summaryrefslogtreecommitdiffstats
path: root/net/socket/ssl_client_socket_mac.cc
Commit message (Collapse)AuthorAgeFilesLines
* Mac: Make client-cert picker only show certs the server will accept.snej@chromium.org2010-03-261-8/+21
| | | | | | | | | | | BUG=38691 TEST=manual testing with various sites Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=42822 Review URL: http://codereview.chromium.org/1128008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42859 0039d316-1c4b-4281-b951-d872f2087c98
* Revert due to compile failuresamit@chromium.org2010-03-261-21/+8
| | | | | | | | | | | | | Revert 42822 - Mac: Make clientcert picker only show certs the server will accept. BUG=38691 TEST=manual testing with various sites Review URL: http://codereview.chromium.org/1128008 TBR=snej@chromium.org Review URL: http://codereview.chromium.org/1417003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42830 0039d316-1c4b-4281-b951-d872f2087c98
* Mac: Make client-cert picker only show certs the server will accept.snej@chromium.org2010-03-261-8/+21
| | | | | | | | | BUG=38691 TEST=manual testing with various sites Review URL: http://codereview.chromium.org/1128008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42822 0039d316-1c4b-4281-b951-d872f2087c98
* Improved SSL handshake processing on Mac.snej@chromium.org2010-03-191-51/+73
| | | | | | | | | | We now guarantee the server cert is verified before sending a client cert. BUG=38550 TEST=none (manual testing with five different public sites that use client certs) Review URL: http://codereview.chromium.org/1116003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42149 0039d316-1c4b-4281-b951-d872f2087c98
* Mac: Ignoring optional client-cert requests from serversnej@chromium.org2010-03-161-24/+76
| | | | | | | | | BUG=37765 TEST=none Review URL: http://codereview.chromium.org/746002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41742 0039d316-1c4b-4281-b951-d872f2087c98
* Generalize the net module's LoadLog facility from a passive container, to an ↵eroman@chromium.org2010-03-161-10/+10
| | | | | | | | | | | | | | | | event stream (NetLog). This makes it possible to associate a single NetLog with a URLRequestContext, and then attach observers to that log to watch the stream of events. This changelist attempts to do the most direct translation, so there will be subsequent iterations to clean up. The user-visible behavior should remain unchanged. BUG=37421 Review URL: http://codereview.chromium.org/848006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41689 0039d316-1c4b-4281-b951-d872f2087c98
* Thread-safety for X509Certificate's intermediate-certs list.snej@chromium.org2010-03-051-14/+7
| | | | | | | | | BUG=32553,30001 TEST=none Review URL: http://codereview.chromium.org/661223 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40797 0039d316-1c4b-4281-b951-d872f2087c98
* Always call SSLSetPeerDomainName. The SSLSetPeerDomainName call waswtc@chromium.org2010-03-051-8/+7
| | | | | | | | | | | put inside an if statement by mistake. R=snej BUG=30684 TEST=none Review URL: http://codereview.chromium.org/669207 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40794 0039d316-1c4b-4281-b951-d872f2087c98
* Mac: Work around SSL renegotiation problems with client certs.snej@chromium.org2010-03-051-10/+15
| | | | | | | | | | I've gotten several sites (startcom and foaf.me) to work by aborting the connection on renegotiation, telling the caller to ask for a client cert, and then when a client cert is provided not enabling break-on-auth. BUG=36207 TEST=none Review URL: http://codereview.chromium.org/669110 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40762 0039d316-1c4b-4281-b951-d872f2087c98
* Revert my last commit 'cause it breaks net unit tests on OS X 10.6 :(snej@chromium.org2010-03-051-7/+14
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40743 0039d316-1c4b-4281-b951-d872f2087c98
* Thread-safety for X509Certificate's intermediate-certs list.snej@chromium.org2010-03-051-14/+7
| | | | | | | | | BUG=32553,30001 TEST=none Review URL: http://codereview.chromium.org/661223 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@40742 0039d316-1c4b-4281-b951-d872f2087c98
* Add TLS server_name extension support for Mac Chrome.wtc@chromium.org2010-02-241-0/+8
| | | | | | | | | | | | | | | | | | This enables server name indication (SNI) support. Patch written by Paul Kehrer <paul.l.kehrer@gmail.com>. Original review URL: http://codereview.chromium.org/656024 R=wtc BUG=30684 TEST=Go to https://carol.sni.velox.ch/ or https://xn--k4h.ws (an IDN SNI site Paul Kehrer uses for testing). Without the patch the latter will throw up a cert error, while the former will have text stating that the server_name extension is not present. Review URL: http://codereview.chromium.org/660005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39934 0039d316-1c4b-4281-b951-d872f2087c98
