summaryrefslogtreecommitdiffstats
path: root/net/socket/ssl_client_socket_openssl.h
Commit message (Collapse)AuthorAgeFilesLines
* Don't call SSL read/write callbacks after an SSL socket is deletedrsleevi@chromium.org2013-05-131-0/+3
| | | | | | | | | BUG=232633 R=wtc Review URL: https://chromiumcodereview.appspot.com/14981005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@199806 0039d316-1c4b-4281-b951-d872f2087c98
* Remove experimental code to pick the "warmest" socketmmenke@chromium.org2013-03-301-2/+0
| | | | | | | | | | | | | | | | | | (based on age and bytes received) in favor of older algorithm to pick the most recently used socket. Tests showed no real performance difference, so defaulting to the older, simpler, and more intuitive algorithm. This is basically a revert of https://codereview.chromium.org/7251004 TBR=sergeyu@chromium.org BUG=222090 Review URL: https://codereview.chromium.org/12886034 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@191507 0039d316-1c4b-4281-b951-d872f2087c98
* net: extract net/cert out of net/basephajdan.jr@chromium.org2013-03-291-1/+1
| | | | | | | | | | | | This introduces the following dependency of net/base on things outside: net/base/openssl_client_key_store.cc:#include "net/cert/x509_certificate.h" BUG=70818 Review URL: https://codereview.chromium.org/13006020 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@191450 0039d316-1c4b-4281-b951-d872f2087c98
* net: split net/ssl out of net/basephajdan.jr@chromium.org2013-03-141-2/+2
| | | | | | | | | | | | | | | Also moves transport_security_state files to net/http. This change also updates the callers. R=wtc TBR=rsleevi,lambroslambrou,tony BUG=70818 Review URL: https://codereview.chromium.org/12680003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@188119 0039d316-1c4b-4281-b951-d872f2087c98
* When reading from an SSL socket, attempt to fully fill the caller's bufferrsleevi@chromium.org2013-02-161-1/+10
| | | | | | | | | | | | | | | | The current SSLClientSocket implementation reads one SSL record at a time, and immediately returns that to the caller of Read(). As it is a common performance optimization to set SSL record sizes to fit within MTU, this leads to suboptimal performance and causes SSLClientSocket::Read() to not match the behaviour of TCPClientSocket::Read() (which attempts to fully fill the caller's buffer). BUG=166903 Review URL: https://chromiumcodereview.appspot.com/12025040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@182912 0039d316-1c4b-4281-b951-d872f2087c98
* This patch adds some Android-support code to allow the networkdigit@chromium.org2013-02-111-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | stack to use platform-specific private key objects to perform signing in the context of SSL handshakes which require a client certificate. More specifically: - Add net/android/keystore.h, which provides native functions to operate on JNI references pointing to java.security.PrivateKey objects provided by the platform. I.e.: net::android::GetPrivateKeyType() net::android::SignWithPrivateKey() Also provide a function that can get the system's own EVP_PKEY* handle corresponding to a given PrivateKey object. This uses reflection and should *only* be used for RSA private keys when running on Android 4.0 and 4.1, in order to route around a platform bug that was only fixed in 4.2. net::android::GetOpenSSLSytstemHandleForPrivateKey() See the comments in this source file for mode details: net/android/java/org/chromium/net/AndroidKeyStore.java - Add net/android/keystore_openssl.h, which provides a function that can wrap an existing PrivateKey JNI reference around an OpenSSL EVP_PKEY object which uses custom DSA/RSA/ECDSA methods to perform signing as expected to handle client certificates. net::android::GetOpenSSLPrivateKeyWrapper() - Add relevant unit tests for the new functions. Note that the unit test comes with its own Java helper function, which is used to create a platform PrivateKey object from encoded PKCS#8 private key data. This is called from the native unit test, but does not constitute a new Java test (AndroidKeyStoreTestUtil.java). - Add corresponding new test key files under net/data/ssl/certificates/, and their generation script in net/data/ssl/scripts/. - Add net/android/private_key_type_list.h which is used both from C++ and Java to define the list of supported private key types used by this code. - Minor improvements: Add a "release()" method to crypto::ScopedOpenSSL, add missing BASE_EXPORT to one base/android/jni_array.h function declaration. BUG=166642 Review URL: https://chromiumcodereview.appspot.com/11571059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@181741 0039d316-1c4b-4281-b951-d872f2087c98
