ssl_server_socket_nss.cc revision 868fa2fe829687343ffae624259930155e16dbd8
15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/socket/ssl_server_socket_nss.h" 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_WIN) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <winsock2.h> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(USE_SYSTEM_SSL) 125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <dlfcn.h> 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#if defined(OS_MACOSX) 155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <Security/Security.h> 165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <certdb.h> 185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <cryptohi.h> 195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <hasht.h> 205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <keyhi.h> 215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <nspr.h> 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <nss.h> 235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <pk11pub.h> 245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <secerr.h> 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <sechash.h> 265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <ssl.h> 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <sslerr.h> 285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <sslproto.h> 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <limits> 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/lazy_instance.h" 335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/ref_counted.h" 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/rsa_private_key.h" 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "crypto/nss_util_internal.h" 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/io_buffer.h" 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_errors.h" 385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/net_log.h" 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/socket/nss_ssl_util.h" 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/socket/ssl_error_params.h" 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// SSL plaintext fragments are shorter than 16KB. Although the record layer 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// overhead is allowed to be 2K + 5 bytes, in practice the overhead is much 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// smaller than 1KB. So a 17KB buffer should be large enough to hold an 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// entire SSL record. 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const int kRecvBufferSize = 17 * 1024; 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static const int kSendBufferSize = 17 * 1024; 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define GotoState(s) next_handshake_state_ = s 505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace { 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool g_nss_server_sockets_init = false; 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class NSSSSLServerInitSingleton { 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NSSSSLServerInitSingleton() { 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnsureNSSSSLInit(); 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL); 635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) g_nss_server_sockets_init = true; 645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ~NSSSSLServerInitSingleton() { 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL_ShutdownServerSessionIDCache(); 685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) g_nss_server_sockets_init = false; 695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)static base::LazyInstance<NSSSSLServerInitSingleton> 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER; 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void EnableSSLServerSockets() { 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) g_nss_ssl_server_init_singleton.Get(); 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLServerSocket* CreateSSLServerSocket( 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) StreamSocket* socket, 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) X509Certificate* cert, 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) crypto::RSAPrivateKey* key, 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSLConfig& ssl_config) { 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been" 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << "called yet!"; 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return new SSLServerSocketNSS(socket, cert, key, ssl_config); 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLServerSocketNSS::SSLServerSocketNSS( 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) StreamSocket* transport_socket, 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<X509Certificate> cert, 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) crypto::RSAPrivateKey* key, 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSLConfig& ssl_config) 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) : transport_send_busy_(false), 985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_recv_busy_(false), 995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_buf_len_(0), 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_buf_len_(0), 1015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nss_fd_(NULL), 1025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nss_bufs_(NULL), 1035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_socket_(transport_socket), 1045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl_config_(ssl_config), 1055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) cert_(cert), 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) next_handshake_state_(STATE_NONE), 1075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) completed_handshake_(false) { 1085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl_config_.false_start_enabled = false; 1095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl_config_.version_min = SSL_PROTOCOL_VERSION_SSL3; 1105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_1; 1115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // TODO(hclam): Need a better way to clone a key. 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<uint8> key_bytes; 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(key->ExportPrivateKey(&key_bytes)); 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); 1165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CHECK(key_.get()); 1175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SSLServerSocketNSS::~SSLServerSocketNSS() { 1205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (nss_fd_ != NULL) { 1215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PR_Close(nss_fd_); 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nss_fd_ = NULL; 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::Handshake(const CompletionCallback& callback) { 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.BeginEvent(NetLog::TYPE_SSL_SERVER_HANDSHAKE); 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = Init(); 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != OK) { 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Failed to initialize NSS"; 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); 1335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 1345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = InitializeSSLOptions(); 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != OK) { 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Failed to initialize SSL options"; 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Set peer address. TODO(hclam): This should be in a separate method. 