summaryrefslogtreecommitdiffstats
path: root/net/base/ssl_client_socket_win.h
Commit message (Collapse)AuthorAgeFilesLines
* Move socket related files from net/base to net/socket.willchan@chromium.org2009-06-221-157/+0
| | | | | | Review URL: http://codereview.chromium.org/144009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18985 0039d316-1c4b-4281-b951-d872f2087c98
* Specify new methods for supporting SSL client authentication.wtc@chromium.org2009-06-121-4/+2
| | | | | | | | | | | | | | | | | See the changes to url_request.h and ssl_cert_request_info.h. They are similar to the methods for handling SSL certificate errors and HTTP authentication. The handling of servers that request but don't require SSL client authentication is reimplemented using the new methods. R=rvargas,eroman BUG=http://crbug.com/318 TEST=none Review URL: http://codereview.chromium.org/118039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18322 0039d316-1c4b-4281-b951-d872f2087c98
* We don't handle certificate errors during SSL renegotiation.wtc@chromium.org2009-06-091-0/+1
| | | | | | | | | | | | | | | | | | In the common case, the server sends the same certificate during renegotiation. Since the certificate has been verified, we can assume the certificate is good or has been accepted by the user. If the server sends a different certificate that has an error, we need to return an error code that won't trigger our certificate error handling code, which doesn't handle this case correctly. Add the ERR_CERT_ERROR_IN_SSL_RENEGOTIATION error for this purpose. R=rvargas BUG=http://crbug.com/13226 TEST=See http://crbug.com/13226 comment 9 Review URL: http://codereview.chromium.org/118410 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@17919 0039d316-1c4b-4281-b951-d872f2087c98
* Extend the use of IOBuffers to the code underneathrvargas@google.com2009-04-301-3/+6
| | | | | | | | | | | | | | HttpNetworkTransaction (to the Socket class). This is the first step to remove the blocking call on the destructor of the network transaction, from IO thread. BUG=9258 R=wtc Review URL: http://codereview.chromium.org/87073 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@14998 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the now-superfluous STATE_CONNECT and STATE_CONNECT_COMPLETED from ↵markus@chromium.org2009-04-031-4/+0
| | | | | | | | | | | | | | | | SSLClientSocketWin and SSLClientSocketMac. Collapse the DoConnect() and DoConnectComplete() functions into the Connect() function. Make SSLClientSocketWin accept known-bad certificates that are listed in the ssl_config_. This code path is not normally exercised on Windows, but it mirrors what Linux does when the user accepts a bad certificate. SSLClientSocketMac still cannot support ContinueDespiteLastError(). From looking at the Mac SSL API, it looks as if we have to explicitly disable checking of certificates and then do our own verification the same way that Windows does. Ultimately, Linux should do this, too. It avoid having to open a new socket each time we encounter a known-bad certificate. Review URL: http://codereview.chromium.org/60023 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@13105 0039d316-1c4b-4281-b951-d872f2087c98
* Resubmitted code from revision 12809. The bug in the Windows SSL stack thatmarkus@chromium.org2009-03-311-1/+0
| | | | | | | this code originally uncovered has been fixed in a separate changelist. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12876 0039d316-1c4b-4281-b951-d872f2087c98
* Reverting, as this changelist broke unittests on Windows.markus@chromium.org2009-03-301-0/+1
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12816 0039d316-1c4b-4281-b951-d872f2087c98
* Change the bad-certificate handler for SSL (using NSS) to return anmarkus@chromium.org2009-03-301-1/+0
| | | | | | | | | | | | | | | | | | | | | | | error. This requires a few additional changes in the rest of the code. In particular, we now have to teach HttpNetworkTransaction about how to restart connections with bad certificates. This was originally intended to be done by ReconnectIgnoringLastError(), but that API turns out be very difficult to implement in the SSLClientSocket. So, instead, we just create a completely new SSLClientSocket. We also have to be careful to store a copy of the certificate from within the bad-certificate handler, as it won't be available by the time GetSSLInfo() is called. And we fix a bug that would cause us to erroneously talk SSL on reconnected TCP sockets, even though we were still supposed to negotiate a proxy tunnel first. Review URL: http://codereview.chromium.org/43115 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12809 0039d316-1c4b-4281-b951-d872f2087c98
