Chromium Code Reviews

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 5594009: Adds first cut implementation of a private key store abstraction for openssl (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ; Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View unified diff | | Annotate | Revision Log
« net/base/openssl_private_key_store.h ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <openssl/ssl.h> 10 #include <openssl/ssl.h>
11 #include <openssl/err.h> 11 #include <openssl/err.h>
12 12
13 #include "base/lock.h" 13 #include "base/lock.h"
14 #include "base/metrics/histogram.h" 14 #include "base/metrics/histogram.h"
15 #include "base/openssl_util.h" 15 #include "base/openssl_util.h"
16 #include "base/singleton.h" 16 #include "base/singleton.h"
17 #include "net/base/cert_verifier.h" 17 #include "net/base/cert_verifier.h"
18 #include "net/base/net_errors.h" 18 #include "net/base/net_errors.h"
19 #include "net/base/openssl_private_key_store.h"
19 #include "net/base/ssl_cert_request_info.h" 20 #include "net/base/ssl_cert_request_info.h"
20 #include "net/base/ssl_connection_status_flags.h" 21 #include "net/base/ssl_connection_status_flags.h"
21 #include "net/base/ssl_info.h" 22 #include "net/base/ssl_info.h"
22 #include "net/socket/ssl_error_params.h" 23 #include "net/socket/ssl_error_params.h"
23 24
24 namespace net { 25 namespace net {
25 26
26 namespace { 27 namespace {
27 28
28 // Enable this to see logging for state machine state transitions. 29 // Enable this to see logging for state machine state transitions.
(...skipping 476 matching lines...)
505 DCHECK(*x509 == NULL); 506 DCHECK(*x509 == NULL);
506 DCHECK(*pkey == NULL); 507 DCHECK(*pkey == NULL);
507 508
508 if (!ssl_config_.send_client_cert) { 509 if (!ssl_config_.send_client_cert) {
509 client_auth_cert_needed_ = true; 510 client_auth_cert_needed_ = true;
510 return -1; // Suspends handshake. 511 return -1; // Suspends handshake.
511 } 512 }
512 513
513 // Second pass: a client certificate should have been selected. 514 // Second pass: a client certificate should have been selected.
514 if (ssl_config_.client_cert) { 515 if (ssl_config_.client_cert) {
515 // TODO(joth): We need a way to lookup the private key this 516 EVP_PKEY* privkey = OpenSSLPrivateKeyStore::GetInstance()->FetchPrivateKey(
516 // certificate. See http://crbug.com/64951 and example code in 517 X509_PUBKEY_get(X509_get_X509_PUBKEY(
517 // http://codereview.chromium.org/5195001/diff/6001/net/socket/ssl_client_so cket_openssl.cc 518 ssl_config_.client_cert->os_cert_handle())));
518 NOTIMPLEMENTED(); 519 if (privkey) {
520 // TODO(joth): (copied from NSS) We should wait for server certificate
521 // verification before sending our credentials. See http://crbug.com/13934
522 *x509 = X509Certificate::DupOSCertHandle(
523 ssl_config_.client_cert->os_cert_handle());
524 *pkey = privkey;
525 return 1;
526 }
527 LOG(WARNING) << "Client cert found without private key";
519 } 528 }
520 529
521 // Send no client certificate. 530 // Send no client certificate.
522 return 0; 531 return 0;
523 } 532 }
524 533
525 // SSLClientSocket methods 534 // SSLClientSocket methods
526 535
527 void SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) { 536 void SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
528 ssl_info->Reset(); 537 ssl_info->Reset();
(...skipping 590 matching lines...)
1119 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); 1128 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
1120 1129
1121 if (rv >= 0) 1130 if (rv >= 0)
1122 return rv; 1131 return rv;
1123 1132
1124 int err = SSL_get_error(ssl_, rv); 1133 int err = SSL_get_error(ssl_, rv);
1125 return MapOpenSSLError(err, err_tracer); 1134 return MapOpenSSLError(err, err_tracer);
1126 } 1135 }
1127 1136
1128 } // namespace net 1137 } // namespace net
OLDNEW
« net/base/openssl_private_key_store.h ('K') | « net/net.gyp ('k') | no next file » | no next file with comments »

Powered by Google App Engine