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRNetAddr peername; 1455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memset(&peername, 0, sizeof(peername)); 1465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) peername.raw.family = AF_INET; 1475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memio_SetPeerName(nss_fd_, &peername); 1485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) GotoState(STATE_HANDSHAKE); 1505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = DoHandshakeLoop(OK); 1515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv == ERR_IO_PENDING) { 1525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_handshake_callback_ = callback; 1535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 1545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); 1555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv > OK ? OK : rv; 1585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::ExportKeyingMaterial(const base::StringPiece& label, 1615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool has_context, 1625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::StringPiece& context, 1635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char* out, 1645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int outlen) { 1655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!IsConnected()) 1665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_SOCKET_NOT_CONNECTED; 1675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECStatus result = SSL_ExportKeyingMaterial( 1685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nss_fd_, label.data(), label.size(), has_context, 1695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) reinterpret_cast<const unsigned char*>(context.data()), 1705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) context.length(), out, outlen); 1715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (result != SECSuccess) { 1725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_ExportKeyingMaterial", ""); 1735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return MapNSSError(PORT_GetError()); 1745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return OK; 1765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::GetTLSUniqueChannelBinding(std::string* out) { 1795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!IsConnected()) 1805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_SOCKET_NOT_CONNECTED; 1815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char buf[64]; 1825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int len; 1835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECStatus result = SSL_GetChannelBinding(nss_fd_, 1845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL_CHANNEL_BINDING_TLS_UNIQUE, 1855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) buf, &len, arraysize(buf)); 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (result != SECSuccess) { 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_GetChannelBinding", ""); 1885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return MapNSSError(PORT_GetError()); 1895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) out->assign(reinterpret_cast<char*>(buf), len); 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return OK; 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::Connect(const CompletionCallback& callback) { 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTIMPLEMENTED(); 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_NOT_IMPLEMENTED; 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::Read(IOBuffer* buf, int buf_len, 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const CompletionCallback& callback) { 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(user_read_callback_.is_null()); 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(user_handshake_callback_.is_null()); 203868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) DCHECK(!user_read_buf_.get()); 2045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(nss_bufs_); 2055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(!callback.is_null()); 2065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_buf_ = buf; 2085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_buf_len_ = buf_len; 2095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(completed_handshake_); 2115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = DoReadLoop(OK); 2135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv == ERR_IO_PENDING) { 2155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_callback_ = callback; 2165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 2175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_buf_ = NULL; 2185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_buf_len_ = 0; 2195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 2215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::Write(IOBuffer* buf, int buf_len, 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const CompletionCallback& callback) { 2255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(user_write_callback_.is_null()); 226868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) DCHECK(!user_write_buf_.get()); 2275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(nss_bufs_); 2285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(!callback.is_null()); 2295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_buf_ = buf; 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_buf_len_ = buf_len; 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = DoWriteLoop(OK); 2345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv == ERR_IO_PENDING) { 2365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_callback_ = callback; 2375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 2385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_buf_ = NULL; 2395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_buf_len_ = 0; 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::SetReceiveBufferSize(int32 size) { 2455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return transport_socket_->SetReceiveBufferSize(size); 2465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::SetSendBufferSize(int32 size) { 2495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return transport_socket_->SetSendBufferSize(size); 2505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::IsConnected() const { 2535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return completed_handshake_; 2545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::Disconnect() { 2575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_socket_->Disconnect(); 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::IsConnectedAndIdle() const { 2615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return completed_handshake_ && transport_socket_->IsConnectedAndIdle(); 2625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::GetPeerAddress(IPEndPoint* address) const { 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!IsConnected()) 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_SOCKET_NOT_CONNECTED; 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return transport_socket_->GetPeerAddress(address); 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::GetLocalAddress(IPEndPoint* address) const { 2715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!IsConnected()) 2725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_SOCKET_NOT_CONNECTED; 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return transport_socket_->GetLocalAddress(address); 2745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)const BoundNetLog& SSLServerSocketNSS::NetLog() const { 2775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return net_log_; 2785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::SetSubresourceSpeculation() { 2815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_socket_->SetSubresourceSpeculation(); 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::SetOmniboxSpeculation() { 2855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_socket_->SetOmniboxSpeculation(); 2865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::WasEverUsed() const { 2895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return transport_socket_->WasEverUsed(); 2905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::UsingTCPFastOpen() const { 2935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return transport_socket_->UsingTCPFastOpen(); 2945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::WasNpnNegotiated() const { 2975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 2985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 2995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)NextProto SSLServerSocketNSS::GetNegotiatedProtocol() const { 3015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // NPN is not supported by this class. 