* Implement SSL renegotiation.wtc@chromium.org2009-03-201-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | In the Windows Schannel API, a server requests renegotiation when DecryptMessage (decrypting received data) returns SEC_I_RENEGOTIATE. We need to jump to the handshake sequence, and when handshake completes, come back to reading data. I also cleaned up the code. I created the SetNextStateForRead and FreeSendBuffer functions to share common code, and made sure our handshake sequence is completely equivalent to the handshake sequence in the Platform SDK WebClient.c sample. R=rvargas BUG=6893 TEST=Visit these sites, which request SSL renegotiation: https://secure.skandiabanken.se/Skbsecure/LoginInternet/SKBLoginInternet.aspx https://secure.skandiabanken.no/SkbSecure/Authentication/Otp/Default.ashx https://www.myopenid.com/signin_certificate Review URL: http://codereview.chromium.org/42380 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@12229 0039d316-1c4b-4281-b951-d872f2087c98
* NO CODE CHANGEdeanm@chromium.org2009-03-111-1/+0
| | | | | | | | | Normalize end of file newlines in net/. All files end in a single newline. Review URL: http://codereview.chromium.org/43079 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@11442 0039d316-1c4b-4281-b951-d872f2087c98
* If an idle socket has received data unexpectedly, we can'twtc@chromium.org2009-02-191-0/+1
| | | | | | | | | | | | | | reuse it. Add the IsConnectedAndIdle method, which returns true if the connection is still alive and idle (hasn't received any data unexpectedly). R=eroman BUG=4606 Review URL: http://codereview.chromium.org/21501 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@10060 0039d316-1c4b-4281-b951-d872f2087c98
* Add X509Certificate::Verify stubs for Mac and Linux.wtc@chromium.org2009-02-051-1/+1
| | | | | | | | | | | | | | | | | They do nothing but return ERR_NOT_IMPLEMENTED. In SSLClientSocketWin, call X509Certificate::CreateFromHandle only once and store the result in the server_cert_ member. Add the CertVerifyResult::Reset method to clear all members. R=eroman BUG=3592 Review URL: http://codereview.chromium.org/21071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9272 0039d316-1c4b-4281-b951-d872f2087c98
* Move certificate verification off the IO thread.wtc@chromium.org2009-02-031-3/+9
| | | | | | | | | | | | | | | | Move the MapNetErrorToCertStatus and MapCertStatusToNetError functions to cert_status_flags.h so they can be shared with Mac and Linux code. Move the certificate verification function to the X509Certificate class. Right now X509Certificate::Verify is only implemented on Windows. R=eroman BUG=3592 Review URL: http://codereview.chromium.org/14915 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9084 0039d316-1c4b-4281-b951-d872f2087c98
* Measure how often the users are encountering MD5wtc@google.com2009-01-121-0/+1
| | | | | | | | | | certificates. R=jar BUG=6102 Review URL: http://codereview.chromium.org/17471 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@7882 0039d316-1c4b-4281-b951-d872f2087c98
* Enable SSL session resumption by using shared Schannelwtc@google.com2008-11-041-1/+1
| | | | | | | | | | CredHandles instead of per-socket CredHandles. R=darin,maruel BUG=3560 Review URL: http://codereview.chromium.org/8950 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@4521 0039d316-1c4b-4281-b951-d872f2087c98
* We don't support SSL renegotiation yet. Add thewtc@google.com2008-10-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | ERR_SSL_RENEGOTIATION_REQUESTED error code for when we received a renegotiation request from a server. Support the completion of an SSL handshake after we write something. (This happens in a session resumption handshake.) Use the SSL configuration settings to turn on or turn off various versions of the SSL protocol and server certificate revocation checking. Report all the errors of a certificate and whether revocation checking was done in in the server_cert_status_ bitmask. Create a new scoped_cert_chain_context.h header for the ScopedCertChainContext class that used to be in x509_certificate_win.cc, and use it to fix a leak of chain_context on error paths in SSLClientSocketWin::VerifyServerCert. R=rvargas BUG=3002,3003,3004 Review URL: http://codereview.chromium.org/7505 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3664 0039d316-1c4b-4281-b951-d872f2087c98
* Turn SSLClientSocket into an interface.wtc@google.com2008-10-151-0/+139
The original ssl_client_socket.{h,cc} are renamed ssl_client_socket_win.{h,cc}. The new ssl_client_socket.h defines the SSLClientSocket interface, which simply extends the ClientSocket interface with a new GetSSLInfo method. ClientSocketFactory::CreateSSLClientSocket returns SSLClientSocket* instead of ClientSocket*. Replace the SSL protocol version mask parameter to the constructor and factory method by a SSLConfig parameter. R=darin Review URL: http://codereview.chromium.org/7304 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3387 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-14 21:51:51 +0000