Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(55)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 1076063002: Remove certificates from Channel ID (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Udpate KeysEqual to fail if preconditions fail Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 1009 matching lines...) Expand 10 before | Expand all | Expand 10 after
1020 // Verify the certificate. 1020 // Verify the certificate.
1021 UpdateServerCert(); 1021 UpdateServerCert();
1022 GotoState(STATE_VERIFY_CERT); 1022 GotoState(STATE_VERIFY_CERT);
1023 return OK; 1023 return OK;
1024 } 1024 }
1025 1025
1026 int SSLClientSocketOpenSSL::DoChannelIDLookup() { 1026 int SSLClientSocketOpenSSL::DoChannelIDLookup() {
1027 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED); 1027 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED);
1028 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); 1028 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE);
1029 return channel_id_service_->GetOrCreateChannelID( 1029 return channel_id_service_->GetOrCreateChannelID(
1030 host_and_port_.host(), 1030 host_and_port_.host(), &channel_id_key_,
1031 &channel_id_private_key_,
1032 &channel_id_cert_,
1033 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, 1031 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
1034 base::Unretained(this)), 1032 base::Unretained(this)),
1035 &channel_id_request_handle_); 1033 &channel_id_request_handle_);
1036 } 1034 }
1037 1035
1038 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) { 1036 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) {
1039 if (result < 0) 1037 if (result < 0)
1040 return result; 1038 return result;
1041 1039
1042 DCHECK_LT(0u, channel_id_private_key_.size()); 1040 if (!channel_id_key_) {
1043 // Decode key.
1044 std::vector<uint8> encrypted_private_key_info;
1045 std::vector<uint8> subject_public_key_info;
1046 encrypted_private_key_info.assign(
1047 channel_id_private_key_.data(),
1048 channel_id_private_key_.data() + channel_id_private_key_.size());
1049 subject_public_key_info.assign(
1050 channel_id_cert_.data(),
1051 channel_id_cert_.data() + channel_id_cert_.size());
1052 scoped_ptr<crypto::ECPrivateKey> ec_private_key(
1053 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
1054 ChannelIDService::kEPKIPassword,
1055 encrypted_private_key_info,
1056 subject_public_key_info));
1057 if (!ec_private_key) {
1058 LOG(ERROR) << "Failed to import Channel ID."; 1041 LOG(ERROR) << "Failed to import Channel ID.";
1059 return ERR_CHANNEL_ID_IMPORT_FAILED; 1042 return ERR_CHANNEL_ID_IMPORT_FAILED;
1060 } 1043 }
1061 1044
1062 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key 1045 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key
1063 // type. 1046 // type.
1064 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 1047 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
1065 int rv = SSL_set1_tls_channel_id(ssl_, ec_private_key->key()); 1048 int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key());
1066 if (!rv) { 1049 if (!rv) {
1067 LOG(ERROR) << "Failed to set Channel ID."; 1050 LOG(ERROR) << "Failed to set Channel ID.";
1068 int err = SSL_get_error(ssl_, rv); 1051 int err = SSL_get_error(ssl_, rv);
1069 return MapOpenSSLError(err, err_tracer); 1052 return MapOpenSSLError(err, err_tracer);
1070 } 1053 }
1071 1054
1072 // Return to the handshake. 1055 // Return to the handshake.
1073 channel_id_sent_ = true; 1056 channel_id_sent_ = true;
1074 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED); 1057 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED);
1075 GotoState(STATE_HANDSHAKE); 1058 GotoState(STATE_HANDSHAKE);
(...skipping 861 matching lines...) Expand 10 before | Expand all | Expand 10 after
1937 } 1920 }
1938 return false; 1921 return false;
1939 } 1922 }
1940 1923
1941 scoped_refptr<X509Certificate> 1924 scoped_refptr<X509Certificate>
1942 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1925 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1943 return server_cert_; 1926 return server_cert_;
1944 } 1927 }
1945 1928
1946 } // namespace net 1929 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698