* Move client certificates retrieval logic out of the SSL sockets.ppi@chromium.org2013-02-071-3/+0
| | | | | | | | | | | | | CL 11879048 introduces ClientCertStore API providing client certificate lookup/filtering logic currently being done at the SSL socket level. This patch removes this logic from the sockets, plugging the new API in the upper layers instead. BUG=170374 Review URL: https://chromiumcodereview.appspot.com/12035105 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@181104 0039d316-1c4b-4281-b951-d872f2087c98
* Add server certificate request parameters to be stored in SSLCertRequestInfo.ppi@chromium.org2013-01-091-1/+6
| | | | | | | | | | | | Currently SSLCertRequestInfo provides a list of applicable client certificates, filtered against server request. This patch adds the server criteria to the class as a part of a larger refactoring effort. BUG=65546 Review URL: https://chromiumcodereview.appspot.com/11739004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@175807 0039d316-1c4b-4281-b951-d872f2087c98
* Add a new GetTlsUniqueChannelBinding method to SSLSocket, and implement nss ↵rch@chromium.org2012-07-311-3/+6
| | | | | | | | | | version. BUG=139700 Review URL: https://chromiumcodereview.appspot.com/10823084 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@149231 0039d316-1c4b-4281-b951-d872f2087c98
* Change SpdySession::GetSSLInfo to get the SSLInfo from the underlying socketrch@chromium.org2012-07-191-1/+1
| | | | | | | | | | | | | | | | even if the session is not "secure". This required refactoring StreamSocket to add WasNpnNegotiated() and GetSSLInfo() methods. This allows for a change to SpdySession::GetSSLInfo to accurately return the correct SSLInfo in the case of SPDY Proxy sessions. BUG=134690 TEST=\*DoNotUseSpdySessionIfCertDoesNotMatch\* Review URL: https://chromiumcodereview.appspot.com/10690122 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@147479 0039d316-1c4b-4281-b951-d872f2087c98
* Remove the rest of #pragma once in one big CL.ajwong@chromium.org2012-07-111-1/+0
| | | | | | | | | For context see this thread: https://groups.google.com/a/chromium.org/forum/?fromgroups#!topic/chromium-dev/RMcVNGjB4II TBR=thakis,pkasting,jam git-svn-id: svn://svn.chromium.org/chrome/trunk/src@146163 0039d316-1c4b-4281-b951-d872f2087c98
* fixed issue 128383 - replace GetPeerAddress(AddressList* address) with ↵zhaoqin@chromium.org2012-06-081-1/+1
| | | | | | | | | | | | | GetPeerAddress(IPEndPoint* address) R=szym@chromium.org BUG=128383 TEST=try bot Review URL: https://chromiumcodereview.appspot.com/10491007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@141125 0039d316-1c4b-4281-b951-d872f2087c98
* Prevent the infinite loop inside SSLClientSocketOpenSSL::OnSendComplete.wtc@chromium.org2012-05-221-0/+1
| | | | | | | | | | | | This ports the SSLClientSocketNSS fix in https://chromiumcodereview.appspot.com/10382186 to SSLClientSocketOpenSSL. R=joth@chromium.org,jnd@chromium.org BUG=127822 TEST=none Review URL: https://chromiumcodereview.appspot.com/10391174 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@138309 0039d316-1c4b-4281-b951-d872f2087c98
* Fix typoamit@chromium.org2012-05-161-1/+1
| | | | | | | | | | | | Remove unnecessary ';' that's messing with xcode 4. BUG= TEST= Review URL: https://chromiumcodereview.appspot.com/10389158 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@137456 0039d316-1c4b-4281-b951-d872f2087c98
* Add missing OVERRIDEs in ssl_client_socket_openssl.h.pliard@chromium.org2012-05-111-24/+25
| | | | | | | | | This is part of Chrome for Android upstreaming. Review URL: https://chromiumcodereview.appspot.com/10387081 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@136570 0039d316-1c4b-4281-b951-d872f2087c98
