Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(250)

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 1076063002: Remove certificates from Channel ID (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 972 matching lines...) Expand 10 before | Expand all | Expand 10 after
983 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); 983 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
984 } 984 }
985 } 985 }
986 return net_error; 986 return net_error;
987 } 987 }
988 988
989 int SSLClientSocketOpenSSL::DoChannelIDLookup() { 989 int SSLClientSocketOpenSSL::DoChannelIDLookup() {
990 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED); 990 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED);
991 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); 991 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE);
992 return channel_id_service_->GetOrCreateChannelID( 992 return channel_id_service_->GetOrCreateChannelID(
993 host_and_port_.host(), 993 host_and_port_.host(), &channel_id_key_,
994 &channel_id_private_key_,
995 &channel_id_cert_,
996 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, 994 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
997 base::Unretained(this)), 995 base::Unretained(this)),
998 &channel_id_request_handle_); 996 &channel_id_request_handle_);
999 } 997 }
1000 998
1001 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) { 999 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) {
1002 if (result < 0) 1000 if (result < 0)
1003 return result; 1001 return result;
1004 1002
1005 DCHECK_LT(0u, channel_id_private_key_.size()); 1003 if (!channel_id_key_) {
1006 // Decode key.
1007 std::vector<uint8> encrypted_private_key_info;
1008 std::vector<uint8> subject_public_key_info;
1009 encrypted_private_key_info.assign(
1010 channel_id_private_key_.data(),
1011 channel_id_private_key_.data() + channel_id_private_key_.size());
1012 subject_public_key_info.assign(
1013 channel_id_cert_.data(),
1014 channel_id_cert_.data() + channel_id_cert_.size());
1015 scoped_ptr<crypto::ECPrivateKey> ec_private_key(
1016 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
1017 ChannelIDService::kEPKIPassword,
1018 encrypted_private_key_info,
1019 subject_public_key_info));
1020 if (!ec_private_key) {
1021 LOG(ERROR) << "Failed to import Channel ID."; 1004 LOG(ERROR) << "Failed to import Channel ID.";
1022 return ERR_CHANNEL_ID_IMPORT_FAILED; 1005 return ERR_CHANNEL_ID_IMPORT_FAILED;
1023 } 1006 }
1024 1007
1025 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key 1008 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key
1026 // type. 1009 // type.
1027 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 1010 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
1028 int rv = SSL_set1_tls_channel_id(ssl_, ec_private_key->key()); 1011 int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key());
1029 if (!rv) { 1012 if (!rv) {
1030 LOG(ERROR) << "Failed to set Channel ID."; 1013 LOG(ERROR) << "Failed to set Channel ID.";
1031 int err = SSL_get_error(ssl_, rv); 1014 int err = SSL_get_error(ssl_, rv);
1032 return MapOpenSSLError(err, err_tracer); 1015 return MapOpenSSLError(err, err_tracer);
1033 } 1016 }
1034 1017
1035 // Return to the handshake. 1018 // Return to the handshake.
1036 channel_id_sent_ = true; 1019 channel_id_sent_ = true;
1037 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED); 1020 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED);
1038 GotoState(STATE_HANDSHAKE); 1021 GotoState(STATE_HANDSHAKE);
(...skipping 849 matching lines...) Expand 10 before | Expand all | Expand 10 after
1888 1871
1889 return result; 1872 return result;
1890 } 1873 }
1891 1874
1892 scoped_refptr<X509Certificate> 1875 scoped_refptr<X509Certificate>
1893 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1876 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1894 return server_cert_; 1877 return server_cert_;
1895 } 1878 }
1896 1879
1897 } // namespace net 1880 } // namespace net
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698