| OLD | NEW |
|---|
| 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 #include "bin/secure_socket.h" | 5 #include "bin/secure_socket.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <fcntl.h> | 8 #include <fcntl.h> |
| 9 #include <sys/stat.h> | 9 #include <sys/stat.h> |
| 10 #include <stdio.h> | 10 #include <stdio.h> |
| (...skipping 877 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 888 if (is_server_) { | 888 if (is_server_) { |
| 889 // Do not request a client certificate. | 889 // Do not request a client certificate. |
| 890 // TODO(24069): Allow server to request a client certificate, when desired. | 890 // TODO(24069): Allow server to request a client certificate, when desired. |
| 891 SSL_set_verify(ssl_, SSL_VERIFY_NONE, NULL); | 891 SSL_set_verify(ssl_, SSL_VERIFY_NONE, NULL); |
| 892 } else { | 892 } else { |
| 893 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); | 893 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); |
| 894 // Sets the hostname in the certificate-checking object, so it is checked | 894 // Sets the hostname in the certificate-checking object, so it is checked |
| 895 // against the certificate presented by the server. | 895 // against the certificate presented by the server. |
| 896 X509_VERIFY_PARAM* certificate_checking_parameters = SSL_get0_param(ssl_); | 896 X509_VERIFY_PARAM* certificate_checking_parameters = SSL_get0_param(ssl_); |
| 897 hostname_ = strdup(hostname); | 897 hostname_ = strdup(hostname); |
| 898 X509_VERIFY_PARAM_set_flags(certificate_checking_parameters, |
| 899 X509_V_FLAG_PARTIAL_CHAIN | |
| 900 X509_V_FLAG_TRUSTED_FIRST); |
| 898 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters, 0); | 901 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters, 0); |
| 899 X509_VERIFY_PARAM_set1_host(certificate_checking_parameters, | 902 X509_VERIFY_PARAM_set1_host(certificate_checking_parameters, |
| 900 hostname_, strlen(hostname_)); | 903 hostname_, strlen(hostname_)); |
| 901 // TODO(24225) Check return value of set1_host(). | 904 // TODO(24225) Check return value of set1_host(). |
| 902 // TODO(24186) free hostname_ if it is not freed when SSL is destroyed. | 905 // TODO(24186) free hostname_ if it is not freed when SSL is destroyed. |
| 903 // otherwise, make it a local variable, not a instance field. | 906 // otherwise, make it a local variable, not a instance field. |
| 904 } | 907 } |
| 905 // Make the connection: | 908 // Make the connection: |
| 906 if (is_server_) { | 909 if (is_server_) { |
| 907 status = SSL_accept(ssl_); | 910 status = SSL_accept(ssl_); |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 950 if (callback_error != NULL) { | 953 if (callback_error != NULL) { |
| 951 // The SSL_do_handshake will try performing a handshake and might call | 954 // The SSL_do_handshake will try performing a handshake and might call |
| 952 // a CertificateCallback. If the certificate validation | 955 // a CertificateCallback. If the certificate validation |
| 953 // failed the 'callback_error" will be set by the certificateCallback | 956 // failed the 'callback_error" will be set by the certificateCallback |
| 954 // logic and we propagate the error" | 957 // logic and we propagate the error" |
| 955 Dart_PropagateError(callback_error); | 958 Dart_PropagateError(callback_error); |
| 956 } | 959 } |
| 957 if (SSL_LOG_STATUS) Log::Print("SSL_handshake status: %d\n", status); | 960 if (SSL_LOG_STATUS) Log::Print("SSL_handshake status: %d\n", status); |
| 958 if (status != 1) { | 961 if (status != 1) { |
| 959 error = SSL_get_error(ssl_, status); | 962 error = SSL_get_error(ssl_, status); |
| 960 if (SSL_LOG_STATUS) Log::Print("ERROR: %d\n", error); | 963 if (SSL_LOG_STATUS) { |
| 961 ERR_print_errors_cb(printErrorCallback, NULL); | 964 Log::Print("ERROR: %d\n", error); |
| 965 ERR_print_errors_cb(printErrorCallback, NULL); |
| 966 } |
| 962 } | 967 } |
| 963 if (status == 1) { | 968 if (status == 1) { |
| 964 if (in_handshake_) { | 969 if (in_handshake_) { |
| 965 // TODO(24071): Check return value of SSL_get_verify_result, this | 970 // TODO(24071): Check return value of SSL_get_verify_result, this |
| 966 // should give us the hostname check. | 971 // should give us the hostname check. |
| 967 int result = SSL_get_verify_result(ssl_); | 972 int result = SSL_get_verify_result(ssl_); |
| 968 if (SSL_LOG_STATUS) { | 973 if (SSL_LOG_STATUS) { |
| 969 Log::Print("Handshake verification status: %d\n", result); | 974 Log::Print("Handshake verification status: %d\n", result); |
| 970 X509* peer_certificate = SSL_get_peer_certificate(ssl_); | 975 X509* peer_certificate = SSL_get_peer_certificate(ssl_); |
| 971 if (peer_certificate == NULL) { | 976 if (peer_certificate == NULL) { |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1121 } else { | 1126 } else { |
| 1122 if (SSL_LOG_DATA) Log::Print( | 1127 if (SSL_LOG_DATA) Log::Print( |
| 1123 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); | 1128 "WriteEncrypted BIO_read wrote %d bytes\n", bytes_processed); |
| 1124 } | 1129 } |
| 1125 } | 1130 } |
| 1126 return bytes_processed; | 1131 return bytes_processed; |
| 1127 } | 1132 } |
| 1128 | 1133 |
| 1129 } // namespace bin | 1134 } // namespace bin |
| 1130 } // namespace dart | 1135 } // namespace dart |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1381673002:
Allow X509 certificate chains where we trust a certificate in the middle of the chain. (Closed)
Base URL: git@github.com:dart-lang/sdk.git@master