3025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return kProtoUnknown; 3035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { 3065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NOTIMPLEMENTED(); 3075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return false; 3085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 3095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::InitializeSSLOptions() { 3115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Transport connected, now hook it up to nss 3125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nss_fd_ = memio_CreateIOLayer(kRecvBufferSize, kSendBufferSize); 3135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (nss_fd_ == NULL) { 3145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR error code. 3155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Grab pointer to buffers 3185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nss_bufs_ = memio_GetSecret(nss_fd_); 3195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Create SSL state machine */ 3215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) /* Push SSL onto our fake I/O socket */ 3225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) nss_fd_ = SSL_ImportFD(NULL, nss_fd_); 3235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (nss_fd_ == NULL) { 3245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_ImportFD", ""); 3255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. 3265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // TODO(port): set more ssl options! Check errors! 3285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv; 3305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); 3325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); 3345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 3355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE); 3385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); 3405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 3415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLVersionRange version_range; 3445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) version_range.min = ssl_config_.version_min; 3455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) version_range.max = ssl_config_.version_max; 3465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_VersionRangeSet(nss_fd_, &version_range); 3475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); 3495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_NO_SSL_VERSIONS_ENABLED; 3505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) for (std::vector<uint16>::const_iterator it = 3535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) ssl_config_.disabled_cipher_suites.begin(); 3545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) it != ssl_config_.disabled_cipher_suites.end(); ++it) { 3555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // This will fail if the specified cipher is not implemented by NSS, but 3565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the failure is harmless. 3575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); 3585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Server socket doesn't need session tickets. 3615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_FALSE); 3625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction( 3645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); 3655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Doing this will force PR_Accept perform handshake as server. 3685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_FALSE); 3695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); 3715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 3725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_SERVER, PR_TRUE); 3755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_SERVER"); 3775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 3785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_FALSE); 3815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE"); 3835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 3845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE); 3875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE"); 3895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 3905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); 3935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 3945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", ""); 3955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 3965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 3975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); 3995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 4005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", ""); 4015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 4025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Get a certificate of CERTCertificate structure. 4055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string der_string; 4065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)) 4075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 4085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem der_cert; 4105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) der_cert.data = reinterpret_cast<unsigned char*>(const_cast<char*>( 4115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) der_string.data())); 4125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) der_cert.len = der_string.length(); 4135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) der_cert.type = siDERCertBuffer; 4145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Parse into a CERTCertificate structure. 4165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERTCertificate* cert = CERT_NewTempCertificate( 4175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); 4185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!cert) { 4195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "CERT_NewTempCertificate", ""); 4205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return MapNSSError(PORT_GetError()); 4215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Get a key of SECKEYPrivateKey* structure. 4245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::vector<uint8> key_vector; 4255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!key_->ExportPrivateKey(&key_vector)) { 4265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_DestroyCertificate(cert); 4275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 4285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEYPrivateKeyStr* private_key = NULL; 4315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11SlotInfo* slot = crypto::GetPrivateNSSKeySlot(); 4325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!slot) { 4335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_DestroyCertificate(cert); 4345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 4355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECItem der_private_key_info; 4385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) der_private_key_info.data = 4395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const_cast<unsigned char*>(&key_vector.front()); 4405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) der_private_key_info.len = key_vector.size(); 4415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The server's RSA private key must be imported into NSS with the 4425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // following key usage bits: 4435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // - KU_KEY_ENCIPHERMENT, required for the RSA key exchange algorithm. 4445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // - KU_DIGITAL_SIGNATURE, required for the DHE_RSA and ECDHE_RSA key 4455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // exchange algorithms. 4465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE; 4475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( 4485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) slot, &der_private_key_info, NULL, NULL, PR_FALSE, PR_FALSE, 4495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) key_usage, &private_key, NULL); 4505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PK11_FreeSlot(slot); 4515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 4525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_DestroyCertificate(cert); 4535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 4545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Assign server certificate and private key. 4575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLKEAType cert_kea = NSS_FindCertKEAType(cert); 4585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_ConfigSecureServer(nss_fd_, cert, private_key, cert_kea); 4595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CERT_DestroyCertificate(cert); 4605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECKEY_DestroyPrivateKey(private_key); 4615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 4635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRErrorCode prerr = PR_GetError(); 4645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "Failed to config SSL server: " << prerr; 4655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_ConfigureSecureServer", ""); 4665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 4675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Tell SSL we're a server; needed if not letting NSPR do socket I/O 4705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = SSL_ResetHandshake(nss_fd_, PR_TRUE); 4715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != