summaryrefslogtreecommitdiffstats
path: root/net/socket/ssl_client_socket_nss.cc
Commit message (Collapse)AuthorAgeFilesLines
* Port SSLClientSocketNSS to Windows. The next step is towtc@chromium.org2010-01-281-10/+74
| | | | | | | | | | | | | | | actually use it (controlled by a boolean flag in SSLConfig, which is controlled by a command-line switch). On Windows we still use CryptoAPI to verify and display certificates. SSL client authentication isn't supported yet. R=agl,mark BUG=28744 TEST=No build errors. Review URL: http://codereview.chromium.org/557027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37427 0039d316-1c4b-4281-b951-d872f2087c98
* Refactor EnsureNSSInit. Move the NSS SSL librarywtc@chromium.org2010-01-271-3/+59
| | | | | | | | | | | | | | | initialization to SSLClientSocketNSS in src/net so that src/base does not depend on the NSS SSL library. Call PL_ArenaFinish in the NSPRInitSingleton destructor instead of the NSSInitSingleton destructor because PLArena is part of NSPR. R=agl,ukai BUG=28744 TEST=covered by existing tests. Review URL: http://codereview.chromium.org/554096 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@37223 0039d316-1c4b-4281-b951-d872f2087c98
* Turn GetPeerName into a pure virtual and provide local impls, this way any ↵thomasvl@chromium.org2010-01-201-0/+4
| | | | | | | | | | future bugs like the one referenced are compile time and not runtime so they won't wide waiting to be found. BUG=32595 TEST=everything builds and tests pass Review URL: http://codereview.chromium.org/552048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36629 0039d316-1c4b-4281-b951-d872f2087c98
* Add a context-sensitive error mapping function specific to SSLwtc@chromium.org2010-01-151-32/+24
| | | | | | | | | | | | | | handshake errors. It should never return a certificate error because we don't have the server's certificate when handshake fails. R=agl BUG=24064 TEST=Visit the test URL in issue 24064 comment 8 on Linux. Chromium should not crash. Review URL: http://codereview.chromium.org/550026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36426 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: Add Certificate Info dialog (part 1)mattm@chromium.org2010-01-141-1/+1
| | | | | | | | | | | Rename base/nss_init.{h,cc} to base/nss_util.{h,cc}, move PRTimeToBaseTime there. BUG=18119 TEST=Load https://www.google.com, compare to firefox cert dialog. Review URL: http://codereview.chromium.org/500141 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@36291 0039d316-1c4b-4281-b951-d872f2087c98
* NSS: disable DEFLATE compression if TLS is disabled.agl@chromium.org2010-01-081-1/+5
| | | | | | | | | BUG=31628 TEST=Goto https://www.txn.banking.pcfinancial.ca/a/authentication/preSignOn.ams?referid=loginBox_banking_go - you should not see an SSL error. http://codereview.chromium.org/518074 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35827 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: allow TLS renegotiation.agl@chromium.org2010-01-061-0/+15
| | | | | | | | | | | | | | | Renegotiation was disabled when we switched to using our internal version of NSS. The default in the new versions is to prohibit renegotiation. However, since we are a client this is rather pointless. An attacker can easily convince us to start a new TLS connection to a host if they wish. http://codereview.chromium.org/501178 BUG=none TEST=Go to a site that uses renegotiation (generally because they want to request a client-side cert). git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35596 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: remove temporary check that the scons builders are working.agl@chromium.org2009-12-241-2/+0
| | | | git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35245 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: fix scons build so that libssl gets the right headers.agl@chromium.org2009-12-231-0/+2
| | | | | | http://codereview.chromium.org/515021 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35243 0039d316-1c4b-4281-b951-d872f2087c98
* Revert "Linux: temp change to see if the builders are getting the wrong ↵agl@chromium.org2009-12-231-2/+0
| | | | | | headers." git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35240 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: temp change to see if the builders are getting the wrong headers.agl@chromium.org2009-12-231-0/+2
| | | | | | I'll be reverting this as soon as the builders pick it up. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35239 0039d316-1c4b-4281-b951-d872f2087c98
* Rename GetNextProtocol -> GetNextProtoagl@chromium.org2009-12-111-25/+22
| | | | | | | | Following up on wtc's comments. http://codereview.chromium.org/484005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34370 0039d316-1c4b-4281-b951-d872f2087c98
