Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(392)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 5594009: Adds first cut implementation of a private key store abstraction for openssl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: wtc comment from http://codereview.chromium.org/5592003/ Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/net.gyp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <openssl/ssl.h> 10 #include <openssl/ssl.h>
11 #include <openssl/err.h> 11 #include <openssl/err.h>
12 12
13 #include "base/lock.h" 13 #include "base/lock.h"
14 #include "base/metrics/histogram.h" 14 #include "base/metrics/histogram.h"
15 #include "base/openssl_util.h" 15 #include "base/openssl_util.h"
16 #include "base/singleton.h" 16 #include "base/singleton.h"
17 #include "net/base/cert_verifier.h" 17 #include "net/base/cert_verifier.h"
18 #include "net/base/net_errors.h" 18 #include "net/base/net_errors.h"
19 #include "net/base/openssl_private_key_store.h"
19 #include "net/base/ssl_cert_request_info.h" 20 #include "net/base/ssl_cert_request_info.h"
20 #include "net/base/ssl_connection_status_flags.h" 21 #include "net/base/ssl_connection_status_flags.h"
21 #include "net/base/ssl_info.h" 22 #include "net/base/ssl_info.h"
22 #include "net/socket/ssl_error_params.h" 23 #include "net/socket/ssl_error_params.h"
23 24
24 namespace net { 25 namespace net {
25 26
26 namespace { 27 namespace {
27 28
28 // Enable this to see logging for state machine state transitions. 29 // Enable this to see logging for state machine state transitions.
(...skipping 492 matching lines...) Expand 10 before | Expand all | Expand 10 after
521 DCHECK(*x509 == NULL); 522 DCHECK(*x509 == NULL);
522 DCHECK(*pkey == NULL); 523 DCHECK(*pkey == NULL);
523 524
524 if (!ssl_config_.send_client_cert) { 525 if (!ssl_config_.send_client_cert) {
525 client_auth_cert_needed_ = true; 526 client_auth_cert_needed_ = true;
526 return -1; // Suspends handshake. 527 return -1; // Suspends handshake.
527 } 528 }
528 529
529 // Second pass: a client certificate should have been selected. 530 // Second pass: a client certificate should have been selected.
530 if (ssl_config_.client_cert) { 531 if (ssl_config_.client_cert) {
531 // TODO(joth): We need a way to lookup the private key this 532 EVP_PKEY* privkey = OpenSSLPrivateKeyStore::GetInstance()->FetchPrivateKey(
532 // certificate. See http://crbug.com/64951 and example code in 533 X509_PUBKEY_get(X509_get_X509_PUBKEY(
533 // http://codereview.chromium.org/5195001/diff/6001/net/socket/ssl_client_so cket_openssl.cc 534 ssl_config_.client_cert->os_cert_handle())));
534 NOTIMPLEMENTED(); 535 if (privkey) {
536 // TODO(joth): (copied from NSS) We should wait for server certificate
537 // verification before sending our credentials. See http://crbug.com/13934
538 *x509 = X509Certificate::DupOSCertHandle(
539 ssl_config_.client_cert->os_cert_handle());
540 *pkey = privkey;
541 return 1;
542 }
543 LOG(WARNING) << "Client cert found without private key";
535 } 544 }
536 545
537 // Send no client certificate. 546 // Send no client certificate.
538 return 0; 547 return 0;
539 } 548 }
540 549
541 // SSLClientSocket methods 550 // SSLClientSocket methods
542 551
543 void SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { 552 void SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
544 ssl_info->Reset(); 553 ssl_info->Reset();
(...skipping 627 matching lines...) Expand 10 before | Expand all | Expand 10 after
1172 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); 1181 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
1173 1182
1174 if (rv >= 0) 1183 if (rv >= 0)
1175 return rv; 1184 return rv;
1176 1185
1177 int err = SSL_get_error(ssl_, rv); 1186 int err = SSL_get_error(ssl_, rv);
1178 return MapOpenSSLError(err, err_tracer); 1187 return MapOpenSSLError(err, err_tracer);
1179 } 1188 }
1180 1189
1181 } // namespace net 1190 } // namespace net
OLDNEW
« no previous file with comments | « net/net.gyp ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698