From 2028539fd25578e5725e528d8a2de8f53923576d Mon Sep 17 00:00:00 2001
From: "hayato@chromium.org"
 <hayato@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 11 Jun 2010 03:12:08 +0000
Subject: Revert 49489 - Use NSS for SSL by default on Mac OS X.

To use Mac OS X Secure Transport in Chromium, specify the --use-system-ssl
command-line switch, which also replaced the --use-schannel command-line
switch for Windows.  All other programs are hardcoded to use NSS for SSL.

If SSL client authentication is requested, fall back on Mac OS X Secure
Transport for now.

R=mark,mbelshe
BUG=30689
TEST=none
Review URL: http://codereview.chromium.org/2747002

TBR=wtc@chromium.org
Review URL: http://codereview.chromium.org/2775005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@49496 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/net.gyp                                 | 18 +++++----------
 net/socket/client_socket_factory.cc         |  9 +-------
 net/socket/ssl_client_socket_mac_factory.cc | 18 ---------------
 net/socket/ssl_client_socket_mac_factory.h  | 20 -----------------
 net/socket/ssl_client_socket_nss.cc         | 34 ++++-------------------------
 5 files changed, 11 insertions(+), 88 deletions(-)
 delete mode 100644 net/socket/ssl_client_socket_mac_factory.cc
 delete mode 100644 net/socket/ssl_client_socket_mac_factory.h

(limited to 'net')

diff --git a/net/net.gyp b/net/net.gyp
index 3dc5b4a..eb6686a 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -446,12 +446,10 @@
         'socket/ssl_client_socket.h',
         'socket/ssl_client_socket_mac.cc',
         'socket/ssl_client_socket_mac.h',
-        'socket/ssl_client_socket_mac_factory.cc',
-        'socket/ssl_client_socket_mac_factory.h',
-        'socket/ssl_client_socket_nss.cc',
-        'socket/ssl_client_socket_nss.h',
         'socket/ssl_client_socket_nss_factory.cc',
         'socket/ssl_client_socket_nss_factory.h',
+        'socket/ssl_client_socket_nss.cc',
+        'socket/ssl_client_socket_nss.h',
         'socket/ssl_client_socket_win.cc',
         'socket/ssl_client_socket_win.h',
         'socket/tcp_client_socket.h',
@@ -554,6 +552,10 @@
           ],
         }],
         [ 'OS == "linux" or OS == "freebsd" or OS == "openbsd"', {
+            'sources!': [
+              'socket/ssl_client_socket_nss_factory.cc',
+              'socket/ssl_client_socket_nss_factory.h',
+            ],
             'dependencies': [
               '../build/linux/system.gyp:gconf',
               '../build/linux/system.gyp:gdk',
@@ -586,8 +588,6 @@
           {  # else: OS != "win"
             'sources!': [
               'proxy/proxy_resolver_winhttp.cc',
-              'socket/ssl_client_socket_nss_factory.cc',
-              'socket/ssl_client_socket_nss_factory.h',
             ],
           },
         ],
@@ -603,12 +603,6 @@
               ]
             },
           },
-          {  # else: OS != "mac"
-            'sources!': [
-              'socket/ssl_client_socket_mac_factory.cc',
-              'socket/ssl_client_socket_mac_factory.h',
-            ],
-          },
         ],
       ],
     },
diff --git a/net/socket/client_socket_factory.cc b/net/socket/client_socket_factory.cc
index db819db..24d9e39 100644
--- a/net/socket/client_socket_factory.cc
+++ b/net/socket/client_socket_factory.cc
@@ -12,7 +12,6 @@
 #include "net/socket/ssl_client_socket_nss.h"
 #elif defined(OS_MACOSX)
 #include "net/socket/ssl_client_socket_mac.h"
-#include "net/socket/ssl_client_socket_nss.h"
 #endif
 #include "net/socket/tcp_client_socket.h"
 
