net/ssl/openssl_ssl_util.cc - Issue 1474983003: Support for client certs in ssl_server_socket.

Side by Side Diff: net/ssl/openssl_ssl_util.cc

Issue 1474983003: Support for client certs in ssl_server_socket. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Updated browsertest files Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/openssl_ssl_util.h"	5 #include "net/ssl/openssl_ssl_util.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8 #include <openssl/err.h>	8 #include <openssl/err.h>

9 #include <openssl/ssl.h>	9 #include <openssl/ssl.h>

10 #include <utility>	10 #include <utility>

11	11

12 #include "base/bind.h"	12 #include "base/bind.h"

13 #include "base/lazy_instance.h"	13 #include "base/lazy_instance.h"

14 #include "base/location.h"	14 #include "base/location.h"

15 #include "base/logging.h"	15 #include "base/logging.h"

16 #include "base/values.h"	16 #include "base/values.h"

17 #include "crypto/openssl_util.h"	17 #include "crypto/openssl_util.h"

18 #include "net/base/net_errors.h"	18 #include "net/base/net_errors.h"

	19 #include "net/ssl/ssl_connection_status_flags.h"

19	20

20 namespace net {	21 namespace net {

21	22

22 SslSetClearMask::SslSetClearMask()	23 SslSetClearMask::SslSetClearMask()

23 : set_mask(0),	24 : set_mask(0),

24 clear_mask(0) {	25 clear_mask(0) {

25 }	26 }

26	27

27 void SslSetClearMask::ConfigureFlag(long flag, bool state) {	28 void SslSetClearMask::ConfigureFlag(long flag, bool state) {

28 (state ? set_mask : clear_mask) \|= flag;	29 (state ? set_mask : clear_mask) \|= flag;

(...skipping 169 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
198 }	199 }

199	200

200 NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(	201 NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(

201 int net_error,	202 int net_error,

202 int ssl_error,	203 int ssl_error,

203 const OpenSSLErrorInfo& error_info) {	204 const OpenSSLErrorInfo& error_info) {

204 return base::Bind(&NetLogOpenSSLErrorCallback,	205 return base::Bind(&NetLogOpenSSLErrorCallback,

205 net_error, ssl_error, error_info);	206 net_error, ssl_error, error_info);

206 }	207 }

207	208

	209 int GetNetSSLVersion(SSL* ssl) {

	210 switch (SSL_version(ssl)) {

	211 case TLS1_VERSION:

	212 return SSL_CONNECTION_VERSION_TLS1;

	213 case TLS1_1_VERSION:

	214 return SSL_CONNECTION_VERSION_TLS1_1;

	215 case TLS1_2_VERSION:

	216 return SSL_CONNECTION_VERSION_TLS1_2;

	217 default:

	218 NOTREACHED();

	219 return SSL_CONNECTION_VERSION_UNKNOWN;

	220 }

	221 }

	222

	223 ScopedX509 OSCertHandleToOpenSSL(X509Certificate::OSCertHandle os_handle) {

	224 #if defined(USE_OPENSSL_CERTS)

	225 return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));

	226 #else // !defined(USE_OPENSSL_CERTS)

	227 std::string der_encoded;

	228 if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))

	229 return ScopedX509();

	230 const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());

	231 return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size()));

	232 #endif // defined(USE_OPENSSL_CERTS)

	233 }

	234

	235 ScopedX509Stack OSCertHandlesToOpenSSL(

	236 const X509Certificate::OSCertHandles& os_handles) {

	237 ScopedX509Stack stack(sk_X509_new_null());

	238 for (size_t i = 0; i < os_handles.size(); i++) {

	239 ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]);

	240 if (!x509)

	241 return ScopedX509Stack();
	davidben 2016/02/17 22:46:03 Nit: We can write nullptr instead of ScopedFoo() t Nit: We can write nullptr instead of ScopedFoo() these days. ryanchung 2016/02/18 01:07:26 Done. Show quoted text On 2016/02/17 22:46:03, davidben wrote: > Nit: We can write nullptr instead of ScopedFoo() these days. Done.
	242 sk_X509_push(stack.get(), x509.release());

	243 }

	244 return stack;

	245 }
	davidben 2016/02/17 22:46:03 Nit: newline Nit: newline ryanchung 2016/02/18 01:07:26 Done. Show quoted text On 2016/02/17 22:46:03, davidben wrote: > Nit: newline Done.
208 } // namespace net	246 } // namespace net

OLD	NEW

« net/socket/ssl_server_socket_unittest.cc ('K') | « net/ssl/openssl_ssl_util.h ('k') | net/ssl/scoped_openssl_types.h » ('j') | net/ssl/ssl_server_config.h » ('J')