net/ssl/openssl_ssl_util.cc - Issue 1474983003: Support for client certs in ssl_server_socket.

Side by Side Diff: net/ssl/openssl_ssl_util.cc

Issue 1474983003: Support for client certs in ssl_server_socket. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Simplified CertVerifyCallback Created 5 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/ssl/openssl_ssl_util.h"	5 #include "net/ssl/openssl_ssl_util.h"

6	6

7 #include <errno.h>	7 #include <errno.h>

8	8

9 #include <openssl/err.h>	9 #include <openssl/err.h>

10 #include <openssl/ssl.h>	10 #include <openssl/ssl.h>

11	11

12 #include "base/bind.h"	12 #include "base/bind.h"

13 #include "base/lazy_instance.h"	13 #include "base/lazy_instance.h"

14 #include "base/location.h"	14 #include "base/location.h"

15 #include "base/logging.h"	15 #include "base/logging.h"

16 #include "base/values.h"	16 #include "base/values.h"

17 #include "crypto/openssl_util.h"	17 #include "crypto/openssl_util.h"

18 #include "net/base/net_errors.h"	18 #include "net/base/net_errors.h"

	19 #include "net/ssl/ssl_connection_status_flags.h"

19	20

20 namespace net {	21 namespace net {

21	22

22 SslSetClearMask::SslSetClearMask()	23 SslSetClearMask::SslSetClearMask()

23 : set_mask(0),	24 : set_mask(0),

24 clear_mask(0) {	25 clear_mask(0) {

25 }	26 }

26	27

27 void SslSetClearMask::ConfigureFlag(long flag, bool state) {	28 void SslSetClearMask::ConfigureFlag(long flag, bool state) {

28 (state ? set_mask : clear_mask) \|= flag;	29 (state ? set_mask : clear_mask) \|= flag;

(...skipping 203 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
232 }	233 }

233	234

234 NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(	235 NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(

235 int net_error,	236 int net_error,

236 int ssl_error,	237 int ssl_error,

237 const OpenSSLErrorInfo& error_info) {	238 const OpenSSLErrorInfo& error_info) {

238 return base::Bind(&NetLogOpenSSLErrorCallback,	239 return base::Bind(&NetLogOpenSSLErrorCallback,

239 net_error, ssl_error, error_info);	240 net_error, ssl_error, error_info);

240 }	241 }

241	242

	243 void FreeX509Stack(STACK_OF(X509) * ptr) {

	244 sk_X509_pop_free(ptr, X509_free);

	245 }

	246

	247 void FreeX509NameStack(STACK_OF(X509_NAME) * ptr) {

	248 sk_X509_NAME_pop_free(ptr, X509_NAME_free);

	249 }

	250

	251 // Used for encoding the \|connection_status\| field of an SSLInfo object.

	252 int EncodeSSLConnectionStatus(int cipher_suite, int compression, int version) {

	253 return (cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) \|

	254 ((compression & SSL_CONNECTION_COMPRESSION_MASK)

	255 << SSL_CONNECTION_COMPRESSION_SHIFT) \|

	256 ((version & SSL_CONNECTION_VERSION_MASK)

	257 << SSL_CONNECTION_VERSION_SHIFT);

	258 }

	259

	260 // Returns the net SSL version number (see ssl_connection_status_flags.h) for

	261 // this SSL connection.

	262 int GetNetSSLVersion(SSL* ssl) {
	svaldez 2015/12/14 22:05:41 Can we not use TLS1_1_VERSION, TLS1_2_VERSION in t Can we not use TLS1_1_VERSION, TLS1_2_VERSION in the switch? ryanchung 2015/12/14 22:31:15 Done. Show quoted text On 2015/12/14 22:05:41, svaldez wrote: > Can we not use TLS1_1_VERSION, TLS1_2_VERSION in the switch? Done.
	263 switch (SSL_version(ssl)) {

	264 case TLS1_VERSION:

	265 return SSL_CONNECTION_VERSION_TLS1;

	266 case 0x0302:

	267 return SSL_CONNECTION_VERSION_TLS1_1;

	268 case 0x0303:

	269 return SSL_CONNECTION_VERSION_TLS1_2;

	270 default:

	271 NOTREACHED();

	272 return SSL_CONNECTION_VERSION_UNKNOWN;

	273 }

	274 }

	275

	276 ScopedX509 OSCertHandleToOpenSSL(X509Certificate::OSCertHandle os_handle) {

	277 #if defined(USE_OPENSSL_CERTS)

	278 return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));

	279 #else // !defined(USE_OPENSSL_CERTS)
	svaldez 2015/12/14 22:05:41 nit: #else //... (2 spaces) nit: #else //... (2 spaces) ryanchung 2015/12/14 22:31:15 Done. Every time I run git cl format, it adds the Show quoted text On 2015/12/14 22:05:41, svaldez wrote: > nit: #else //... (2 spaces) Done. Every time I run git cl format, it adds the 3rd space in for some reason.
	280 std::string der_encoded;

	281 if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))

	282 return ScopedX509();

	283 const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());

	284 return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size()));

	285 #endif // defined(USE_OPENSSL_CERTS)

	286 }

	287

	288 ScopedX509Stack OSCertHandlesToOpenSSL(

	289 const X509Certificate::OSCertHandles& os_handles) {

	290 ScopedX509Stack stack(sk_X509_new_null());

	291 for (size_t i = 0; i < os_handles.size(); i++) {

	292 ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]);

	293 if (!x509)

	294 return ScopedX509Stack();

	295 sk_X509_push(stack.get(), x509.release());

	296 }

	297 return stack.Pass();

	298 }

	299

242 } // namespace net	300 } // namespace net

OLD	NEW

« net/cert/mock_client_cert_verifier.cc ('K') | « net/ssl/openssl_ssl_util.h ('k') | net/ssl/ssl_cert_request_info.h » ('j') | no next file with comments »