* Change Origin bound certs -> Domain bound certs.mattm@chromium.org2012-03-201-1/+1
| | | | | | | | | | BUG=115348 TEST=unit tests, manually checked 'Origin Bound Certs' contents after browsing TBR=jam@chromium.org,willchan@chromium.org Review URL: https://chromiumcodereview.appspot.com/9617039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127817 0039d316-1c4b-4281-b951-d872f2087c98
* Add a boolean |has_context| argument to the TLS ExportKeyingMaterialwtc@chromium.org2012-03-151-1/+2
| | | | | | | | | | | | method to support both nonexistent context and zero-length context. R=agl@chromium.org,rsleevi@chromium.org BUG=none TEST=existing unit tests Review URL: http://codereview.chromium.org/9663043 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@126799 0039d316-1c4b-4281-b951-d872f2087c98
* Adds support for the credentials frame.rch@chromium.org2012-02-081-1/+2
| | | | | | | | | | | | Need to allow spdy sessions to see if the underlying socket is required OBCs. If so, and if pooling a connection, then we need to generate a CREDENTIALS frame for this origin. Need to add support for the RST_FRAME status code of INVALID CREDENTIALS Review URL: http://codereview.chromium.org/9294001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@120923 0039d316-1c4b-4281-b951-d872f2087c98
* net: split the SSL session cache between incognito and normal.agl@chromium.org2011-12-121-0/+7
| | | | | | | | | | | | | This change causes incognito requests to effectively have a different SSL session cache from other requests. SSL session information will therefore not leak into or out of incognito mode. BUG=30877 TEST=net_unittests Review URL: http://codereview.chromium.org/8857002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114098 0039d316-1c4b-4281-b951-d872f2087c98
* Migrate net/socket/socket.h, net/socket/stream_socket.h to base::Bind().ajwong@chromium.org2011-12-091-8/+3
| | | | | | | | | | | This changes Socket::Read(), Socket::Write, and StreamSocket::Connect() to use CompletionCallback and fixes all users. BUG=none TEST=existing. Review URL: http://codereview.chromium.org/8824006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113825 0039d316-1c4b-4281-b951-d872f2087c98
* Revert 113699 - base::Bind: Convert Socket::Write.jhawkins@chromium.org2011-12-091-6/+2
| | | | | | | | | | | | | BUG=none TEST=none R=csilv Review URL: http://codereview.chromium.org/8831001 TBR=jhawkins@chromium.org Review URL: http://codereview.chromium.org/8889036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113719 0039d316-1c4b-4281-b951-d872f2087c98
* base::Bind: Convert Socket::Write.jhawkins@chromium.org2011-12-081-2/+6
| | | | | | | | | | BUG=none TEST=none R=csilv Review URL: http://codereview.chromium.org/8831001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113699 0039d316-1c4b-4281-b951-d872f2087c98
* base::Bind: Convert Socket::Read.jhawkins@chromium.org2011-12-071-1/+4
| | | | | | | | | | BUG=none TEST=none R=csilv Review URL: http://codereview.chromium.org/8801005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113326 0039d316-1c4b-4281-b951-d872f2087c98
* base::Bind: Convert StreamSocket::Connect.jhawkins@chromium.org2011-12-061-4/+6
| | | | | | | | | | BUG=none TEST=none R=csilv Review URL: http://codereview.chromium.org/8801004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113283 0039d316-1c4b-4281-b951-d872f2087c98
* Log server advertised protos and the selectedrtenneti@google.com2011-12-051-1/+3
| | | | | | | | | | | | | | | | | | | | | | | next_proto to net-internals log. In net internal logs, we will log proto in the following manner: (P) t=1323112212350 [st=463] HTTP_STREAM_REQUEST_PROTO --> next_proto_status = "negotiated" --> proto = "spdy/2" --> server_protos = "spdy/2,http/1.1" BUG=62064 TEST=network unit tests R=willchan The following was the original CL: http://codereview.chromium.org/8676046/ Review URL: http://codereview.chromium.org/8787011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@113052 0039d316-1c4b-4281-b951-d872f2087c98
* Convert the easy ones in net/base/ to using CompletionCallback.willchan@chromium.org2011-10-071-1/+0
