| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "net/base/openssl_util.h" | |
| 6 | |
| 7 #include <openssl/err.h> | |
| 8 | |
| 9 #include "base/logging.h" | |
| 10 #include "base/platform_thread.h" | |
| 11 | |
| 12 namespace net { | |
| 13 | |
| 14 namespace { | |
| 15 | |
| 16 // We do certificate verification after handshake, so we disable the default | |
| 17 // by registering a no-op verify function. | |
| 18 int NoOpVerifyCallback(X509_STORE_CTX*, void *) { | |
| 19 DVLOG(3) << "skipping cert verify"; | |
| 20 return 1; | |
| 21 } | |
| 22 | |
| 23 unsigned long CurrentThreadId() { | |
| 24 return static_cast<unsigned long>(PlatformThread::CurrentId()); | |
| 25 } | |
| 26 | |
| 27 SSL_CTX* CreateSSL_CTX() { | |
| 28 SSL_load_error_strings(); | |
| 29 SSL_library_init(); | |
| 30 OpenSSL_add_all_algorithms(); | |
| 31 return SSL_CTX_new(SSLv23_client_method()); | |
| 32 } | |
| 33 | |
| 34 } // namespace | |
| 35 | |
| 36 OpenSSLInitSingleton::OpenSSLInitSingleton() | |
| 37 : ssl_ctx_(CreateSSL_CTX()), | |
| 38 store_(X509_STORE_new()) { | |
| 39 CHECK(ssl_ctx_.get()); | |
| 40 CHECK(store_.get()); | |
| 41 | |
| 42 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), NoOpVerifyCallback, NULL); | |
| 43 X509_STORE_set_default_paths(store_.get()); | |
| 44 // TODO(bulach): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)). | |
| 45 int num_locks = CRYPTO_num_locks(); | |
| 46 for (int i = 0; i < num_locks; ++i) | |
| 47 locks_.push_back(new Lock()); | |
| 48 CRYPTO_set_locking_callback(LockingCallback); | |
| 49 CRYPTO_set_id_callback(CurrentThreadId); | |
| 50 } | |
| 51 | |
| 52 OpenSSLInitSingleton::~OpenSSLInitSingleton() { | |
| 53 CRYPTO_set_locking_callback(NULL); | |
| 54 EVP_cleanup(); | |
| 55 ERR_free_strings(); | |
| 56 } | |
| 57 | |
| 58 OpenSSLInitSingleton* GetOpenSSLInitSingleton() { | |
| 59 return Singleton<OpenSSLInitSingleton>::get(); | |
| 60 } | |
| 61 | |
| 62 void EnsureOpenSSLInit() { | |
| 63 Singleton<OpenSSLInitSingleton>::get(); | |
| 64 } | |
| 65 | |
| 66 // static | |
| 67 void OpenSSLInitSingleton::LockingCallback(int mode, | |
| 68 int n, | |
| 69 const char* file, | |
| 70 int line) { | |
| 71 GetOpenSSLInitSingleton()->OnLockingCallback(mode, n, file, line); | |
| 72 } | |
| 73 | |
| 74 void OpenSSLInitSingleton::OnLockingCallback(int mode, | |
| 75 int n, | |
| 76 const char* file, | |
| 77 int line) { | |
| 78 CHECK_LT(static_cast<size_t>(n), locks_.size()); | |
| 79 if (mode & CRYPTO_LOCK) | |
| 80 locks_[n]->Acquire(); | |
| 81 else | |
| 82 locks_[n]->Release(); | |
| 83 } | |
| 84 | |
| 85 } // namespace net | |
| 86 | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 4963002:
Refactor EnsureOpenSSLInit and openssl_util into base (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src