* Mac client-side SSL cert improvements.snej@chromium.org2010-02-241-1/+2
| | | | | | | | | | | Allow Netscape-style client certs. Remember which identity the user chooses for a domain, and put it at the top of the list next time. BUG=36316,36446 TEST=none Review URL: http://codereview.chromium.org/651090 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39904 0039d316-1c4b-4281-b951-d872f2087c98
* Really connect to the same server in FTP network transaction.phajdan.jr@chromium.org2010-02-201-18/+20
| | | | | | | | | | | | Also create necessary infrastructure to know the address a client socket is connected to. TEST=Covered by net_unittests. BUG=35670 Review URL: http://codereview.chromium.org/598071 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39559 0039d316-1c4b-4281-b951-d872f2087c98
* Make dynamic access to SSLSetSessionOption static.mark@chromium.org2010-02-191-1/+1
| | | | | | | | | | It's not often that you can make something both dynamic and static. BUG=16831 TEST=none Review URL: http://codereview.chromium.org/651055 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39485 0039d316-1c4b-4281-b951-d872f2087c98
* Fix SSLSessionOption's name. It's not SSLSetSessionOptionType.mark@chromium.org2010-02-191-2/+2
| | | | | | | | | | | | Getting the name right is important if this code is to compile with both the 10.5 SDK (where we define the type) and the 10.6 SDK (where the system defines it). The error was introduced in r39389. BUG=16831 TEST=10.6 SDK build Review URL: http://codereview.chromium.org/651044 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39467 0039d316-1c4b-4281-b951-d872f2087c98
* Client-side SSL cert support for Mac.snej@chromium.org2010-02-181-56/+121
| | | | | | | | | | This includes sending an existing identity cert, and asking the user which cert to use. Doesn't yet handle SSL renegotiation, or key-gen. BUG=16831 TEST=none Review URL: http://codereview.chromium.org/604067 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39389 0039d316-1c4b-4281-b951-d872f2087c98
* Turn GetPeerName into a pure virtual and provide local impls, this way any ↵thomasvl@chromium.org2010-01-201-0/+4
| | | | | | | | | | future bugs like the one referenced are compile time and not runtime so they won't wide waiting to be found. BUG=32595 TEST=everything builds and tests pass Review URL: http://codereview.chromium.org/552048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36629 0039d316-1c4b-4281-b951-d872f2087c98
* Enable SSL 2.0 cipher suites. Although SSL 2.0 is disabled by default,wtc@chromium.org2010-01-151-1/+3
| | | | | | | | | | | the SSL 2.0 cipher suites must be available if SSL 2.0 is enabled. R=mark BUG=30682 TEST=none Review URL: http://codereview.chromium.org/552014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36428 0039d316-1c4b-4281-b951-d872f2087c98
* Support the ECC cipher suites added in Mac OS X 10.6.wtc@chromium.org2010-01-151-1/+171
| | | | | | | | | | | | | | Disable weak cipher suites (< 80 bits of security), anonymous cipher suites, and FORTEZZA and IDEA cipher suites. R=mark BUG=30682,30160,31995 TEST=Visit https://sa.www4.irs.gov/modiein/individual/index.jsp. We should be able to load the page rather than getting the ERR_UNEXPECTED error. Review URL: http://codereview.chromium.org/545036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36373 0039d316-1c4b-4281-b951-d872f2087c98
* Changed catch-all Mac SSL OSStatus error to paramErr.akalin@chromium.org2010-01-061-2/+9
| | | | | | | | | | | | | Added net::ERR_UNEXPECTED <=> errSSLInternal mapping. Added net::ERR_INVALID_ARGUMENT => paramErr mapping. BUG=none TEST=trybots Review URL: http://codereview.chromium.org/515049 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35650 0039d316-1c4b-4281-b951-d872f2087c98
* Fix SSL error code for unexpected errSSLClosedGraceful on Mackinuko@chromium.org2009-12-181-3/+4
| | | | | | | | | | | Fixing error code and style issues in http://codereview.chromium.org/500018 BUG=29711 TEST=ExtensionApiTest.CrossOriginXHR Review URL: http://codereview.chromium.org/503038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34934 0039d316-1c4b-4281-b951-d872f2087c98
* [Mac] Fixes SSLClientSocketMac to report net::ERR_SSL_PROTOCOL_ERROR when ↵andybons@chromium.org2009-12-161-2/+1
| | | | | | | | | | the server closes the TCP connection during SSL handshake. TEST=Go to http://sbbt.com and it should redirect instead of giving a Page Not Available response. BUG=29881 Review URL: http://codereview.chromium.org/500067 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34731 0039d316-1c4b-4281-b951-d872f2087c98
* Handle unexpected connection close during SSL handshake on Mackinuko@chromium.org2009-12-151-0/+7