SECSuccess) { 4725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LogFailedNSSFunction(net_log_, "SSL_ResetHandshake", ""); 4735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 4745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return OK; 4775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::OnSendComplete(int result) { 4805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (next_handshake_state_ == STATE_HANDSHAKE) { 4815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // In handshake phase. 4825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) OnHandshakeIOComplete(result); 4835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 4845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!completed_handshake_) 4875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 4885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 489868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) if (user_write_buf_.get()) { 4905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = DoWriteLoop(result); 4915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != ERR_IO_PENDING) 4925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DoWriteCallback(rv); 4935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 4945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Ensure that any queued ciphertext is flushed. 4955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DoTransportIO(); 4965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 4975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 4985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 4995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::OnRecvComplete(int result) { 5005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (next_handshake_state_ == STATE_HANDSHAKE) { 5015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // In handshake phase. 5025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) OnHandshakeIOComplete(result); 5035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 5045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 5055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Network layer received some data, check if client requested to read 5075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // decrypted data. 508868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) if (!user_read_buf_.get() || !completed_handshake_) 5095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return; 5105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = DoReadLoop(result); 5125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != ERR_IO_PENDING) 5135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DoReadCallback(rv); 5145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::OnHandshakeIOComplete(int result) { 5175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = DoHandshakeLoop(result); 5185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv != ERR_IO_PENDING) { 5195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_SERVER_HANDSHAKE, rv); 5205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!user_handshake_callback_.is_null()) 5215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DoHandshakeCallback(rv); 5225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 5235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Return 0 for EOF, 5265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// > 0 for bytes transferred immediately, 5275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// < 0 for error (or the non-error ERR_IO_PENDING). 5285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::BufferSend(void) { 5295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (transport_send_busy_) 5305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_IO_PENDING; 5315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* buf1; 5335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const char* buf2; 5345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int len1, len2; 5355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memio_GetWriteParams(nss_bufs_, &buf1, &len1, &buf2, &len2); 5365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const unsigned int len = len1 + len2; 5375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = 0; 5395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (len) { 5405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<IOBuffer> send_buffer(new IOBuffer(len)); 5415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memcpy(send_buffer->data(), buf1, len1); 5425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memcpy(send_buffer->data() + len1, buf2, len2); 5435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = transport_socket_->Write( 544868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) send_buffer.get(), 545868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) len, 5465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Bind(&SSLServerSocketNSS::BufferSendComplete, 5475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Unretained(this))); 5485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv == ERR_IO_PENDING) { 5495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_send_busy_ = true; 5505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 5515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memio_PutWriteResult(nss_bufs_, MapErrorToNSS(rv)); 5525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 5535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 5545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 5565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::BufferSendComplete(int result) { 5595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memio_PutWriteResult(nss_bufs_, MapErrorToNSS(result)); 5605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_send_busy_ = false; 5615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) OnSendComplete(result); 5625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::BufferRecv(void) { 5655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (transport_recv_busy_) return ERR_IO_PENDING; 5665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char* buf; 5685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int nb = memio_GetReadParams(nss_bufs_, &buf); 5695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv; 5705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!nb) { 5715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // buffer too full to read into, so no I/O possible at moment 5725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = ERR_IO_PENDING; 5735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 5745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) recv_buffer_ = new IOBuffer(nb); 5755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = transport_socket_->Read( 576868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) recv_buffer_.get(), 577868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) nb, 5785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Bind(&SSLServerSocketNSS::BufferRecvComplete, 5795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) base::Unretained(this))); 5805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv == ERR_IO_PENDING) { 5815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_recv_busy_ = true; 5825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 5835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv > 0) 5845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memcpy(buf, recv_buffer_->data(), rv); 5855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memio_PutReadResult(nss_bufs_, MapErrorToNSS(rv)); 5865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) recv_buffer_ = NULL; 5875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 5885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 5895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 5905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 5915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 5925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::BufferRecvComplete(int result) { 5935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (result > 0) { 5945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) char* buf; 5955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memio_GetReadParams(nss_bufs_, &buf); 5965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memcpy(buf, recv_buffer_->data(), result); 5975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 5985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) recv_buffer_ = NULL; 5995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) memio_PutReadResult(nss_bufs_, MapErrorToNSS(result)); 6005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) transport_recv_busy_ = false; 6015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) OnRecvComplete(result); 6025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 6035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Do as much network I/O as possible between the buffer and the 6055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// transport socket. Return true if some I/O performed, false 6065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// otherwise (error or ERR_IO_PENDING). 