Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(490)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: runtime/bin/secure_socket.cc

Issue 1313393003: Do not request a client certificate as the default for SSL. (Closed) Base URL: git@github.com:dart-lang/sdk.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file
2 // for details. All rights reserved. Use of this source code is governed by a 2 // for details. All rights reserved. Use of this source code is governed by a
3 // BSD-style license that can be found in the LICENSE file. 3 // BSD-style license that can be found in the LICENSE file.
4 4
5 #include "bin/secure_socket.h" 5 #include "bin/secure_socket.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <fcntl.h> 8 #include <fcntl.h>
9 #include <sys/stat.h> 9 #include <sys/stat.h>
10 #include <stdio.h> 10 #include <stdio.h>
(...skipping 854 matching lines...) Expand 10 before | Expand all | Expand 10 after
865 if (context == NULL) { 865 if (context == NULL) {
866 DART_CHECK_VALID(Dart_ThrowException(DartUtils::NewDartArgumentError( 866 DART_CHECK_VALID(Dart_ThrowException(DartUtils::NewDartArgumentError(
867 "Default SecurityContext not implemented, context cannot be null."))); 867 "Default SecurityContext not implemented, context cannot be null.")));
868 } 868 }
869 869
870 ssl_ = SSL_new(context); 870 ssl_ = SSL_new(context);
871 SSL_set_bio(ssl_, ssl_side, ssl_side); 871 SSL_set_bio(ssl_, ssl_side, ssl_side);
872 SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right? 872 SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right?
873 SSL_set_ex_data(ssl_, filter_ssl_index, this); 873 SSL_set_ex_data(ssl_, filter_ssl_index, this);
874 874
875 if (!is_server_) { 875 if (is_server_) {
876 // Do not request a client certificate.
877 // TODO(24069): Allow server to request a client certificate, when desired.
878 SSL_set_verify(ssl_, SSL_VERIFY_NONE, NULL);
879 } else {
876 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); 880 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false);
877 // Sets the hostname in the certificate-checking object, so it is checked 881 // Sets the hostname in the certificate-checking object, so it is checked
878 // against the certificate presented by the server. 882 // against the certificate presented by the server.
879 X509_VERIFY_PARAM* certificate_checking_parameters_ = SSL_get0_param(ssl_); 883 X509_VERIFY_PARAM* certificate_checking_parameters_ = SSL_get0_param(ssl_);
880 hostname_ = strdup(hostname); 884 hostname_ = strdup(hostname);
881 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters_, 0); 885 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters_, 0);
882 X509_VERIFY_PARAM_set1_host(certificate_checking_parameters_, 886 X509_VERIFY_PARAM_set1_host(certificate_checking_parameters_,
883 hostname_, 0); 887 hostname_, 0);
884 // TODO(24186) free hostname_ if it is not freed when SSL is destroyed. 888 // TODO(24186) free hostname_ if it is not freed when SSL is destroyed.
885 // otherwise, make it a local variable, not a instance field. 889 // otherwise, make it a local variable, not a instance field.
886 } 890 }
891 // Make the connection:
887 if (is_server_) { 892 if (is_server_) {
888 status = SSL_accept(ssl_); 893 status = SSL_accept(ssl_);
889 if (SSL_LOG_STATUS) Log::Print("SSL_accept status: %d\n", status); 894 if (SSL_LOG_STATUS) Log::Print("SSL_accept status: %d\n", status);
890 if (status != 1) { 895 if (status != 1) {
891 // TODO(whesse): expect a needs-data error here. Handle other errors. 896 // TODO(whesse): expect a needs-data error here. Handle other errors.
892 error = SSL_get_error(ssl_, status); 897 error = SSL_get_error(ssl_, status);
893 if (SSL_LOG_STATUS) Log::Print("SSL_accept error: %d\n", error); 898 if (SSL_LOG_STATUS) Log::Print("SSL_accept error: %d\n", error);
894 } 899 }
895 } else { 900 } else {
896 status = SSL_connect(ssl_); 901 status = SSL_connect(ssl_);
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after
1098 } else { 1103 } else {
1099 if (SSL_LOG_DATA) Log::Print( 1104 if (SSL_LOG_DATA) Log::Print(
1100 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); 1105 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed);
1101 } 1106 }
1102 } 1107 }
1103 return bytes_processed; 1108 return bytes_processed;
1104 } 1109 }
1105 1110
1106 } // namespace bin 1111 } // namespace bin
1107 } // namespace dart 1112 } // namespace dart
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698