| | | | | | | | | | | | | | | SSLHandlshake may return errSSLClosedGraceful error code which is interpreted as net::OK by NetErrorFromOSStatus, but the caller code sometimes do not check status!=noErr cases if net_error==OK, and this can lead unexpected status in the handshake sequence (and causes ExtensionApiTest.CrossOriginXHR failure on Mac). BUG=29711 TEST=ExtensionApiTest.CrossOriginXHR Review URL: http://codereview.chromium.org/500018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34555 0039d316-1c4b-4281-b951-d872f2087c98
* Rename GetNextProtocol -> GetNextProtoagl@chromium.org2009-12-111-1/+1
| | | | | | | | Following up on wtc's comments. http://codereview.chromium.org/484005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34370 0039d316-1c4b-4281-b951-d872f2087c98
* Add GetNextProtocol method to SSLClientSocket.agl@chromium.org2009-12-101-0/+6
| | | | | | http://codereview.chromium.org/484005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34288 0039d316-1c4b-4281-b951-d872f2087c98
* Define X509Certificate::intermediate_ca_certs_ as a std::vector ofwtc@chromium.org2009-12-091-1/+5
| | | | | | | | | | | | | | | | OSCertHandle so that we can also use it on Windows. Remove the unused SSLClientSocketMac::intermediate_certs_ member. R=hawk BUG=28744 TEST=Can visit good HTTPS sites with no certificate errors. Clicking the "Certificate information" button in the page security information window should show a complete certificate chain (as opposed to just the server certificate). Review URL: http://codereview.chromium.org/452042 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34175 0039d316-1c4b-4281-b951-d872f2087c98
* Comment typo.avi@chromium.org2009-12-041-1/+1
| | | | | | | | | BUG=none TEST=none Review URL: http://codereview.chromium.org/462040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33864 0039d316-1c4b-4281-b951-d872f2087c98
* Do not call GetServerCert whenever SSLHandshake returns. Callwtc@chromium.org2009-12-011-8/+13
| | | | | | | | | | | | | | | GetServerCert only when we're about to verify a certificate or SSLHandshake fails with a certificate error. This allows us to remove the null pointer test for |certs| in GetServerCert. Remove the TAB characters reported by cpplint.py. R=hawk BUG=none TEST=none Review URL: http://codereview.chromium.org/351033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33499 0039d316-1c4b-4281-b951-d872f2087c98
* Improve Mac SSL code:avi@chromium.org2009-11-061-114/+23
| | | | | | | | | | | | - Ensure that when OnTransportWriteComplete calls back to SSLWriteCallback, SSLWriteCallback doesn't think that a write is in progress (it _was_, but now it's complete and has to be done again). - Remove all the "slop" variables; they're not needed now that we have independent IOBuffers to call back to our transport. BUG=http://crbug.com/21268 TEST=as in bug Review URL: http://codereview.chromium.org/371008 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31227 0039d316-1c4b-4281-b951-d872f2087c98
* Add LoadLog to ClientSocket::Connect().willchan@chromium.org2009-11-021-95/+119
| | | | | | | | TODO: Use LoadLog in FLIP code. Review URL: http://codereview.chromium.org/344026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30765 0039d316-1c4b-4281-b951-d872f2087c98
* Map errSSLPeerHandshakeFail to ERR_SSL_PROTOCOL_ERROR.willchan@chromium.org2009-10-291-0/+3
| | | | | | | | | BUG=http://crbug.com/22623 TEST=Browse to https://www.bankalbilad.com.sa/retail/logon.do. It should fallback from TLS to SSL and thus properly display the page instead of showing an error. Review URL: http://codereview.chromium.org/347011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30406 0039d316-1c4b-4281-b951-d872f2087c98
* Make SSLClientSocketMac full-duplexukai@chromium.org2009-10-231-120/+137
| | | | | | | | | BUG=13289,12497 TEST=visit https site and works as before Review URL: http://codereview.chromium.org/266078 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29863 0039d316-1c4b-4281-b951-d872f2087c98
* Enable certificate revocation and EV certificate validation for Machawk@chromium.org2009-10-161-2/+4
| | | | | | | | BUG=13377,10910 TEST=none yet, awaiting aonther CL that hooks up the UI Review URL: http://codereview.chromium.org/209040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29219 0039d316-1c4b-4281-b951-d872f2087c98
* Remember the server certificate on Mac OS X even if the handshake failshawk@chromium.org2009-10-131-1/+4
| | | | | | | | BUG=23569 TEST=https://rbacpro.sftcomp.ru/ should report "invalid certificate" rather than crash Review URL: http://codereview.chromium.org/270034 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@28883 0039d316-1c4b-4281-b951-d872f2087c98
* Uncouple the cert verifier when disconnecting to avoid a callback after a ↵hawk@chromium.org2009-09-151-0/+2
