| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 972 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 983 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); | 983 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); |
| 984 } | 984 } |
| 985 } | 985 } |
| 986 return net_error; | 986 return net_error; |
| 987 } | 987 } |
| 988 | 988 |
| 989 int SSLClientSocketOpenSSL::DoChannelIDLookup() { | 989 int SSLClientSocketOpenSSL::DoChannelIDLookup() { |
| 990 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED); | 990 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED); |
| 991 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); | 991 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); |
| 992 return channel_id_service_->GetOrCreateChannelID( | 992 return channel_id_service_->GetOrCreateChannelID( |
| 993 host_and_port_.host(), | 993 host_and_port_.host(), &channel_id_key_, |
| 994 &channel_id_private_key_, | |
| 995 &channel_id_cert_, | |
| 996 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | 994 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, |
| 997 base::Unretained(this)), | 995 base::Unretained(this)), |
| 998 &channel_id_request_handle_); | 996 &channel_id_request_handle_); |
| 999 } | 997 } |
| 1000 | 998 |
| 1001 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) { | 999 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) { |
| 1002 if (result < 0) | 1000 if (result < 0) |
| 1003 return result; | 1001 return result; |
| 1004 | 1002 |
| 1005 DCHECK_LT(0u, channel_id_private_key_.size()); | 1003 if (!channel_id_key_) { |
| 1006 // Decode key. | |
| 1007 std::vector<uint8> encrypted_private_key_info; | |
| 1008 std::vector<uint8> subject_public_key_info; | |
| 1009 encrypted_private_key_info.assign( | |
| 1010 channel_id_private_key_.data(), | |
| 1011 channel_id_private_key_.data() + channel_id_private_key_.size()); | |
| 1012 subject_public_key_info.assign( | |
| 1013 channel_id_cert_.data(), | |
| 1014 channel_id_cert_.data() + channel_id_cert_.size()); | |
| 1015 scoped_ptr<crypto::ECPrivateKey> ec_private_key( | |
| 1016 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | |
| 1017 ChannelIDService::kEPKIPassword, | |
| 1018 encrypted_private_key_info, | |
| 1019 subject_public_key_info)); | |
| 1020 if (!ec_private_key) { | |
| 1021 LOG(ERROR) << "Failed to import Channel ID."; | 1004 LOG(ERROR) << "Failed to import Channel ID."; |
| 1022 return ERR_CHANNEL_ID_IMPORT_FAILED; | 1005 return ERR_CHANNEL_ID_IMPORT_FAILED; |
| 1023 } | 1006 } |
| 1024 | 1007 |
| 1025 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key | 1008 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key |
| 1026 // type. | 1009 // type. |
| 1027 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 1010 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 1028 int rv = SSL_set1_tls_channel_id(ssl_, ec_private_key->key()); | 1011 int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key()); |
| 1029 if (!rv) { | 1012 if (!rv) { |
| 1030 LOG(ERROR) << "Failed to set Channel ID."; | 1013 LOG(ERROR) << "Failed to set Channel ID."; |
| 1031 int err = SSL_get_error(ssl_, rv); | 1014 int err = SSL_get_error(ssl_, rv); |
| 1032 return MapOpenSSLError(err, err_tracer); | 1015 return MapOpenSSLError(err, err_tracer); |
| 1033 } | 1016 } |
| 1034 | 1017 |
| 1035 // Return to the handshake. | 1018 // Return to the handshake. |
| 1036 channel_id_sent_ = true; | 1019 channel_id_sent_ = true; |
| 1037 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED); | 1020 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED); |
| 1038 GotoState(STATE_HANDSHAKE); | 1021 GotoState(STATE_HANDSHAKE); |
| (...skipping 849 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1888 | 1871 |
| 1889 return result; | 1872 return result; |
| 1890 } | 1873 } |
| 1891 | 1874 |
| 1892 scoped_refptr<X509Certificate> | 1875 scoped_refptr<X509Certificate> |
| 1893 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1876 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1894 return server_cert_; | 1877 return server_cert_; |
| 1895 } | 1878 } |
| 1896 | 1879 |
| 1897 } // namespace net | 1880 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1076063002:
Remove certificates from Channel ID (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master