Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(439)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/openssl_ssl_util.cc

Issue 1474983003: Support for client certs in ssl_server_socket. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/socket/ssl_server_socket.h ('K') | « net/ssl/openssl_ssl_util.h ('k') | net/ssl/ssl_cert_request_info.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/openssl_ssl_util.cc
diff --git a/net/ssl/openssl_ssl_util.cc b/net/ssl/openssl_ssl_util.cc
index 9830c9a10d90fc41ea28fdc11bd164b9890ab715..e363add036176304de1289e044fb3aa1496b7f26 100644
--- a/net/ssl/openssl_ssl_util.cc
+++ b/net/ssl/openssl_ssl_util.cc
@@ -16,6 +16,7 @@
#include "base/values.h"
#include "crypto/openssl_util.h"
#include "net/base/net_errors.h"
+#include "net/ssl/ssl_connection_status_flags.h"
namespace net {
@@ -239,4 +240,61 @@ NetLog::ParametersCallback CreateNetLogOpenSSLErrorCallback(
net_error, ssl_error, error_info);
}
+void FreeX509Stack(STACK_OF(X509) * ptr) {
+ sk_X509_pop_free(ptr, X509_free);
+}
+
+void FreeX509NameStack(STACK_OF(X509_NAME) * ptr) {
+ sk_X509_NAME_pop_free(ptr, X509_NAME_free);
+}
+
+// Used for encoding the |connection_status| field of an SSLInfo object.
+int EncodeSSLConnectionStatus(int cipher_suite, int compression, int version) {
+ return (cipher_suite & SSL_CONNECTION_CIPHERSUITE_MASK) |
+ ((compression & SSL_CONNECTION_COMPRESSION_MASK)
+ << SSL_CONNECTION_COMPRESSION_SHIFT) |
+ ((version & SSL_CONNECTION_VERSION_MASK)
+ << SSL_CONNECTION_VERSION_SHIFT);
+}
+
+// Returns the net SSL version number (see ssl_connection_status_flags.h) for
+// this SSL connection.
+int GetNetSSLVersion(SSL* ssl) {
+ switch (SSL_version(ssl)) {
+ case TLS1_VERSION:
+ return SSL_CONNECTION_VERSION_TLS1;
+ case 0x0302:
+ return SSL_CONNECTION_VERSION_TLS1_1;
+ case 0x0303:
+ return SSL_CONNECTION_VERSION_TLS1_2;
+ default:
+ NOTREACHED();
+ return SSL_CONNECTION_VERSION_UNKNOWN;
+ }
+}
+
+ScopedX509 OSCertHandleToOpenSSL(X509Certificate::OSCertHandle os_handle) {
+#if defined(USE_OPENSSL_CERTS)
+ return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));
+#else // !defined(USE_OPENSSL_CERTS)
+ std::string der_encoded;
+ if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))
+ return ScopedX509();
+ const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());
+ return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size()));
+#endif // defined(USE_OPENSSL_CERTS)
+}
+
+ScopedX509Stack OSCertHandlesToOpenSSL(
+ const X509Certificate::OSCertHandles& os_handles) {
+ ScopedX509Stack stack(sk_X509_new_null());
+ for (size_t i = 0; i < os_handles.size(); i++) {
+ ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]);
+ if (!x509)
+ return ScopedX509Stack();
+ sk_X509_push(stack.get(), x509.release());
+ }
+ return stack.Pass();
+}
+
} // namespace net
« net/socket/ssl_server_socket.h ('K') | « net/ssl/openssl_ssl_util.h ('k') | net/ssl/ssl_cert_request_info.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698