Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(75)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.h

Issue 3571011: implement certificate verification state machine (Closed)
Patch Set: wtc comments Created 10 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
7 #pragma once 7 #pragma once
8 8
9 #include "base/scoped_ptr.h" 9 #include "base/scoped_ptr.h"
10 #include "net/base/cert_verify_result.h"
10 #include "net/base/completion_callback.h" 11 #include "net/base/completion_callback.h"
11 #include "net/base/io_buffer.h" 12 #include "net/base/io_buffer.h"
12 #include "net/base/ssl_config_service.h" 13 #include "net/base/ssl_config_service.h"
13 #include "net/socket/ssl_client_socket.h" 14 #include "net/socket/ssl_client_socket.h"
14 #include "net/socket/client_socket_handle.h" 15 #include "net/socket/client_socket_handle.h"
15 16
16 typedef struct bio_st BIO; 17 typedef struct bio_st BIO;
17 typedef struct ssl_st SSL; 18 typedef struct ssl_st SSL;
18 typedef struct x509_store_ctx_st X509_STORE_CTX; 19 typedef struct x509_store_ctx_st X509_STORE_CTX;
19 20
20 namespace net { 21 namespace net {
21 22
23 class CertVerifier;
22 class SSLCertRequestInfo; 24 class SSLCertRequestInfo;
23 class SSLConfig; 25 class SSLConfig;
24 class SSLInfo; 26 class SSLInfo;
25 27
26 // An SSL client socket implemented with OpenSSL. 28 // An SSL client socket implemented with OpenSSL.
27 class SSLClientSocketOpenSSL : public SSLClientSocket { 29 class SSLClientSocketOpenSSL : public SSLClientSocket {
28 public: 30 public:
29 // Takes ownership of the transport_socket, which may already be connected. 31 // Takes ownership of the transport_socket, which may already be connected.
30 // The given hostname will be compared with the name(s) in the server's 32 // The given hostname will be compared with the name(s) in the server's
31 // certificate during the SSL handshake. ssl_config specifies the SSL 33 // certificate during the SSL handshake. ssl_config specifies the SSL
(...skipping 29 matching lines...) Expand all
61 virtual bool SetSendBufferSize(int32 size); 63 virtual bool SetSendBufferSize(int32 size);
62 64
63 private: 65 private:
64 bool InitOpenSSL(); 66 bool InitOpenSSL();
65 bool Init(); 67 bool Init();
66 void DoReadCallback(int result); 68 void DoReadCallback(int result);
67 void DoWriteCallback(int result); 69 void DoWriteCallback(int result);
68 70
69 bool DoTransportIO(); 71 bool DoTransportIO();
70 int DoHandshake(); 72 int DoHandshake();
73 int DoVerifyCert(int result);
74 int DoVerifyCertComplete(int result);
71 void DoConnectCallback(int result); 75 void DoConnectCallback(int result);
76 void InvalidateSessionIfBadCertificate();
77 X509Certificate* UpdateServerCert();
72 78
73 void OnHandshakeIOComplete(int result); 79 void OnHandshakeIOComplete(int result);
74 void OnSendComplete(int result); 80 void OnSendComplete(int result);
75 void OnRecvComplete(int result); 81 void OnRecvComplete(int result);
76 82
77 int DoHandshakeLoop(int last_io_result); 83 int DoHandshakeLoop(int last_io_result);
78 int DoReadLoop(int result); 84 int DoReadLoop(int result);
79 int DoWriteLoop(int result); 85 int DoWriteLoop(int result);
80 int DoPayloadRead(); 86 int DoPayloadRead();
81 int DoPayloadWrite(); 87 int DoPayloadWrite();
(...skipping 17 matching lines...) Expand all
99 CompletionCallback* user_write_callback_; 105 CompletionCallback* user_write_callback_;
100 106
101 // Used by Read function. 107 // Used by Read function.
102 scoped_refptr<IOBuffer> user_read_buf_; 108 scoped_refptr<IOBuffer> user_read_buf_;
103 int user_read_buf_len_; 109 int user_read_buf_len_;
104 110
105 // Used by Write function. 111 // Used by Write function.
106 scoped_refptr<IOBuffer> user_write_buf_; 112 scoped_refptr<IOBuffer> user_write_buf_;
107 int user_write_buf_len_; 113 int user_write_buf_len_;
108 114
115 // Set when handshake finishes.
116 scoped_refptr<X509Certificate> server_cert_;
117 CertVerifyResult server_cert_verify_result_;
118
109 // Stores client authentication information between ClientAuthHandler and 119 // Stores client authentication information between ClientAuthHandler and
110 // GetSSLCertRequestInfo calls. 120 // GetSSLCertRequestInfo calls.
111 std::vector<scoped_refptr<X509Certificate> > client_certs_; 121 std::vector<scoped_refptr<X509Certificate> > client_certs_;
112 bool client_auth_cert_needed_; 122 bool client_auth_cert_needed_;
113 123
124 scoped_ptr<CertVerifier> verifier_;
125 CompletionCallbackImpl<SSLClientSocketOpenSSL> handshake_io_callback_;
126
114 // OpenSSL stuff 127 // OpenSSL stuff
115 SSL* ssl_; 128 SSL* ssl_;
116 BIO* transport_bio_; 129 BIO* transport_bio_;
117 130
118 scoped_ptr<ClientSocketHandle> transport_; 131 scoped_ptr<ClientSocketHandle> transport_;
119 std::string hostname_; 132 std::string hostname_;
120 SSLConfig ssl_config_; 133 SSLConfig ssl_config_;
121 134
122 bool completed_handshake_; 135 bool completed_handshake_;
123 136
124 enum State { 137 enum State {
125 STATE_NONE, 138 STATE_NONE,
126 STATE_HANDSHAKE, 139 STATE_HANDSHAKE,
127 STATE_VERIFY_CERT, 140 STATE_VERIFY_CERT,
128 STATE_VERIFY_CERT_COMPLETE, 141 STATE_VERIFY_CERT_COMPLETE,
129 }; 142 };
130 State next_handshake_state_; 143 State next_handshake_state_;
131 BoundNetLog net_log_; 144 BoundNetLog net_log_;
132 }; 145 };
133 146
134 } // namespace net 147 } // namespace net
135 148
136 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 149 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
137 150
OLDNEW
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698