| | | | | | | | | | BUG=98719 TEST=none Review URL: http://codereview.chromium.org/8139007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@104547 0039d316-1c4b-4281-b951-d872f2087c98
* Begin CompletionCallback switchover.willchan@chromium.org2011-10-011-9/+9
| | | | | | | | | | | | | Rename CompletionCallback to OldCompletionCallback in preparation for introducing a new CompletionCallback based on base::Callback. Also renames other CompletionCallback types like CancelableCompletionCallback and TestCompletionCallback and CompletionCallbackImpl. All using sed with s/CompletionCallback/OldCompletionCallback/g. BUG=98719 TEST=none Review URL: http://codereview.chromium.org/8070013 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@103650 0039d316-1c4b-4281-b951-d872f2087c98
* Expose SSL_ExportKeyingMaterial() in SSLClient/ServerSocket interfaces.wez@chromium.org2011-07-231-0/+4
| | | | | | | | | | BUG=88130 TEST= Review URL: http://codereview.chromium.org/7485015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93781 0039d316-1c4b-4281-b951-d872f2087c98
* Added an OriginBoundCertStore field to the SSLClientSocketNSS class andrkn@chromium.org2011-07-211-1/+1
| | | | | | | | | | | | did the plumbing to pass this field through the layers. In addition, this CL groups several fields together into a single struct |SSLClientSocket::Context|. BUG=None TEST=None Review URL: http://codereview.chromium.org/7315009 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93416 0039d316-1c4b-4281-b951-d872f2087c98
* Fixes for OpenSSLbulach@chromium.org2011-07-051-0/+2
| | | | | | | | | | | | | | | | | A couple of nit fixes following: + http://codereview.chromium.org/7247005 + http://codereview.chromium.org/6990036 + Fixes a typo (ctx / context) + Adds new abstract methods from stream_socket.h BUG= TEST= Review URL: http://codereview.chromium.org/7253038 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@91498 0039d316-1c4b-4281-b951-d872f2087c98
* Rename ClientSocket to StreamSocket.sergeyu@chromium.org2011-05-051-1/+1
| | | | | | | | | BUG=80895 TEST=Compiles Review URL: http://codereview.chromium.org/6930014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@84167 0039d316-1c4b-4281-b951-d872f2087c98
* Added GetLocalAddress() in net::ClientSocket.sergeyu@chromium.org2011-04-191-1/+1
| | | | | | | | | BUG=None TEST=Unittests Review URL: http://codereview.chromium.org/6840033 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@82190 0039d316-1c4b-4281-b951-d872f2087c98
* Move some files from base to base/memory.levin@chromium.org2011-03-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | raw_scoped_refptr_mismatch_checker.h ref_counted.cc ref_counted.h ref_counted_memory.cc ref_counted_memory.h ref_counted_unittest.cc scoped_callback_factory.h scoped_comptr_win.h scoped_handle.h scoped_native_library.cc scoped_native_library.h scoped_native_library_unittest.cc scoped_nsobject.h scoped_open_process.h scoped_ptr.h scoped_ptr_unittest.cc scoped_temp_dir.cc scoped_temp_dir.h scoped_temp_dir_unittest.cc scoped_vector.h singleton.h singleton_objc.h singleton_unittest.cc linked_ptr.h linked_ptr_unittest.cc weak_ptr.cc weak_ptr.h weak_ptr_unittest.cc BUG=None TEST=Compile Review URL: http://codereview.chromium.org/6714032 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@79524 0039d316-1c4b-4281-b951-d872f2087c98
* Cache certificate verification results in memory.wtc@google.com2010-12-161-2/+5
| | | | | | | | | R=agl BUG=63357 TEST=none Review URL: http://codereview.chromium.org/5386001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69414 0039d316-1c4b-4281-b951-d872f2087c98
* Add support for OpenSSL Next Protocol Negotiationbulach@chromium.org2010-12-091-0/+8
| | | | | | | | | | | | | (landing on behalf of kristianm, original patch: http://codereview.chromium.org/5528003/ ) BUG=none TEST=none Review URL: http://codereview.chromium.org/5678002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68734 0039d316-1c4b-4281-b951-d872f2087c98
* Fix cpplint.py nits.wtc@chromium.org2010-12-081-2/+2