| | | | | | | | | | SSLClientSocketMac object has bee freed. BUG=21832 TEST=none Review URL: http://codereview.chromium.org/206007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26236 0039d316-1c4b-4281-b951-d872f2087c98
* Add methods for setting socket buffers to the Socket mbelshe@google.com2009-09-091-0/+8
| | | | | | | | | | | | class. Also add a few stats counters for TCP read/write stats. BUG=none TEST=none Review URL: http://codereview.chromium.org/199048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25803 0039d316-1c4b-4281-b951-d872f2087c98
* Enable SSL session resumption for Mac OS X.hawk@chromium.org2009-09-031-26/+132
| | | | | | | | BUG=19049 TEST=https sites perform identically under Mac OS X <= 10.5.6 and Mac OS X >= 10.5.7 (in particular, https://test-ssev.verisign.com/ and the three pages linked from there) Review URL: http://codereview.chromium.org/177014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25399 0039d316-1c4b-4281-b951-d872f2087c98
* Enable SSLClientSocketTest unit tests on Mac OS X by implementing our own ↵hawk@chromium.org2009-08-271-45/+64
| | | | | | | | | | certificate validation code. This gives us proper hostname matching, multiple error codes (e.g., before a certificate could be marked as expired or untrusted, but not both), revocation checking, and EV certificate checking. BUG=19286,10910,14733 TEST=https://www.paypal.com should work without warning. https://paypal.com should get a warning about a hostname mismatch. https://test-ssev.verisign.com:1443/test-SSEV-expired-verisign.html should give a warning about an expired certificate. Review URL: http://codereview.chromium.org/174102 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24625 0039d316-1c4b-4281-b951-d872f2087c98
* Fix a typo IsCertStatusError. It should be IsCertificateError.wtc@chromium.org2009-08-251-3/+5
| | | | | | | | | | | | | | | | | | This typo causes us to call GetServerCert at the wrong time. We found that SSLCopyPeerCertificates may succeed (return noErr) but return a nil CFArrayRef. So we check for that to avoid a crash. Finally, errSSLIllegalParam means we received an SSL invalid_parameter error alert message, rather than an invalid function argument. It should be mapped to ERR_SSL_PROTOCOL_ERROR. R=avi BUG=http://crbug.com/19837 TEST=Visit https://stud.infostud.uniroma1.it:4445/Sest/Log/Corpo.html. Chromium should not crash. Review URL: http://codereview.chromium.org/173328 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@24209 0039d316-1c4b-4281-b951-d872f2087c98
* Implement SSL certificate error handling on the Mac. If the user giveswtc@chromium.org2009-08-131-35/+64
| | | | | | | | | | | | | | | | us bad certs to allow, we tell SecureTransport to not verify the server cert, and only allow the cert to be one of the bad certs the user allows. In the future we should figure out how to verify the server cert ourselves. R=avi,eroman BUG=http://crbug.com/11983 TEST=Visit https://www.ssl247.com/ and https://alioth.debian.org/. Clicking the "Proceed anyway" button should bring you to the site with a red "https" in the location bar. Review URL: http://codereview.chromium.org/165191 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23321 0039d316-1c4b-4281-b951-d872f2087c98
* Initialize 'processed' to 0 before passing its address to SSLRead orwtc@chromium.org2009-08-061-6/+10
| | | | | | | | | | | | | | | | | SSLWrite. Ignore errSSLClosedNoNotify for site compatibility, even though it makes us potentially vulnerable to truncation attacks. Replace the default ERR_FAILED error code with the more specific ERR_SSL_PROTOCOL_ERROR. R=avi BUG=http://crbug.com/16758 TEST=see bug 16758 for a test case. Review URL: http://codereview.chromium.org/165025 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22626 0039d316-1c4b-4281-b951-d872f2087c98
* If a write is pending, just add it to the buffer. Don't trigger a second ↵avi@chromium.org2009-07-291-0/+11
| | | | | | | | | | | concurrent write. BUG=http://crbug.com/17991 TEST=as in bug Review URL: http://codereview.chromium.org/160333 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@21981 0039d316-1c4b-4281-b951-d872f2087c98
* Properly let the SSL engine know when the underlying stream is closed.avi@chromium.org2009-07-161-2/+4
| | | | | | | | | BUG=http://crbug.com/14196 TEST=NONE (this fix is related to the bug but does not fix it) Review URL: http://codereview.chromium.org/155595 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@20864 0039d316-1c4b-4281-b951-d872f2087c98
* Move socket related files from net/base to net/socket.willchan@chromium.org2009-06-221-0/+762
Review URL: http://codereview.chromium.org/144009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18985 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-04-02 11:32:19 +0000