| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_server_socket_nss.h" | 5 #include "net/socket/ssl_server_socket_nss.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <winsock2.h> | 8 #include <winsock2.h> |
| 9 #endif | 9 #endif |
| 10 | 10 |
| (...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 342 PK11SlotInfo *slot = base::GetDefaultNSSKeySlot(); | 342 PK11SlotInfo *slot = base::GetDefaultNSSKeySlot(); |
| 343 if (!slot) { | 343 if (!slot) { |
| 344 CERT_DestroyCertificate(cert); | 344 CERT_DestroyCertificate(cert); |
| 345 return ERR_UNEXPECTED; | 345 return ERR_UNEXPECTED; |
| 346 } | 346 } |
| 347 | 347 |
| 348 SECItem der_private_key_info; | 348 SECItem der_private_key_info; |
| 349 der_private_key_info.data = | 349 der_private_key_info.data = |
| 350 const_cast<unsigned char*>(&key_vector.front()); | 350 const_cast<unsigned char*>(&key_vector.front()); |
| 351 der_private_key_info.len = key_vector.size(); | 351 der_private_key_info.len = key_vector.size(); |
| 352 // The server's RSA private key must be imported into NSS with the |
| 353 // following key usage bits: |
| 354 // - KU_KEY_ENCIPHERMENT, required for the RSA key exchange algorithm. |
| 355 // - KU_DIGITAL_SIGNATURE, required for the DHE_RSA and ECDHE_RSA key |
| 356 // exchange algorithms. |
| 357 const unsigned int key_usage = KU_KEY_ENCIPHERMENT | KU_DIGITAL_SIGNATURE; |
| 352 rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( | 358 rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( |
| 353 slot, &der_private_key_info, NULL, NULL, PR_FALSE, PR_FALSE, | 359 slot, &der_private_key_info, NULL, NULL, PR_FALSE, PR_FALSE, |
| 354 KU_DIGITAL_SIGNATURE, &private_key, NULL); | 360 key_usage, &private_key, NULL); |
| 355 PK11_FreeSlot(slot); | 361 PK11_FreeSlot(slot); |
| 356 if (rv != SECSuccess) { | 362 if (rv != SECSuccess) { |
| 357 CERT_DestroyCertificate(cert); | 363 CERT_DestroyCertificate(cert); |
| 358 return ERR_UNEXPECTED; | 364 return ERR_UNEXPECTED; |
| 359 } | 365 } |
| 360 | 366 |
| 361 // Assign server certificate and private key. | 367 // Assign server certificate and private key. |
| 362 SSLKEAType cert_kea = NSS_FindCertKEAType(cert); | 368 SSLKEAType cert_kea = NSS_FindCertKEAType(cert); |
| 363 rv = SSL_ConfigSecureServer(nss_fd_, cert, private_key, cert_kea); | 369 rv = SSL_ConfigSecureServer(nss_fd_, cert, private_key, cert_kea); |
| 364 CERT_DestroyCertificate(cert); | 370 CERT_DestroyCertificate(cert); |
| (...skipping 303 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 668 << ", net_error " << net_error; | 674 << ", net_error " << net_error; |
| 669 net_log_.AddEvent( | 675 net_log_.AddEvent( |
| 670 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 676 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 671 make_scoped_refptr(new SSLErrorParams(net_error, prerr))); | 677 make_scoped_refptr(new SSLErrorParams(net_error, prerr))); |
| 672 } | 678 } |
| 673 } | 679 } |
| 674 return net_error; | 680 return net_error; |
| 675 } | 681 } |
| 676 | 682 |
| 677 } // namespace net | 683 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6297008:
The SSL server's RSA private key must be imported with the... (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/