| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 204 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 | 215 |
| 216 bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketOpenSSL* socket) { | 216 bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketOpenSSL* socket) { |
| 217 return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0; | 217 return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0; |
| 218 } | 218 } |
| 219 | 219 |
| 220 static const SSL_PRIVATE_KEY_METHOD kPrivateKeyMethod; | 220 static const SSL_PRIVATE_KEY_METHOD kPrivateKeyMethod; |
| 221 | 221 |
| 222 private: | 222 private: |
| 223 friend struct base::DefaultSingletonTraits<SSLContext>; | 223 friend struct base::DefaultSingletonTraits<SSLContext>; |
| 224 | 224 |
| 225 void SetKeyLogFile(std::string ssl_keylog_file) { |
| 226 DCHECK(!ssl_keylog_file.empty()); |
| 227 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 228 BIO* bio = BIO_new_file(ssl_keylog_file.c_str(), "a"); |
| 229 if (!bio) { |
| 230 LOG(ERROR) << "Failed to open " << ssl_keylog_file; |
| 231 ERR_print_errors_cb(&LogErrorCallback, NULL); |
| 232 } else { |
| 233 SSL_CTX_set_keylog_bio(ssl_ctx_.get(), bio); |
| 234 } |
| 235 } |
| 236 |
| 225 SSLContext() : session_cache_(SSLClientSessionCacheOpenSSL::Config()) { | 237 SSLContext() : session_cache_(SSLClientSessionCacheOpenSSL::Config()) { |
| 226 crypto::EnsureOpenSSLInit(); | 238 crypto::EnsureOpenSSLInit(); |
| 227 ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0); | 239 ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0); |
| 228 DCHECK_NE(ssl_socket_data_index_, -1); | 240 DCHECK_NE(ssl_socket_data_index_, -1); |
| 229 ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); | 241 ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method())); |
| 230 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL); | 242 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), CertVerifyCallback, NULL); |
| 231 SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL); | 243 SSL_CTX_set_cert_cb(ssl_ctx_.get(), ClientCertRequestCallback, NULL); |
| 232 SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL); | 244 SSL_CTX_set_verify(ssl_ctx_.get(), SSL_VERIFY_PEER, NULL); |
| 233 // This stops |SSL_shutdown| from generating the close_notify message, which | 245 // This stops |SSL_shutdown| from generating the close_notify message, which |
| 234 // is currently not sent on the network. | 246 // is currently not sent on the network. |
| 235 // TODO(haavardm): Remove setting quiet shutdown once 118366 is fixed. | 247 // TODO(haavardm): Remove setting quiet shutdown once 118366 is fixed. |
| 236 SSL_CTX_set_quiet_shutdown(ssl_ctx_.get(), 1); | 248 SSL_CTX_set_quiet_shutdown(ssl_ctx_.get(), 1); |
| 237 // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty. | 249 // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty. |
| 238 // It would be better if the callback were not a global setting, | 250 // It would be better if the callback were not a global setting, |
| 239 // but that is an OpenSSL issue. | 251 // but that is an OpenSSL issue. |
| 240 SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, | 252 SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback, |
| 241 NULL); | 253 NULL); |
| 242 | 254 |
| 243 // Disable the internal session cache. Session caching is handled | 255 // Disable the internal session cache. Session caching is handled |
| 244 // externally (i.e. by SSLClientSessionCacheOpenSSL). | 256 // externally (i.e. by SSLClientSessionCacheOpenSSL). |
| 245 SSL_CTX_set_session_cache_mode( | 257 SSL_CTX_set_session_cache_mode( |
| 246 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); | 258 ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL); |
| 247 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); | 259 SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallback); |
| 248 | 260 |
| 249 scoped_ptr<base::Environment> env(base::Environment::Create()); | 261 scoped_ptr<base::Environment> env(base::Environment::Create()); |
| 250 std::string ssl_keylog_file; | 262 std::string ssl_keylog_file; |
| 251 if (env->GetVar("SSLKEYLOGFILE", &ssl_keylog_file) && | 263 if (env->GetVar("SSLKEYLOGFILE", &ssl_keylog_file) && |
| 252 !ssl_keylog_file.empty()) { | 264 !ssl_keylog_file.empty()) { |
| 253 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 265 SetKeyLogFile(ssl_keylog_file); |
| 254 BIO* bio = BIO_new_file(ssl_keylog_file.c_str(), "a"); | |
| 255 if (!bio) { | |
| 256 LOG(ERROR) << "Failed to open " << ssl_keylog_file; | |
| 257 ERR_print_errors_cb(&LogErrorCallback, NULL); | |
| 258 } else { | |
| 259 SSL_CTX_set_keylog_bio(ssl_ctx_.get(), bio); | |
| 260 } | |
| 261 } | 266 } |
| 262 } | 267 } |
| 263 | 268 |
| 264 static int ClientCertRequestCallback(SSL* ssl, void* arg) { | 269 static int ClientCertRequestCallback(SSL* ssl, void* arg) { |
| 265 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | 270 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 266 DCHECK(socket); | 271 DCHECK(socket); |
| 267 return socket->ClientCertRequestCallback(ssl); | 272 return socket->ClientCertRequestCallback(ssl); |
| 268 } | 273 } |
| 269 | 274 |
| 270 static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) { | 275 static int CertVerifyCallback(X509_STORE_CTX *store_ctx, void *arg) { |
| (...skipping 1896 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2167 OnHandshakeIOComplete(signature_result_); | 2172 OnHandshakeIOComplete(signature_result_); |
| 2168 return; | 2173 return; |
| 2169 } | 2174 } |
| 2170 | 2175 |
| 2171 // During a renegotiation, either Read or Write calls may be blocked on an | 2176 // During a renegotiation, either Read or Write calls may be blocked on an |
| 2172 // asynchronous private key operation. | 2177 // asynchronous private key operation. |
| 2173 PumpReadWriteEvents(); | 2178 PumpReadWriteEvents(); |
| 2174 } | 2179 } |
| 2175 | 2180 |
| 2176 } // namespace net | 2181 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1403863002:
Enable exporting SSLKEYLOGFILE on Android w/ command line arguments (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master