net/ssl/openssl_ssl_util.cc - Issue 1474983003: Support for client certs in ssl_server_socket.

Side by Side Diff: net/ssl/openssl_ssl_util.cc

Issue 1474983003: Support for client certs in ssl_server_socket. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Free results from SSL_load_client_CA_file Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/openssl_ssl_util.h"	5 #include "net/ssl/openssl_ssl_util.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8 #include <openssl/err.h>	8 #include <openssl/err.h>

9 #include <openssl/ssl.h>	9 #include <openssl/ssl.h>

10 #include <utility>	10 #include <utility>

11	11

12 #include "base/bind.h"	12 #include "base/bind.h"

13 #include "base/lazy_instance.h"	13 #include "base/lazy_instance.h"

14 #include "base/location.h"	14 #include "base/location.h"

15 #include "base/logging.h"	15 #include "base/logging.h"

16 #include "base/values.h"	16 #include "base/values.h"

17 #include "crypto/openssl_util.h"	17 #include "crypto/openssl_util.h"

18 #include "net/base/net_errors.h"	18 #include "net/base/net_errors.h"

	19 #include "net/ssl/ssl_connection_status_flags.h"

19	20

20 namespace net {	21 namespace net {

21	22

22 SslSetClearMask::SslSetClearMask()	23 SslSetClearMask::SslSetClearMask()

23 : set_mask(0),	24 : set_mask(0),

24 clear_mask(0) {	25 clear_mask(0) {

25 }	26 }

26	27

27 void SslSetClearMask::ConfigureFlag(long flag, bool state) {	28 void SslSetClearMask::ConfigureFlag(long flag, bool state) {

28 (state ? set_mask : clear_mask) \|= flag;	29 (state ? set_mask : clear_mask) \|= flag;

(...skipping 122 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
151	152

152 int MapOpenSSLError(int err, const crypto::OpenSSLErrStackTracer& tracer) {	153 int MapOpenSSLError(int err, const crypto::OpenSSLErrStackTracer& tracer) {

153 OpenSSLErrorInfo error_info;	154 OpenSSLErrorInfo error_info;

154 return MapOpenSSLErrorWithDetails(err, tracer, &error_info);	155 return MapOpenSSLErrorWithDetails(err, tracer, &error_info);

155 }	156 }

156	157

157 int MapOpenSSLErrorWithDetails(int err,	158 int MapOpenSSLErrorWithDetails(int err,

158 const crypto::OpenSSLErrStackTracer& tracer,	159 const crypto::OpenSSLErrStackTracer& tracer,

159 OpenSSLErrorInfo* out_error_info) {	160 OpenSSLErrorInfo* out_error_info) {

160 *out_error_info = OpenSSLErrorInfo();	161 *out_error_info = OpenSSLErrorInfo();

161
davidben 2016/02/04 00:40:12 Guessing you accidentally hit backspace somewhere? Guessing you accidentally hit backspace somewhere? :-) (Unless you actively wanted to remove that line? I don't actually care either way.) ryanchung 2016/02/05 01:56:13 Done. Probably a trigger-happy backspace. Show quoted text On 2016/02/04 00:40:12, davidben (catching up) wrote: > Guessing you accidentally hit backspace somewhere? :-) > > (Unless you actively wanted to remove that line? I don't actually care either > way.) Done. Probably a trigger-happy backspace.
162 switch (err) {	162 switch (err) {

163 case SSL_ERROR_WANT_READ:	163 case SSL_ERROR_WANT_READ:

164 case SSL_ERROR_WANT_WRITE:	164 case SSL_ERROR_WANT_WRITE:

165 return ERR_IO_PENDING;	165 return ERR_IO_PENDING;

166 case SSL_ERROR_SYSCALL:	166 case SSL_ERROR_SYSCALL:

167 LOG(ERROR) << "OpenSSL SYSCALL error, earliest error code in "	167 LOG(ERROR) << "OpenSSL SYSCALL error, earliest error code in "

168 "error queue: " << ERR_peek_error() << ", errno: "	168 "error queue: " << ERR_peek_error() << ", errno: "

169 << errno;	169 << errno;

170 return ERR_FAILED;	170 return ERR_FAILED;

171 case SSL_ERROR_SSL:	171 case SSL_ERROR_SSL:

(...skipping 26 matching lines...) Expand all Loading...
198 }	198 }

199	199

200 NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(	200 NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(

201 int net_error,	201 int net_error,

202 int ssl_error,	202 int ssl_error,

203 const OpenSSLErrorInfo& error_info) {	203 const OpenSSLErrorInfo& error_info) {

204 return base::Bind(&NetLogOpenSSLErrorCallback,	204 return base::Bind(&NetLogOpenSSLErrorCallback,

205 net_error, ssl_error, error_info);	205 net_error, ssl_error, error_info);

206 }	206 }

207	207

	208 void FreeX509Stack(STACK_OF(X509)* ptr) {

	209 sk_X509_pop_free(ptr, X509_free);

	210 }

	211

	212 void FreeX509NameStack(STACK_OF(X509_NAME)* ptr) {

	213 sk_X509_NAME_pop_free(ptr, X509_NAME_free);

	214 }

	215

	216 int GetNetSSLVersion(SSL* ssl) {

	217 switch (SSL_version(ssl)) {

	218 case TLS1_VERSION:

	219 return SSL_CONNECTION_VERSION_TLS1;

	220 case TLS1_1_VERSION:

	221 return SSL_CONNECTION_VERSION_TLS1_1;

	222 case TLS1_2_VERSION:

	223 return SSL_CONNECTION_VERSION_TLS1_2;

	224 default:

	225 NOTREACHED();

	226 return SSL_CONNECTION_VERSION_UNKNOWN;

	227 }

	228 }

	229

	230 ScopedX509 OSCertHandleToOpenSSL(X509Certificate::OSCertHandle os_handle) {

	231 #if defined(USE_OPENSSL_CERTS)

	232 return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));

	233 #else // !defined(USE_OPENSSL_CERTS)

	234 std::string der_encoded;

	235 if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))

	236 return ScopedX509();

	237 const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());

	238 return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size()));

	239 #endif // defined(USE_OPENSSL_CERTS)

	240 }

	241

	242 ScopedX509Stack OSCertHandlesToOpenSSL(

	243 const X509Certificate::OSCertHandles& os_handles) {

	244 ScopedX509Stack stack(sk_X509_new_null());

	245 for (size_t i = 0; i < os_handles.size(); i++) {

	246 ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]);

	247 if (!x509)

	248 return ScopedX509Stack();

	249 sk_X509_push(stack.get(), x509.release());

	250 }

	251 return stack;

	252 }

208 } // namespace net	253 } // namespace net

OLD	NEW

« net/socket/ssl_server_socket_unittest.cc ('K') | « net/ssl/openssl_ssl_util.h ('k') | net/ssl/scoped_openssl_types.h » ('j') | no next file with comments »