| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
| (...skipping 305 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 316 | 316 |
| 317 #if defined(SSL_MODE_SMALL_BUFFERS) | 317 #if defined(SSL_MODE_SMALL_BUFFERS) |
| 318 mode.ConfigureFlag(SSL_MODE_SMALL_BUFFERS, true); | 318 mode.ConfigureFlag(SSL_MODE_SMALL_BUFFERS, true); |
| 319 #endif | 319 #endif |
| 320 | 320 |
| 321 SSL_set_mode(ssl_, mode.set_mask); | 321 SSL_set_mode(ssl_, mode.set_mask); |
| 322 SSL_clear_mode(ssl_, mode.clear_mask); | 322 SSL_clear_mode(ssl_, mode.clear_mask); |
| 323 return true; | 323 return true; |
| 324 } | 324 } |
| 325 | 325 |
| 326 int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, |
| 327 X509** x509, |
| 328 EVP_PKEY** pkey) { |
| 329 DVLOG(3) << "OpenSSL ClientCertRequestCallback called"; |
| 330 DCHECK(ssl == ssl_); |
| 331 DCHECK(*x509 == NULL); |
| 332 DCHECK(*pkey == NULL); |
| 333 |
| 334 if (!ssl_config_.send_client_cert) { |
| 335 client_auth_cert_needed_ = true; |
| 336 return -1; // Suspends handshake. |
| 337 } |
| 338 |
| 339 // Second pass: a client certificate should have been selected. |
| 340 if (ssl_config_.client_cert) { |
| 341 // TODO(joth): We need a way to lookup the private key this |
| 342 // certificate. See http://crbug.com/64951 and example code in |
| 343 // http://codereview.chromium.org/5195001/diff/6001/net/socket/ssl_client_so
cket_openssl.cc |
| 344 NOTIMPLEMENTED(); |
| 345 } |
| 346 |
| 347 // Send no client certificate. |
| 348 return 0; |
| 349 } |
| 350 |
| 326 // SSLClientSocket methods | 351 // SSLClientSocket methods |
| 327 | 352 |
| 328 void SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { | 353 void SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { |
| 329 ssl_info->Reset(); | 354 ssl_info->Reset(); |
| 330 if (!server_cert_) | 355 if (!server_cert_) |
| 331 return; | 356 return; |
| 332 | 357 |
| 333 ssl_info->cert = server_cert_; | 358 ssl_info->cert = server_cert_; |
| 334 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 359 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
| 335 | 360 |
| (...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 535 GotoState(STATE_HANDSHAKE); | 560 GotoState(STATE_HANDSHAKE); |
| 536 } else { | 561 } else { |
| 537 LOG(ERROR) << "handshake failed; returned " << rv | 562 LOG(ERROR) << "handshake failed; returned " << rv |
| 538 << ", SSL error code " << ssl_error | 563 << ", SSL error code " << ssl_error |
| 539 << ", net_error " << net_error; | 564 << ", net_error " << net_error; |
| 540 } | 565 } |
| 541 } | 566 } |
| 542 return net_error; | 567 return net_error; |
| 543 } | 568 } |
| 544 | 569 |
| 545 int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, | |
| 546 X509** x509, | |
| 547 EVP_PKEY** pkey) { | |
| 548 DVLOG(3) << "OpenSSL ClientCertRequestCallback called"; | |
| 549 DCHECK(ssl == ssl_); | |
| 550 DCHECK(*x509 == NULL); | |
| 551 DCHECK(*pkey == NULL); | |
| 552 | |
| 553 if (!ssl_config_.send_client_cert) { | |
| 554 client_auth_cert_needed_ = true; | |
| 555 return -1; // Suspends handshake. | |
| 556 } | |
| 557 | |
| 558 // Second pass: a client certificate should have been selected. | |
| 559 if (ssl_config_.client_cert) { | |
| 560 // TODO(joth): We need a way to lookup the private key this | |
| 561 // certificate. See http://crbug.com/64951 and example code in | |
| 562 // http://codereview.chromium.org/5195001/diff/6001/net/socket/ssl_client_so
cket_openssl.cc | |
| 563 NOTIMPLEMENTED(); | |
| 564 } | |
| 565 | |
| 566 // Send no client certificate. | |
| 567 return 0; | |
| 568 } | |
| 569 | |
| 570 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { | 570 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { |
| 571 DCHECK(server_cert_); | 571 DCHECK(server_cert_); |
| 572 GotoState(STATE_VERIFY_CERT_COMPLETE); | 572 GotoState(STATE_VERIFY_CERT_COMPLETE); |
| 573 int flags = 0; | 573 int flags = 0; |
| 574 | 574 |
| 575 if (ssl_config_.rev_checking_enabled) | 575 if (ssl_config_.rev_checking_enabled) |
| 576 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 576 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
| 577 if (ssl_config_.verify_ev_cert) | 577 if (ssl_config_.verify_ev_cert) |
| 578 flags |= X509Certificate::VERIFY_EV_CERT; | 578 flags |= X509Certificate::VERIFY_EV_CERT; |
| 579 verifier_.reset(new CertVerifier); | 579 verifier_.reset(new CertVerifier); |
| (...skipping 364 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 944 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); | 944 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); |
| 945 | 945 |
| 946 if (rv >= 0) | 946 if (rv >= 0) |
| 947 return rv; | 947 return rv; |
| 948 | 948 |
| 949 int err = SSL_get_error(ssl_, rv); | 949 int err = SSL_get_error(ssl_, rv); |
| 950 return MapOpenSSLError(err); | 950 return MapOpenSSLError(err); |
| 951 } | 951 } |
| 952 | 952 |
| 953 } // namespace net | 953 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 5587001:
Follow-up fixes for comments from wtc on patch http://codereview.chromium.org/5195001 (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src