OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 472 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
483 rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, | 483 rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, |
484 this); | 484 this); |
485 if (rv != SECSuccess) { | 485 if (rv != SECSuccess) { |
486 Error("BeginSSL", -1, false); | 486 Error("BeginSSL", -1, false); |
487 return -1; | 487 return -1; |
488 } | 488 } |
489 } else { | 489 } else { |
490 LOG(LS_INFO) << "BeginSSL: as server"; | 490 LOG(LS_INFO) << "BeginSSL: as server"; |
491 NSSIdentity *identity; | 491 NSSIdentity *identity; |
492 | 492 |
493 if (identity_.get()) { | 493 if (dtlscertificate_.get()) { |
494 identity = static_cast<NSSIdentity *>(identity_.get()); | 494 identity = static_cast<NSSIdentity *>(dtlscertificate_->identity()); |
495 } else { | 495 } else { |
496 LOG(LS_ERROR) << "Can't be an SSL server without an identity"; | 496 LOG(LS_ERROR) << "Can't be an SSL server without an identity"; |
497 Error("BeginSSL", -1, false); | 497 Error("BeginSSL", -1, false); |
498 return -1; | 498 return -1; |
499 } | 499 } |
500 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(), | 500 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(), |
501 identity->keypair()->privkey(), | 501 identity->keypair()->privkey(), |
502 identity->keypair()->ssl_kea_type()); | 502 identity->keypair()->ssl_kea_type()); |
503 if (rv != SECSuccess) { | 503 if (rv != SECSuccess) { |
504 Error("BeginSSL", -1, false); | 504 Error("BeginSSL", -1, false); |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
655 void NSSStreamAdapter::Cleanup() { | 655 void NSSStreamAdapter::Cleanup() { |
656 if (state_ != SSL_ERROR) { | 656 if (state_ != SSL_ERROR) { |
657 state_ = SSL_CLOSED; | 657 state_ = SSL_CLOSED; |
658 } | 658 } |
659 | 659 |
660 if (ssl_fd_) { | 660 if (ssl_fd_) { |
661 PR_Close(ssl_fd_); | 661 PR_Close(ssl_fd_); |
662 ssl_fd_ = NULL; | 662 ssl_fd_ = NULL; |
663 } | 663 } |
664 | 664 |
665 identity_.reset(); | 665 dtlscertificate_ = nullptr; |
666 peer_certificate_.reset(); | 666 peer_certificate_.reset(); |
667 | 667 |
668 Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT); | 668 Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT); |
669 } | 669 } |
670 | 670 |
671 bool NSSStreamAdapter::GetDigestLength(const std::string& algorithm, | 671 bool NSSStreamAdapter::GetDigestLength(const std::string& algorithm, |
672 size_t* length) { | 672 size_t* length) { |
673 return NSSCertificate::GetDigestLength(algorithm, length); | 673 return NSSCertificate::GetDigestLength(algorithm, length); |
674 } | 674 } |
675 | 675 |
(...skipping 233 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
909 } | 909 } |
910 | 910 |
911 | 911 |
912 SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd, | 912 SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd, |
913 CERTDistNames *caNames, | 913 CERTDistNames *caNames, |
914 CERTCertificate **pRetCert, | 914 CERTCertificate **pRetCert, |
915 SECKEYPrivateKey **pRetKey) { | 915 SECKEYPrivateKey **pRetKey) { |
916 LOG(LS_INFO) << "Client cert requested"; | 916 LOG(LS_INFO) << "Client cert requested"; |
917 NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg); | 917 NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg); |
918 | 918 |
919 if (!stream->identity_.get()) { | 919 if (!stream->dtlscertificate_.get()) { |
920 LOG(LS_ERROR) << "No identity available"; | 920 LOG(LS_ERROR) << "No identity available"; |
921 return SECFailure; | 921 return SECFailure; |
922 } | 922 } |
923 | 923 |
924 NSSIdentity *identity = static_cast<NSSIdentity *>(stream->identity_.get()); | 924 NSSIdentity *identity = static_cast<NSSIdentity *>( |
| 925 stream->dtlscertificate_->identity()); |
925 // Destroyed internally by NSS | 926 // Destroyed internally by NSS |
926 *pRetCert = CERT_DupCertificate(identity->certificate().certificate()); | 927 *pRetCert = CERT_DupCertificate(identity->certificate().certificate()); |
927 *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey()); | 928 *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey()); |
928 | 929 |
929 return SECSuccess; | 930 return SECSuccess; |
930 } | 931 } |
931 | 932 |
932 bool NSSStreamAdapter::GetSslCipher(std::string* cipher) { | 933 bool NSSStreamAdapter::GetSslCipher(std::string* cipher) { |
933 ASSERT(state_ == SSL_CONNECTED); | 934 ASSERT(state_ == SSL_CONNECTED); |
934 if (state_ != SSL_CONNECTED) | 935 if (state_ != SSL_CONNECTED) |
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1118 return kDefaultSslEcCipher12; | 1119 return kDefaultSslEcCipher12; |
1119 } | 1120 } |
1120 } else { | 1121 } else { |
1121 return std::string(); | 1122 return std::string(); |
1122 } | 1123 } |
1123 } | 1124 } |
1124 | 1125 |
1125 } // namespace rtc | 1126 } // namespace rtc |
1126 | 1127 |
1127 #endif // HAVE_NSS_SSL_H | 1128 #endif // HAVE_NSS_SSL_H |
OLD | NEW |