Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(190)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_server_socket_nss.cc

Issue 1376593007: SSL in EmbeddedTestServer (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Adding cert check unittest. Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_server_socket_nss.h ('k') | net/socket/ssl_server_socket_openssl.h » ('j') | net/test/embedded_test_server/embedded_test_server_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_server_socket_nss.h" 5 #include "net/socket/ssl_server_socket_nss.h"
6 6
7 #if defined(OS_WIN) 7 #if defined(OS_WIN)
8 #include <winsock2.h> 8 #include <winsock2.h>
9 #endif 9 #endif
10 10
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
76 } // namespace 76 } // namespace
77 77
78 void EnableSSLServerSockets() { 78 void EnableSSLServerSockets() {
79 g_nss_ssl_server_init_singleton.Get(); 79 g_nss_ssl_server_init_singleton.Get();
80 } 80 }
81 81
82 scoped_ptr<SSLServerSocket> CreateSSLServerSocket( 82 scoped_ptr<SSLServerSocket> CreateSSLServerSocket(
83 scoped_ptr<StreamSocket> socket, 83 scoped_ptr<StreamSocket> socket,
84 X509Certificate* cert, 84 X509Certificate* cert,
85 crypto::RSAPrivateKey* key, 85 crypto::RSAPrivateKey* key,
86 const SSLConfig& ssl_config) { 86 const SSLServerConfig& ssl_config) {
87 DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been" 87 DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been"
88 << " called yet!"; 88 << " called yet!";
89 89
90 return scoped_ptr<SSLServerSocket>( 90 return scoped_ptr<SSLServerSocket>(
91 new SSLServerSocketNSS(socket.Pass(), cert, key, ssl_config)); 91 new SSLServerSocketNSS(socket.Pass(), cert, key, ssl_config));
92 } 92 }
93 93
94 SSLServerSocketNSS::SSLServerSocketNSS( 94 SSLServerSocketNSS::SSLServerSocketNSS(
95 scoped_ptr<StreamSocket> transport_socket, 95 scoped_ptr<StreamSocket> transport_socket,
96 scoped_refptr<X509Certificate> cert, 96 scoped_refptr<X509Certificate> cert,
97 crypto::RSAPrivateKey* key, 97 crypto::RSAPrivateKey* key,
98 const SSLConfig& ssl_config) 98 const SSLServerConfig& ssl_config)
99 : transport_send_busy_(false), 99 : transport_send_busy_(false),
100 transport_recv_busy_(false), 100 transport_recv_busy_(false),
101 user_read_buf_len_(0), 101 user_read_buf_len_(0),
102 user_write_buf_len_(0), 102 user_write_buf_len_(0),
103 nss_fd_(NULL), 103 nss_fd_(NULL),
104 nss_bufs_(NULL), 104 nss_bufs_(NULL),
105 transport_socket_(transport_socket.Pass()), 105 transport_socket_(transport_socket.Pass()),
106 ssl_config_(ssl_config), 106 ssl_config_(ssl_config),
107 cert_(cert), 107 cert_(cert),
108 next_handshake_state_(STATE_NONE), 108 next_handshake_state_(STATE_NONE),
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after
331 /* Push SSL onto our fake I/O socket */ 331 /* Push SSL onto our fake I/O socket */
332 nss_fd_ = SSL_ImportFD(NULL, nss_fd_); 332 nss_fd_ = SSL_ImportFD(NULL, nss_fd_);
333 if (nss_fd_ == NULL) { 333 if (nss_fd_ == NULL) {
334 LogFailedNSSFunction(net_log_, "SSL_ImportFD", ""); 334 LogFailedNSSFunction(net_log_, "SSL_ImportFD", "");
335 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code. 335 return ERR_OUT_OF_MEMORY; // TODO(port): map NSPR/NSS error code.
336 } 336 }
337 // TODO(port): set more ssl options! Check errors! 337 // TODO(port): set more ssl options! Check errors!
338 338
339 int rv; 339 int rv;
340 340
341 if (ssl_config_.require_client_cert) {
342 rv = SSL_OptionSet(nss_fd_, SSL_REQUEST_CERTIFICATE, PR_TRUE);
343 if (rv != SECSuccess) {
344 LogFailedNSSFunction(net_log_, "SSL_OptionSet",
345 "SSL_REQUEST_CERTIFICATE");
346 return ERR_UNEXPECTED;
347 }
348 }
349
341 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); 350 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE);
342 if (rv != SECSuccess) { 351 if (rv != SECSuccess) {
343 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); 352 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY");
344 return ERR_UNEXPECTED; 353 return ERR_UNEXPECTED;
345 } 354 }
346 355
347 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE); 356 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE);
348 if (rv != SECSuccess) { 357 if (rv != SECSuccess) {
349 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); 358 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2");
350 return ERR_UNEXPECTED; 359 return ERR_UNEXPECTED;
(...skipping 488 matching lines...) Expand 10 before | Expand all | Expand 10 after
839 // initializes the NSS base library. 848 // initializes the NSS base library.
840 EnsureNSSSSLInit(); 849 EnsureNSSSSLInit();
841 if (!NSS_IsInitialized()) 850 if (!NSS_IsInitialized())
842 return ERR_UNEXPECTED; 851 return ERR_UNEXPECTED;
843 852
844 EnableSSLServerSockets(); 853 EnableSSLServerSockets();
845 return OK; 854 return OK;
846 } 855 }
847 856
848 } // namespace net 857 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_server_socket_nss.h ('k') | net/socket/ssl_server_socket_openssl.h » ('j') | net/test/embedded_test_server/embedded_test_server_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698