8 +588,6 @@ { # else: OS != "win" 'sources!': [ 'proxy/proxy_resolver_winhttp.cc', - 'socket/ssl_client_socket_nss_factory.cc', - 'socket/ssl_client_socket_nss_factory.h', ], }, ], @@ -603,12 +603,6 @@ ] }, }, - { # else: OS != "mac" - 'sources!': [ - 'socket/ssl_client_socket_mac_factory.cc', - 'socket/ssl_client_socket_mac_factory.h', - ], - }, ], ], }, diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc index db819db..24d9e39 100644 --- a/net/socket/client_socket_factory.cc +++ b/net/socket/client_socket_factory.cc @@ -12,7 +12,6 @@ #include "net/socket/ssl_client_socket_nss.h" #elif defined(OS_MACOSX) #include "net/socket/ssl_client_socket_mac.h" -#include "net/socket/ssl_client_socket_nss.h" #endif #include "net/socket/tcp_client_socket.h" @@ -29,13 +28,7 @@ SSLClientSocket* DefaultSSLClientSocketFactory( #elif defined(USE_NSS) return new SSLClientSocketNSS(transport_socket, hostname, ssl_config); #elif defined(OS_MACOSX) - // TODO(wtc): SSLClientSocketNSS can't do SSL client authentication using - // Mac OS X CDSA/CSSM yet (http://crbug.com/45369), so fall back on - // SSLClientSocketMac. - if (ssl_config.client_cert) - return new SSLClientSocketMac(transport_socket, hostname, ssl_config); - - return new SSLClientSocketNSS(transport_socket, hostname, ssl_config); + return new SSLClientSocketMac(transport_socket, hostname, ssl_config); #else NOTIMPLEMENTED(); return NULL; diff --git a/net/socket/ssl_client_socket_mac_factory.cc b/net/socket/ssl_client_socket_mac_factory.cc deleted file mode 100644 index f2884e9..0000000 --- a/net/socket/ssl_client_socket_mac_factory.cc +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/socket/client_socket_factory.h" - -#include "net/socket/ssl_client_socket_mac.h" - -namespace net { - -SSLClientSocket* SSLClientSocketMacFactory( - ClientSocket* transport_socket, - const std::string& hostname, - const SSLConfig& ssl_config) { - return new SSLClientSocketMac(transport_socket, hostname, ssl_config); -} - -} // namespace net diff --git a/net/socket/ssl_client_socket_mac_factory.h b/net/socket/ssl_client_socket_mac_factory.h deleted file mode 100644 index 8a0fe0c..0000000 --- a/net/socket/ssl_client_socket_mac_factory.h +++ /dev/null @@ -1,20 +0,0 @@ -// Copyright (c) 2010 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_MAC_FACTORY_H_ -#define NET_SOCKET_SSL_CLIENT_SOCKET_MAC_FACTORY_H_ - -#include "net/socket/client_socket_factory.h" - -namespace net { - -// Creates SSLClientSocketMac objects. -SSLClientSocket* SSLClientSocketMacFactory( - ClientSocket* transport_socket, - const std::string& hostname, - const SSLConfig& ssl_config); - -} // namespace net - -#endif // NET_SOCKET_SSL_CLIENT_SOCKET_MAC_FACTORY_H_ diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 44aa579..085e52c 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -1268,36 +1268,10 @@ SECStatus SSLClientSocketNSS::ClientAuthHandler( // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. return SECWouldBlock; #elif defined(OS_MACOSX) - if (that->ssl_config_.send_client_cert) { - // TODO(wtc): SSLClientSocketNSS can't do SSL client authentication using - // CDSA/CSSM yet (http://crbug.com/45369), so client_cert must be NULL. - DCHECK(!that->ssl_config_.client_cert); - // Send no client certificate. - return SECFailure; - } - - that->client_certs_.clear(); - - // First, get the cert issuer names allowed by the server. - std::vector<CertPrincipal> valid_issuers; - int n = ca_names->nnames; - for (int i = 0; i < n; i++) { - // Parse each name into a CertPrincipal object. - CertPrincipal p; - if (p.ParseDistinguishedName(ca_names->names[i].data, - ca_names->names[i].len)) { - valid_issuers.push_back(p); - } - } - - // Now get the available client certs whose issuers are allowed by the server. - X509Certificate::GetSSLClientCertificates(that->hostname_, - valid_issuers, - &that->client_certs_); - - // Tell NSS to suspend the client authentication. We will then abort the - // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED. - return SECWouldBlock; + // TODO(wtc): see http://crbug.com/45369. + // Not implemented. Send no client certificate. + PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); + return SECFailure; #else CERTCertificate* cert = NULL; SECKEYPrivateKey* privkey = NULL; |