6075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)bool SSLServerSocketNSS::DoTransportIO() { 6085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool network_moved = false; 6095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (nss_bufs_ != NULL) { 6105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv; 6115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Read and write as much data as we can. The loop is neccessary 6125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // because Write() may return synchronously. 6135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) do { 6145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = BufferSend(); 6155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv > 0) 6165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) network_moved = true; 6175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } while (rv > 0); 6185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (BufferRecv() >= 0) 6195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) network_moved = true; 6205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 6215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return network_moved; 6225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 6235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::DoPayloadRead() { 625868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) DCHECK(user_read_buf_.get()); 6265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_GT(user_read_buf_len_, 0); 6275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = PR_Read(nss_fd_, user_read_buf_->data(), user_read_buf_len_); 6285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv >= 0) 6295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 6305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRErrorCode prerr = PR_GetError(); 6315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (prerr == PR_WOULD_BLOCK_ERROR) { 6325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_IO_PENDING; 6335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 6345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = MapNSSError(prerr); 6355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, 6365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateNetLogSSLErrorCallback(rv, prerr)); 6375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 6385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 6395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::DoPayloadWrite() { 641868fa2fe829687343ffae624259930155e16dbd8Torne (Richard Coles) DCHECK(user_write_buf_.get()); 6425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = PR_Write(nss_fd_, user_write_buf_->data(), user_write_buf_len_); 6435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv >= 0) 6445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 6455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRErrorCode prerr = PR_GetError(); 6465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (prerr == PR_WOULD_BLOCK_ERROR) { 6475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_IO_PENDING; 6485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 6495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = MapNSSError(prerr); 6505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, 6515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateNetLogSSLErrorCallback(rv, prerr)); 6525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 6535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 6545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::DoHandshakeLoop(int last_io_result) { 6565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = last_io_result; 6575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) do { 6585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Default to STATE_NONE for next state. 6595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // (This is a quirk carried over from the windows 6605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // implementation. It makes reading the logs a bit harder.) 6615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // State handlers can and often do call GotoState just 6625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // to stay in the current state. 6635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) State state = next_handshake_state_; 6645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) GotoState(STATE_NONE); 6655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) switch (state) { 6665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case STATE_HANDSHAKE: 6675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = DoHandshake(); 6685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 6695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) case STATE_NONE: 6705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) default: 6715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = ERR_UNEXPECTED; 6725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(DFATAL) << "unexpected state " << state; 6735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) break; 6745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 6755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Do the actual network I/O 6775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool network_moved = DoTransportIO(); 6785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (network_moved && next_handshake_state_ == STATE_HANDSHAKE) { 6795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // In general we exit the loop if rv is ERR_IO_PENDING. In this 6805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // special case we keep looping even if rv is ERR_IO_PENDING because 6815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // the transport IO may allow DoHandshake to make progress. 6825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = OK; // This causes us to stay in the loop. 6835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 6845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } while (rv != ERR_IO_PENDING && next_handshake_state_ != STATE_NONE); 6855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 6865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 6875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::DoReadLoop(int result) { 6895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(completed_handshake_); 6905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(next_handshake_state_ == STATE_NONE); 6915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (result < 0) 6935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return result; 6945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 6955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!nss_bufs_) { 6965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(DFATAL) << "!nss_bufs_"; 6975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = ERR_UNEXPECTED; 6985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.AddEvent(NetLog::TYPE_SSL_READ_ERROR, 6995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateNetLogSSLErrorCallback(rv, 0)); 7005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 7015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 7025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool network_moved; 7045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv; 7055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) do { 7065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = DoPayloadRead(); 