OLD | NEW |
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 #include "bin/secure_socket.h" | 5 #include "bin/secure_socket.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <fcntl.h> | 8 #include <fcntl.h> |
9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
10 #include <stdio.h> | 10 #include <stdio.h> |
(...skipping 854 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
865 if (context == NULL) { | 865 if (context == NULL) { |
866 DART_CHECK_VALID(Dart_ThrowException(DartUtils::NewDartArgumentError( | 866 DART_CHECK_VALID(Dart_ThrowException(DartUtils::NewDartArgumentError( |
867 "Default SecurityContext not implemented, context cannot be null."))); | 867 "Default SecurityContext not implemented, context cannot be null."))); |
868 } | 868 } |
869 | 869 |
870 ssl_ = SSL_new(context); | 870 ssl_ = SSL_new(context); |
871 SSL_set_bio(ssl_, ssl_side, ssl_side); | 871 SSL_set_bio(ssl_, ssl_side, ssl_side); |
872 SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right? | 872 SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right? |
873 SSL_set_ex_data(ssl_, filter_ssl_index, this); | 873 SSL_set_ex_data(ssl_, filter_ssl_index, this); |
874 | 874 |
875 if (!is_server_) { | 875 if (is_server_) { |
| 876 // Do not request a client certificate. |
| 877 // TODO(24069): Allow server to request a client certificate, when desired. |
| 878 SSL_set_verify(ssl_, SSL_VERIFY_NONE, NULL); |
| 879 } else { |
876 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); | 880 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); |
877 // Sets the hostname in the certificate-checking object, so it is checked | 881 // Sets the hostname in the certificate-checking object, so it is checked |
878 // against the certificate presented by the server. | 882 // against the certificate presented by the server. |
879 X509_VERIFY_PARAM* certificate_checking_parameters_ = SSL_get0_param(ssl_); | 883 X509_VERIFY_PARAM* certificate_checking_parameters_ = SSL_get0_param(ssl_); |
880 hostname_ = strdup(hostname); | 884 hostname_ = strdup(hostname); |
881 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters_, 0); | 885 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters_, 0); |
882 X509_VERIFY_PARAM_set1_host(certificate_checking_parameters_, | 886 X509_VERIFY_PARAM_set1_host(certificate_checking_parameters_, |
883 hostname_, 0); | 887 hostname_, 0); |
884 // TODO(24186) free hostname_ if it is not freed when SSL is destroyed. | 888 // TODO(24186) free hostname_ if it is not freed when SSL is destroyed. |
885 // otherwise, make it a local variable, not a instance field. | 889 // otherwise, make it a local variable, not a instance field. |
886 } | 890 } |
| 891 // Make the connection: |
887 if (is_server_) { | 892 if (is_server_) { |
888 status = SSL_accept(ssl_); | 893 status = SSL_accept(ssl_); |
889 if (SSL_LOG_STATUS) Log::Print("SSL_accept status: %d\n", status); | 894 if (SSL_LOG_STATUS) Log::Print("SSL_accept status: %d\n", status); |
890 if (status != 1) { | 895 if (status != 1) { |
891 // TODO(whesse): expect a needs-data error here. Handle other errors. | 896 // TODO(whesse): expect a needs-data error here. Handle other errors. |
892 error = SSL_get_error(ssl_, status); | 897 error = SSL_get_error(ssl_, status); |
893 if (SSL_LOG_STATUS) Log::Print("SSL_accept error: %d\n", error); | 898 if (SSL_LOG_STATUS) Log::Print("SSL_accept error: %d\n", error); |
894 } | 899 } |
895 } else { | 900 } else { |
896 status = SSL_connect(ssl_); | 901 status = SSL_connect(ssl_); |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1098 } else { | 1103 } else { |
1099 if (SSL_LOG_DATA) Log::Print( | 1104 if (SSL_LOG_DATA) Log::Print( |
1100 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); | 1105 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); |
1101 } | 1106 } |
1102 } | 1107 } |
1103 return bytes_processed; | 1108 return bytes_processed; |
1104 } | 1109 } |
1105 | 1110 |
1106 } // namespace bin | 1111 } // namespace bin |
1107 } // namespace dart | 1112 } // namespace dart |
OLD | NEW |