| | | | | | | | | R=joth BUG=none TEST=no compilation errors. Review URL: http://codereview.chromium.org/5511015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@68615 0039d316-1c4b-4281-b951-d872f2087c98
* Fixes the remaining unit tests failures for OpenSSL:joth@chromium.org2010-12-021-1/+6
| | | | | | | | | | | | | | | | - implements basic client certificate support in ssl socket - adds special-case IP address support to allow SSL connections to the test server (iff there is a trusted certificate in the store with 127.0.0.1 in its name) - enables the test server for loading the temporary cert - implements the DES encryptor (removed TODO about refactoring the file layout as it's already covered by a TODO in the .h file) - disabled KeygenHandler tests, as this is not implemented for openssl - disables the (firefox) importer unittests. BUG=None TEST=net_unittests now run green Review URL: http://codereview.chromium.org/5195001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67990 0039d316-1c4b-4281-b951-d872f2087c98
* Implements openssl session cachingjoth@chromium.org2010-11-231-1/+5
| | | | | | | | | | | Also fixes up the ssl socket handling of the OpenSSL error stack, and resolves a few TODOs. BUG=None TEST=opening https: pages with vlog=3 enabled and expected the log Review URL: http://codereview.chromium.org/5100010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67087 0039d316-1c4b-4281-b951-d872f2087c98
* Fix openssl build: convert hostname_ and port_ to HostPortPairjoth@chromium.org2010-11-151-4/+2
| | | | | | | | | BUG=None TEST=None Review URL: http://codereview.chromium.org/5004001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66115 0039d316-1c4b-4281-b951-d872f2087c98
* Correctly handle SSL Client Authentication requests when connectingrch@chromium.org2010-11-121-0/+2
| | | | | | | | | | | to an HTTPS/SPDY proxy. Modify SSLClientSocket classes to correctly set the host_and_port field of the cert_request_info. Modify HttpNetworkTransaction to use this field when populating the SSL client auth cache. BUG=59292 TEST=HttpProxyClientSocketPoolTest.SslClientAuth Review URL: http://codereview.chromium.org/4339001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@65976 0039d316-1c4b-4281-b951-d872f2087c98
* Add experimental option for TCP FastOpen.mbelshe@chromium.org2010-10-261-0/+1
| | | | | | | | | | | Use chrome.exe --enable-tcp-fastopen BUG=none TEST=none yet Review URL: http://codereview.chromium.org/4039003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@63913 0039d316-1c4b-4281-b951-d872f2087c98
* Connect up OpenSSL socket to use the OpenSSL X509Certificate.joth@chromium.org2010-10-081-5/+0
| | | | | | | | | | | | | Also adds SSL_CTX to the OpenSSLInitSingleton to make initialization thread-safe. Note this depends on http://codereview.chromium.org/3529008 BUG=None TEST=build with use_openssl=1, open some https pages Review URL: http://codereview.chromium.org/3591015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61963 0039d316-1c4b-4281-b951-d872f2087c98
* implement certificate verification state machinejoth@chromium.org2010-10-041-0/+13
| | | | | | | | | BUG=None TEST=None Review URL: http://codereview.chromium.org/3571011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61370 0039d316-1c4b-4281-b951-d872f2087c98
* Verify server cert using default host CA cert storejoth@chromium.org2010-10-041-2/+4
| | | | | | | | | BUG=none TEST=build with use_openssl=1 and open some https pages Review URL: http://codereview.chromium.org/3518004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61355 0039d316-1c4b-4281-b951-d872f2087c98
* First step at OpenSSL client socket implementation.joth@chromium.org2010-09-291-0/+135
This is early in-progress implementation, no cert handling supported. So only available under a build-time flag. (GYP_DEFINES="'use_openssl=1'") Adds a new build dependency for system OpenSSL libraries, and a new USE_OPENSSL define. Eventually this will disable USE_NSS but for now the two coexist. BUG=none TEST=build with use_openssl=1. Goto some https:// pages. Review URL: http://codereview.chromium.org/3495005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@60936 0039d316-1c4b-4281-b951-d872f2087c98
generated by cgit v1.1 at 2025-02-09 07:31:29 +0000