7075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) network_moved = DoTransportIO(); 7085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } while (rv == ERR_IO_PENDING && network_moved); 7095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 7105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::DoWriteLoop(int result) { 7135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(completed_handshake_); 7145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(next_handshake_state_ == STATE_NONE); 7155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (result < 0) 7175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return result; 7185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!nss_bufs_) { 7205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(DFATAL) << "!nss_bufs_"; 7215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv = ERR_UNEXPECTED; 7225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.AddEvent(NetLog::TYPE_SSL_WRITE_ERROR, 7235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateNetLogSSLErrorCallback(rv, 0)); 7245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 7255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 7265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool network_moved; 7285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int rv; 7295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) do { 7305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) rv = DoPayloadWrite(); 7315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) network_moved = DoTransportIO(); 7325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } while (rv == ERR_IO_PENDING && network_moved); 7335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return rv; 7345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::DoHandshake() { 7375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int net_error = OK; 7385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SECStatus rv = SSL_ForceHandshake(nss_fd_); 7395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (rv == SECSuccess) { 7415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) completed_handshake_ = true; 7425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 7435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRErrorCode prerr = PR_GetError(); 7445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_error = MapNSSError(prerr); 7455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // If not done, stay in this state 7475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (net_error == ERR_IO_PENDING) { 7485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) GotoState(STATE_HANDSHAKE); 7495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } else { 7505821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) LOG(ERROR) << "handshake failed; NSS error code " << prerr 7515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) << ", net_error " << net_error; 7525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) net_log_.AddEvent(NetLog::TYPE_SSL_HANDSHAKE_ERROR, 7535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CreateNetLogSSLErrorCallback(net_error, prerr)); 7545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 7555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 7565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return net_error; 7575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::DoHandshakeCallback(int rv) { 7605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK_NE(rv, ERR_IO_PENDING); 7615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CompletionCallback c = user_handshake_callback_; 7635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_handshake_callback_.Reset(); 7645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) c.Run(rv > OK ? OK : rv); 7655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::DoReadCallback(int rv) { 7685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(rv != ERR_IO_PENDING); 7695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(!user_read_callback_.is_null()); 7705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Since Run may result in Read being called, clear |user_read_callback_| 7725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // up front. 7735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CompletionCallback c = user_read_callback_; 7745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_callback_.Reset(); 7755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_buf_ = NULL; 7765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_read_buf_len_ = 0; 7775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) c.Run(rv); 7785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::DoWriteCallback(int rv) { 7815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(rv != ERR_IO_PENDING); 7825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) DCHECK(!user_write_callback_.is_null()); 7835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Since Run may result in Write being called, clear |user_write_callback_| 7855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // up front. 7865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CompletionCallback c = user_write_callback_; 7875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_callback_.Reset(); 7885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_buf_ = NULL; 7895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) user_write_buf_len_ = 0; 7905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) c.Run(rv); 7915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 7925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 7935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 7945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// NSS calls this if an incoming certificate needs to be verified. 7955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Do nothing but return SECSuccess. 7965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// This is called only in full handshake mode. 7975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Peer certificate is retrieved in HandshakeCallback() later, which is called 7985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// in full handshake mode or in resumption handshake mode. 7995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)SECStatus SSLServerSocketNSS::OwnAuthCertHandler(void* arg, 8005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRFileDesc* socket, 8015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool checksig, 8025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) PRBool is_server) { 8035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // TODO(hclam): Implement. 8045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Tell NSS to not verify the certificate. 8055821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return SECSuccess; 8065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 8075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 8085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// static 8095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// NSS calls this when handshake is completed. 8105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// After the SSL handshake is finished we need to verify the certificate. 8115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)void SSLServerSocketNSS::HandshakeCallback(PRFileDesc* socket, 8125821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void* arg) { 8135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // TODO(hclam): Implement. 8145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 8155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 8165821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)int SSLServerSocketNSS::Init() { 8175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Initialize the NSS SSL library in a threadsafe way. This also 8185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // initializes the NSS base library. 8195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnsureNSSSSLInit(); 8205821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) if (!NSS_IsInitialized()) 8215821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ERR_UNEXPECTED; 8225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 8235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) EnableSSLServerSockets(); 8245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return OK; 8255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} 8265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 8275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 828