* BufferSend needs to call memio_GetWriteParams() and transport_->Write()wtc@chromium.org2009-12-101-12/+22
| | | | | | | | | | | | | | | | twice because the circular memio buffer may have two contiguous parts of data. In the SSLClientSocket unit tests, we should compare the result of sock->Write() with the expected value whether it completes synchronously or asynchronously. R=dank BUG=29815 TEST=a new unit test that issue a hanging Read and then issue a Write. Review URL: http://codereview.chromium.org/464082 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34300 0039d316-1c4b-4281-b951-d872f2087c98
* Add GetNextProtocol method to SSLClientSocket.agl@chromium.org2009-12-101-31/+39
| | | | | | http://codereview.chromium.org/484005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@34288 0039d316-1c4b-4281-b951-d872f2087c98
* Fix incorrect error codes. 9999 is not a valid network errorwtc@chromium.org2009-12-041-3/+4
| | | | | | | | | | | | | code (always a negative number). The most likely reason for memio_CreateIOLayer or SSL_ImportFD to fail is that we ran out of memory, so just return ERR_OUT_OF_MEMORY. R=dank BUG=none TEST=no compilation errors. Review URL: http://codereview.chromium.org/464024 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33754 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the unnecessary workaround for NSS bug 455424, now that we requirewtc@chromium.org2009-12-011-4/+0
| | | | | | | | | | | NSS 3.12.3 or later. R=ukai BUG=none TEST=No compilation errors. Review URL: http://codereview.chromium.org/452014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33464 0039d316-1c4b-4281-b951-d872f2087c98
* Call SSL_SetSockPeerID for proper SSL session reuse, especially whenwtc@chromium.org2009-11-301-0/+10
| | | | | | | | | | | | we create SSL tunnels through a proxy. The patch is contributed by Kaspar Brand <googlecontrib@velox.ch>. R=hawk,wtc BUG=28732 TEST=none Review URL: http://codereview.chromium.org/437046 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33358 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: add next-protocol-negotiation to libssl.agl@chromium.org2009-11-301-0/+43
| | | | | | | | | | | | This is an experimental, client only implementation of next-protocol-negotiation: http://www.imperialviolet.org/binary/draft-agl-tls-nextprotoneg-00.html This only affects the internal copy of libssl and is only active when built with use_system_ssl=0, which is not currently the default. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33327 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the unused GetDefaultCertNickname function.wtc@chromium.org2009-11-301-47/+2
| | | | | | | | | R=ukai BUG=28744 TEST=none Review URL: http://codereview.chromium.org/437080 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@33298 0039d316-1c4b-4281-b951-d872f2087c98
* Linux: enable building with a local version of libssl.agl@chromium.org2009-11-171-0/+6
| | | | | | http://codereview.chromium.org/394003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32135 0039d316-1c4b-4281-b951-d872f2087c98
* Improve error code mapping between our network error codes and thewtc@chromium.org2009-11-041-6/+47
| | | | | | | | | | | | | | | NSPR/NSS error codes. Add the error codes that may be reported by TCPClientSocket to the error code mapping functions. Map our network error codes to NSPR/NSS error codes in the async completion code paths of transport_->Read() and transport_->Write(). R=dank BUG=none TEST=none Review URL: http://codereview.chromium.org/357002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@31012 0039d316-1c4b-4281-b951-d872f2087c98
* Add LoadLog to ClientSocket::Connect().willchan@chromium.org2009-11-021-9/+30
| | | | | | | | TODO: Use LoadLog in FLIP code. Review URL: http://codereview.chromium.org/344026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@30765 0039d316-1c4b-4281-b951-d872f2087c98
* Look up client certificates in ClientAuthHandler to get rid of manual CAwtc@chromium.org2009-10-241-51/+34
| | | | | | | | | | | | | | | | names list copy. Patch by Jaime Soriano <jsorianopastor@gmail.com>. Original review URL: http://codereview.chromium.org/302004 R=wtc BUG=16830 TEST=Try to connect to a web page that requires SSL authentication and confirm that it connects if and only if a valid certificate is stored in .pki/nssdb database. Review URL: http://codereview.chromium.org/329015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29994 0039d316-1c4b-4281-b951-d872f2087c98
* Provides a certificate for SSL client authentication on NSS sockets.wtc@chromium.org2009-10-151-4/+118
