Chromium Code Reviews Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
| (...skipping 148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 159 return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0; | 159 return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0; |
| 160 } | 160 } |
| 161 | 161 |
| 162 private: | 162 private: |
| 163 friend struct DefaultSingletonTraits<SSLContext>; | 163 friend struct DefaultSingletonTraits<SSLContext>; |
| 164 | 164 |
| 165 SSLContext() { | 165 SSLContext() { |
| 166 base::EnsureOpenSSLInit(); | 166 base::EnsureOpenSSLInit(); |
| 167 ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0); | 167 ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0); |
| 168 DCHECK_NE(ssl_socket_data_index_, -1); | 168 DCHECK_NE(ssl_socket_data_index_, -1); |
| 169 ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); | 169 ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); |
|
agl
2010/11/30 01:07:27
I think that we should add a TODO here as we might
wtc
2010/11/30 02:14:30
Thanks for the suggestion.
I looked into this. A
| |
| 170 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), NoOpVerifyCallback, NULL); | 170 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), NoOpVerifyCallback, NULL); |
| 171 SSL_CTX_set_session_cache_mode(ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT); | 171 SSL_CTX_set_session_cache_mode(ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT); |
| 172 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallbackStatic); | 172 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallbackStatic); |
| 173 SSL_CTX_sess_set_remove_cb(ssl_ctx_.get(), RemoveSessionCallbackStatic); | 173 SSL_CTX_sess_set_remove_cb(ssl_ctx_.get(), RemoveSessionCallbackStatic); |
| 174 SSL_CTX_set_timeout(ssl_ctx_.get(), kSessionCacheTimeoutSeconds); | 174 SSL_CTX_set_timeout(ssl_ctx_.get(), kSessionCacheTimeoutSeconds); |
| 175 SSL_CTX_sess_set_cache_size(ssl_ctx_.get(), kSessionCacheMaxEntires); | 175 SSL_CTX_sess_set_cache_size(ssl_ctx_.get(), kSessionCacheMaxEntires); |
| 176 } | 176 } |
| 177 | 177 |
| 178 static int NewSessionCallbackStatic(SSL* ssl, SSL_SESSION* session) { | 178 static int NewSessionCallbackStatic(SSL* ssl, SSL_SESSION* session) { |
| 179 return Get()->NewSessionCallback(ssl, session); | 179 return Get()->NewSessionCallback(ssl, session); |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 260 | 260 |
| 261 SSL_set_bio(ssl_, ssl_bio, ssl_bio); | 261 SSL_set_bio(ssl_, ssl_bio, ssl_bio); |
| 262 | 262 |
| 263 #define SET_SSL_CONFIG_OPTION(option, value) \ | 263 #define SET_SSL_CONFIG_OPTION(option, value) \ |
| 264 (((value) ? set_mask : clear_mask) |= (option)) | 264 (((value) ? set_mask : clear_mask) |= (option)) |
| 265 | 265 |
| 266 // OpenSSL defaults some options to on, others to off. To avoid ambiguity, | 266 // OpenSSL defaults some options to on, others to off. To avoid ambiguity, |
| 267 // set everything we care about to an absolute value. | 267 // set everything we care about to an absolute value. |
| 268 long set_mask = 0; | 268 long set_mask = 0; |
| 269 long clear_mask = 0; | 269 long clear_mask = 0; |
| 270 SET_SSL_CONFIG_OPTION(SSL_OP_NO_SSLv2, !ssl_config_.ssl2_enabled); | 270 SET_SSL_CONFIG_OPTION(SSL_OP_NO_SSLv2, true); |
| 271 SET_SSL_CONFIG_OPTION(SSL_OP_NO_SSLv3, !ssl_config_.ssl3_enabled); | 271 SET_SSL_CONFIG_OPTION(SSL_OP_NO_SSLv3, !ssl_config_.ssl3_enabled); |
| 272 SET_SSL_CONFIG_OPTION(SSL_OP_NO_TLSv1, !ssl_config_.tls1_enabled); | 272 SET_SSL_CONFIG_OPTION(SSL_OP_NO_TLSv1, !ssl_config_.tls1_enabled); |
| 273 | 273 |
| 274 // TODO(joth): Set this conditionally, see http://crbug.com/55410 | 274 // TODO(joth): Set this conditionally, see http://crbug.com/55410 |
| 275 SET_SSL_CONFIG_OPTION(SSL_OP_LEGACY_SERVER_CONNECT, true); | 275 SET_SSL_CONFIG_OPTION(SSL_OP_LEGACY_SERVER_CONNECT, true); |
| 276 | 276 |
| 277 // Make sure we haven't got any intersection in the set & clear options. | 277 // Make sure we haven't got any intersection in the set & clear options. |
| 278 DCHECK_EQ(0, set_mask & clear_mask); | 278 DCHECK_EQ(0, set_mask & clear_mask); |
| 279 | 279 |
| 280 SSL_set_options(ssl_, set_mask); | 280 SSL_set_options(ssl_, set_mask); |
| (...skipping 584 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 865 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); | 865 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); |
| 866 | 866 |
| 867 if (rv >= 0) | 867 if (rv >= 0) |
| 868 return rv; | 868 return rv; |
| 869 | 869 |
| 870 int err = SSL_get_error(ssl_, rv); | 870 int err = SSL_get_error(ssl_, rv); |
| 871 return MapOpenSSLError(err); | 871 return MapOpenSSLError(err); |
| 872 } | 872 } |
| 873 | 873 |
| 874 } // namespace net | 874 } // namespace net |
| OLD | NEW |
