Index: runtime/bin/secure_socket.h |
diff --git a/runtime/bin/secure_socket.h b/runtime/bin/secure_socket.h |
index 5deccc1e939f952d5e3c0c59ac650061cbadd2cc..cd3611ad0c5326bbdf271877b11c2ddce5940409 100644 |
--- a/runtime/bin/secure_socket.h |
+++ b/runtime/bin/secure_socket.h |
@@ -5,19 +5,19 @@ |
#ifndef BIN_SECURE_SOCKET_H_ |
#define BIN_SECURE_SOCKET_H_ |
+#ifdef DART_IO_SECURE_SOCKET_DISABLED |
+#error "secure_socket.h can only be included on builds with SSL enabled" |
+#endif |
+ |
#include <stdlib.h> |
#include <string.h> |
#include <stdio.h> |
#include <sys/types.h> |
-#if !defined(DART_IO_SECURE_SOCKET_DISABLED) |
-#include <prinit.h> |
-#include <prerror.h> |
-#include <prnetdb.h> |
-#include <ssl.h> |
-#else |
-struct PRFileDesc; |
-#endif |
+#include <openssl/bio.h> |
+#include <openssl/ssl.h> |
+#include <openssl/err.h> |
+#include <openssl/x509.h> |
#include "bin/builtin.h" |
#include "bin/dartutils.h" |
@@ -28,6 +28,10 @@ struct PRFileDesc; |
namespace dart { |
namespace bin { |
+/* These are defined in root_certificates.cc. */ |
+extern const unsigned char* root_certificates_pem; |
+extern unsigned int root_certificates_pem_length; |
+ |
/* |
* SSLFilter encapsulates the NSS SSL(TLS) code in a filter, that communicates |
* with the containing _SecureFilterImpl Dart object through four shared |
@@ -49,20 +53,18 @@ class SSLFilter { |
SSLFilter() |
: callback_error(NULL), |
+ ssl_(NULL), |
string_start_(NULL), |
string_length_(NULL), |
handshake_complete_(NULL), |
bad_certificate_callback_(NULL), |
in_handshake_(false), |
- client_certificate_name_(NULL), |
- filter_(NULL) { } |
+ hostname_(NULL) { } |
void Init(Dart_Handle dart_this); |
- void Connect(const char* host, |
- const RawAddr& raw_addr, |
- int port, |
+ void Connect(const char* hostname, |
+ SSL_CTX* context, |
bool is_server, |
- const char* certificate_name, |
bool request_client_certificate, |
bool require_client_certificate, |
bool send_client_certificate, |
@@ -78,27 +80,29 @@ class SSLFilter { |
Dart_Handle bad_certificate_callback() { |
return Dart_HandleFromPersistent(bad_certificate_callback_); |
} |
- intptr_t ProcessReadPlaintextBuffer(int start, int end); |
- intptr_t ProcessWritePlaintextBuffer(int start1, int end1, |
- int start2, int end2); |
- intptr_t ProcessReadEncryptedBuffer(int start, int end); |
- intptr_t ProcessWriteEncryptedBuffer(int start, int end); |
+ int ProcessReadPlaintextBuffer(int start, int end); |
+ int ProcessWritePlaintextBuffer(int start, int end); |
+ int ProcessReadEncryptedBuffer(int start, int end); |
+ int ProcessWriteEncryptedBuffer(int start, int end); |
bool ProcessAllBuffers(int starts[kNumBuffers], |
int ends[kNumBuffers], |
bool in_handshake); |
Dart_Handle PeerCertificate(); |
- static void InitializeLibrary(const char* certificate_database, |
- const char* password, |
- bool use_builtin_root_certificates, |
- bool report_duplicate_initialization = true); |
+ static void InitializeLibrary(); |
Dart_Handle callback_error; |
static CObject* ProcessFilterRequest(const CObjectArray& request); |
+ // The index of the external data field in _ssl that points to the SSLFilter. |
+ static int filter_ssl_index; |
+ |
+ // TODO(whesse): make private: |
+ SSL* ssl_; |
+ BIO* socket_side_; |
+ |
+ |
private: |
- static const int kMemioBufferSize = 20 * KB; |
static bool library_initialized_; |
- static const char* password_; |
static Mutex* mutex_; // To protect library initialization. |
uint8_t* buffers_[kNumBuffers]; |
@@ -111,8 +115,8 @@ class SSLFilter { |
Dart_PersistentHandle bad_certificate_callback_; |
bool in_handshake_; |
bool is_server_; |
- char* client_certificate_name_; |
- PRFileDesc* filter_; |
+ char* hostname_; |
+ X509_VERIFY_PARAM* certificate_checking_parameters_; |
static bool isBufferEncrypted(int i) { |
return static_cast<BufferIndex>(i) >= kFirstEncrypted; |