From 56e37a44c338d140e3ec9d9f0667511a10b690f8 Mon Sep 17 00:00:00 2001
From: "rsleevi@chromium.org"
 <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Sun, 9 Jan 2011 05:55:33 +0000
Subject: Disable SSL renegotiation on OS X when using system SSL and on
 10.5.x. By default, system SSL is disabled unless --use-system-ssl is passed
 via the command-line.

BUG=66931
TEST=none

Review URL: http://codereview.chromium.org/6051013

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70858 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/socket/ssl_client_socket_mac.cc | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'net/socket/ssl_client_socket_mac.cc')

diff --git a/net/socket/ssl_client_socket_mac.cc b/net/socket/ssl_client_socket_mac.cc
index 352b3b1..fa283ab 100644
--- a/net/socket/ssl_client_socket_mac.cc
+++ b/net/socket/ssl_client_socket_mac.cc
@@ -14,6 +14,7 @@
 #include "base/lazy_instance.h"
 #include "base/mac/scoped_cftyperef.h"
 #include "base/string_util.h"
+#include "base/sys_info.h"
 #include "net/base/address_list.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/io_buffer.h"
@@ -140,6 +141,27 @@ enum {
 };
 #endif
 
+// On OS X 10.5.x, SSLHandshake() is broken with respect to renegotiation
+// handshakes, and the only way to advance the handshake state machine is
+// to use SSLRead(), which transparently re-handshakes and then reads
+// application data. Using SSLRead() to pump the handshake, rather than
+// SSLHandshake(), is not presently implemented, so on 10.5.x, SSL
+// renegotiation is disabled entirely. On 10.6.x, SSLHandshake() behaves as
+// expected/documented, so renegotiation is supported.
+struct RenegotiationBroken {
+  RenegotiationBroken() : broken(false) {
+    int32 major, minor, bugfix;
+    base::SysInfo::OperatingSystemVersionNumbers(&major, &minor, &bugfix);
+    if (major < 10 || (major == 10 && minor < 6))
+      broken = true;
+  }
+
+  bool broken;
+};
+
+base::LazyInstance<RenegotiationBroken> g_renegotiation_broken(
+    base::LINKER_INITIALIZED);
+
 // For an explanation of the Mac OS X error codes, please refer to:
 // http://developer.apple.com/mac/library/documentation/Security/Reference/secureTransportRef/Reference/reference.html
 int NetErrorFromOSStatus(OSStatus status) {
@@ -1119,6 +1141,9 @@ int SSLClientSocketMac::DoPayloadRead() {
   OSStatus status = SSLRead(ssl_context_, user_read_buf_->data(),
                             user_read_buf_len_, &processed);
   if (status == errSSLWouldBlock && renegotiating_) {
+    if (g_renegotiation_broken.Get().broken)
+      return ERR_SSL_RENEGOTIATION_REQUESTED;
+
     CHECK_EQ(static_cast<size_t>(0), processed);
     next_handshake_state_ = STATE_HANDSHAKE;
     return DoHandshakeLoop(OK);
-- 
cgit v1.1