@@ -29,13 +28,7 @@ SSLClientSocket* DefaultSSLClientSocketFactory(
 #elif defined(USE_NSS)
   return new SSLClientSocketNSS(transport_socket, hostname, ssl_config);
 #elif defined(OS_MACOSX)
-  // TODO(wtc): SSLClientSocketNSS can't do SSL client authentication using
-  // Mac OS X CDSA/CSSM yet (http://crbug.com/45369), so fall back on
-  // SSLClientSocketMac.
-  if (ssl_config.client_cert)
-    return new SSLClientSocketMac(transport_socket, hostname, ssl_config);
-
-  return new SSLClientSocketNSS(transport_socket, hostname, ssl_config);
+  return new SSLClientSocketMac(transport_socket, hostname, ssl_config);
 #else
   NOTIMPLEMENTED();
   return NULL;
diff --git a/net/socket/ssl_client_socket_mac_factory.cc b/net/socket/ssl_client_socket_mac_factory.cc
deleted file mode 100644
index f2884e9..0000000
--- a/net/socket/ssl_client_socket_mac_factory.cc
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/socket/client_socket_factory.h"
-
-#include "net/socket/ssl_client_socket_mac.h"
-
-namespace net {
-
-SSLClientSocket* SSLClientSocketMacFactory(
-    ClientSocket* transport_socket,
-    const std::string& hostname,
-    const SSLConfig& ssl_config) {
-  return new SSLClientSocketMac(transport_socket, hostname, ssl_config);
-}
-
-}  // namespace net
diff --git a/net/socket/ssl_client_socket_mac_factory.h b/net/socket/ssl_client_socket_mac_factory.h
deleted file mode 100644
index 8a0fe0c..0000000
--- a/net/socket/ssl_client_socket_mac_factory.h
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_MAC_FACTORY_H_
-#define NET_SOCKET_SSL_CLIENT_SOCKET_MAC_FACTORY_H_
-
-#include "net/socket/client_socket_factory.h"
-
-namespace net {
-
-// Creates SSLClientSocketMac objects.
-SSLClientSocket* SSLClientSocketMacFactory(
-    ClientSocket* transport_socket,
-    const std::string& hostname,
-    const SSLConfig& ssl_config);
-
-}  // namespace net
-
-#endif  // NET_SOCKET_SSL_CLIENT_SOCKET_MAC_FACTORY_H_
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 44aa579..085e52c 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1268,36 +1268,10 @@ SECStatus SSLClientSocketNSS::ClientAuthHandler(
   // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
   return SECWouldBlock;
 #elif defined(OS_MACOSX)
-  if (that->ssl_config_.send_client_cert) {
-    // TODO(wtc): SSLClientSocketNSS can't do SSL client authentication using
-    // CDSA/CSSM yet (http://crbug.com/45369), so client_cert must be NULL.
-    DCHECK(!that->ssl_config_.client_cert);
-    // Send no client certificate.
-    return SECFailure;
-  }
-
-  that->client_certs_.clear();
-
-  // First, get the cert issuer names allowed by the server.
-  std::vector<CertPrincipal> valid_issuers;
-  int n = ca_names->nnames;
-  for (int i = 0; i < n; i++) {
-    // Parse each name into a CertPrincipal object.
-    CertPrincipal p;
-    if (p.ParseDistinguishedName(ca_names->names[i].data,
-                                 ca_names->names[i].len)) {
-      valid_issuers.push_back(p);
-    }
-  }
-
-  // Now get the available client certs whose issuers are allowed by the server.
-  X509Certificate::GetSSLClientCertificates(that->hostname_,
-                                            valid_issuers,
-                                            &that->client_certs_);
-
-  // Tell NSS to suspend the client authentication.  We will then abort the
-  // handshake by returning ERR_SSL_CLIENT_AUTH_CERT_NEEDED.
-  return SECWouldBlock;
+  // TODO(wtc): see http://crbug.com/45369.
+  // Not implemented.  Send no client certificate.
+  PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
+  return SECFailure;
 #else
   CERTCertificate* cert = NULL;
   SECKEYPrivateKey* privkey = NULL;
-- 
cgit v1.1