Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(219)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/jingle_glue/ssl_socket_adapter.cc

Issue 7201018: Remove gmail cert from SSLSocketAdapter. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/jingle_glue/ssl_socket_adapter.h" 5 #include "remoting/jingle_glue/ssl_socket_adapter.h"
6 6
7 #include "base/base64.h" 7 #include "base/base64.h"
8 #include "base/compiler_specific.h" 8 #include "base/compiler_specific.h"
9 #include "base/message_loop.h" 9 #include "base/message_loop.h"
10 #include "jingle/glue/utils.h" 10 #include "jingle/glue/utils.h"
11 #include "net/base/address_list.h" 11 #include "net/base/address_list.h"
12 #include "net/base/cert_verifier.h" 12 #include "net/base/cert_verifier.h"
13 #include "net/base/host_port_pair.h" 13 #include "net/base/host_port_pair.h"
14 #include "net/base/net_errors.h" 14 #include "net/base/net_errors.h"
15 #include "net/base/ssl_config_service.h" 15 #include "net/base/ssl_config_service.h"
16 #include "net/base/sys_addrinfo.h" 16 #include "net/base/sys_addrinfo.h"
17 #include "net/socket/client_socket_factory.h" 17 #include "net/socket/client_socket_factory.h"
18 #include "net/url_request/url_request_context.h" 18 #include "net/url_request/url_request_context.h"
19 19
20 namespace remoting { 20 namespace remoting {
21 21
22 namespace {
23
24 // NSS doesn't load root certificates when running in sandbox, so we
25 // need to have gmail's cert hardcoded.
26 //
27 // TODO(sergeyu): Remove this when we don't make XMPP connection from
28 // inside of sandbox.
29 const char kGmailCertBase64[] =
30 "MIIC2TCCAkKgAwIBAgIDBz+SMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT"
31 "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0"
32 "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcwNDExMTcxNzM4WhcNMTIwNDEwMTcxNzM4"
33 "WjBkMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN"
34 "TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xEjAQBgNVBAMTCWdt"
35 "YWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1Hds2jWwXAVGef06"
36 "7PeSJF/h9BnoYlTdykx0lBTDc92/JLvuq0lJkytqll1UR4kHmF4vwqQkwcqOK03w"
37 "k8qDK8fh6M13PYhvPEXP02ozsuL3vqE8hcCva2B9HVnOPY17Qok37rYQ+yexswN5"
38 "eh0+93nddEa1PyHgEQ8CDKCJaWUCAwEAAaOBrjCBqzAOBgNVHQ8BAf8EBAMCBPAw"
39 "HQYDVR0OBBYEFJcjzXEevMEDIEvuQiT7puEJY737MDoGA1UdHwQzMDEwL6AtoCuG"
40 "KWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsMB8GA1Ud"
41 "IwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdJQQWMBQGCCsGAQUFBwMB"
42 "BggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQB74cGpjdENf9U+WEd29dfzY3Tz"
43 "JehnlY5cH5as8bOTe7PNPzj967OJ7TPWEycMwlS7CsqIsmfRGOFFfoHxo+iPugZ8"
44 "uO2Kd++QHCXL+MumGjkW4FcTFmceV/Q12Wdh3WApcqIZZciQ79MAeFh7bzteAYqf"
45 "wC98YQwylC9wVhf1yw==";
46
47 } // namespace
48
49 SSLSocketAdapter* SSLSocketAdapter::Create(AsyncSocket* socket) { 22 SSLSocketAdapter* SSLSocketAdapter::Create(AsyncSocket* socket) {
50 return new SSLSocketAdapter(socket); 23 return new SSLSocketAdapter(socket);
51 } 24 }
52 25
53 SSLSocketAdapter::SSLSocketAdapter(AsyncSocket* socket) 26 SSLSocketAdapter::SSLSocketAdapter(AsyncSocket* socket)
54 : SSLAdapter(socket), 27 : SSLAdapter(socket),
55 ignore_bad_cert_(false), 28 ignore_bad_cert_(false),
56 cert_verifier_(new net::CertVerifier()), 29 cert_verifier_(new net::CertVerifier()),
57 ALLOW_THIS_IN_INITIALIZER_LIST( 30 ALLOW_THIS_IN_INITIALIZER_LIST(
58 connected_callback_(this, &SSLSocketAdapter::OnConnected)), 31 connected_callback_(this, &SSLSocketAdapter::OnConnected)),
(...skipping 30 matching lines...) Expand all
89 LOG(DFATAL) << "Chrome message loop (needed by SSL certificate " 62 LOG(DFATAL) << "Chrome message loop (needed by SSL certificate "
90 << "verification) does not exist"; 63 << "verification) does not exist";
91 return net::ERR_UNEXPECTED; 64 return net::ERR_UNEXPECTED;
92 } 65 }
93 66
94 // SSLConfigService is not thread-safe, and the default values for SSLConfig 67 // SSLConfigService is not thread-safe, and the default values for SSLConfig
95 // are correct for us, so we don't use the config service to initialize this 68 // are correct for us, so we don't use the config service to initialize this
96 // object. 69 // object.
97 net::SSLConfig ssl_config; 70 net::SSLConfig ssl_config;
98 71
99 std::string gmail_cert_binary;
100 base::Base64Decode(kGmailCertBase64, &gmail_cert_binary);
101 scoped_refptr<net::X509Certificate> gmail_cert =
102 net::X509Certificate::CreateFromBytes(gmail_cert_binary.data(),
103 gmail_cert_binary.size());
104 DCHECK(gmail_cert);
105 net::SSLConfig::CertAndStatus gmail_cert_status;
106 gmail_cert_status.cert = gmail_cert;
107 gmail_cert_status.cert_status = 0;
108 ssl_config.allowed_bad_certs.push_back(gmail_cert_status);
109
110 transport_socket_->set_addr(talk_base::SocketAddress(hostname_, 0)); 72 transport_socket_->set_addr(talk_base::SocketAddress(hostname_, 0));
111 ssl_socket_.reset( 73 ssl_socket_.reset(
112 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( 74 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(
113 transport_socket_, net::HostPortPair(hostname_, 443), ssl_config, 75 transport_socket_, net::HostPortPair(hostname_, 443), ssl_config,
114 NULL /* ssl_host_info */, 76 NULL /* ssl_host_info */,
115 cert_verifier_.get())); 77 cert_verifier_.get()));
116 78
117 int result = ssl_socket_->Connect(&connected_callback_); 79 int result = ssl_socket_->Connect(&connected_callback_);
118 80
119 if (result == net::ERR_IO_PENDING || result == net::OK) { 81 if (result == net::ERR_IO_PENDING || result == net::OK) {
(...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after
402 write_buffer_len_ = buffer_len; 364 write_buffer_len_ = buffer_len;
403 return; 365 return;
404 } 366 }
405 } 367 }
406 was_used_to_convey_data_ = true; 368 was_used_to_convey_data_ = true;
407 callback->RunWithParams(Tuple1<int>(result)); 369 callback->RunWithParams(Tuple1<int>(result));
408 } 370 }
409 } 371 }
410 372
411 } // namespace remoting 373 } // namespace remoting
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698