| | | | | | | | | | | | | | | | | | | GUI is still missing, so certificates and private keys have to be stored manually, p.e.: $ pk12util -d sql:$HOME/.pki/nssdb -i PKCS12_file.p12 Adds --auto-ssl-client-auth command-line option to enable this feature. Patch contributed by Jaime Soriano <jsorianopastor@gmail.com>. Original review URL: http://codereview.chromium.org/220009 R=wtc BUG=16830 TEST=Try to connect to a web page that requires SSL authentication and confirm that it connects if and only if a valid certificate is stored in the ~/.pki/nssdb database. Review URL: http://codereview.chromium.org/276037 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@29188 0039d316-1c4b-4281-b951-d872f2087c98
* Make SSLClientSocketNSS full-duplexukai@chromium.org2009-10-131-86/+214
| | | | | | | | | BUG=13289,12497 TEST=visit https site and works as before. Review URL: http://codereview.chromium.org/255074 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@28794 0039d316-1c4b-4281-b951-d872f2087c98
* Don't use NSS databases for non-essential purposes, such as rememberingwtc@chromium.org2009-09-211-9/+12
| | | | | | | | | | | | | | | the intermediate CA certificates we see, because NSS's connections to the SQLite databases go bad if the file system where the databases reside is gone, even just transiently. Add the hostname to the error log message for CERT_PKIXVerifyCert failure. R=eroman,ukai BUG=15630 TEST=existing unit tests should pass. Review URL: http://codereview.chromium.org/214028 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@26714 0039d316-1c4b-4281-b951-d872f2087c98
* Add methods for setting socket buffers to the Socket mbelshe@google.com2009-09-091-0/+8
| | | | | | | | | | | | class. Also add a few stats counters for TCP read/write stats. BUG=none TEST=none Review URL: http://codereview.chromium.org/199048 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25803 0039d316-1c4b-4281-b951-d872f2087c98
* Implement SSL certificate error handling on the Mac. If the user giveswtc@chromium.org2009-08-131-4/+4
| | | | | | | | | | | | | | | | us bad certs to allow, we tell SecureTransport to not verify the server cert, and only allow the cert to be one of the bad certs the user allows. In the future we should figure out how to verify the server cert ourselves. R=avi,eroman BUG=http://crbug.com/11983 TEST=Visit https://www.ssl247.com/ and https://alioth.debian.org/. Clicking the "Proceed anyway" button should bring you to the site with a red "https" in the location bar. Review URL: http://codereview.chromium.org/165191 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@23321 0039d316-1c4b-4281-b951-d872f2087c98
* Integrate OCSP handlers in SSLClientSocketNSS.ukai@chromium.org2009-07-311-1/+6
| | | | | | | | | | | It depends on http://codereview.chromium.org/126046 BUG=none TEST=none Review URL: http://codereview.chromium.org/155912 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@22147 0039d316-1c4b-4281-b951-d872f2087c98
* Stop leaking ConnectCallbackWrapper if Connect() does not complete before ↵willchan@chromium.org2009-06-301-40/+44
| | | | | | | | | | | the socket is deleted. BUG=NONE TEST=NONE Review URL: http://codereview.chromium.org/151059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19592 0039d316-1c4b-4281-b951-d872f2087c98
* Fix a crash in net::SSLClientSocketWin::OnIOComplete(int) whenwtc@chromium.org2009-06-251-2/+10
| | | | | | | | | | | | | | | | | | | | | an HttpNetworkTransaction is destroyed while its SSLClientSocket is verifying a certificate. Document that ClientSocket::Disconnect aborts any pending IO and prevents completion callback from running, like a cancel method. Change the verifier_ member of SSLClientSocket to a scoped_ptr so that we can destroy the CertVerifier object in the Disconnect method. (CertVerifier doesn't have a cancel method, so we cancel pending certificate verification by destroying the CertVerifier object.) R=willchan BUG=http://crbug.com/13981 TEST=none. I can only reproduce this crash by modifying the source code to create that condition. Review URL: http://codereview.chromium.org/147159 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19307 0039d316-1c4b-4281-b951-d872f2087c98
* Use LOAD_VERIFY_EV_CERT to verify EV-ness in Verify().ukai@chromium.org2009-06-231-2/+6
| | | | | | | | | | | | | | | | | If LOAD_VERIFY_EV_CERT is requested on load_flags and revokation checking is performed, Verify() peforms EV certificate verification as well, and sets CERT_STATUS_IS_EV in verify_result. Eliminate X509Certificate::IsEV() BUG=3592 TEST=net_unittests with ALLOW_EXTERNAL_ACCESS=1, \ visit https://www.thawte.com/ and shows EV info. Review URL: http://codereview.chromium.org/125120 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@19011 0039d316-1c4b-4281-b951-d872f2087c98
* Move socket related files from net/base to net/socket.willchan@chromium.org2009-06-221-0/+820
Review URL: http://codereview.chromium.org/144009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@18985 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-01-29 22:24:32 +0000