Support for client certs in ssl_server_socket.

net/socket/ssl_client_socket_openssl.cc

Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 82ced7cbfeabb55172b155d570b169e92e35cbb1..c97422fb5b60a58233e82ec5ed2cec6c36828f38 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -95,64 +95,6 @@ const uint8_t kTbProtocolVersionMinor = 3;
 const uint8_t kTbMinProtocolVersionMajor = 0;
 const uint8_t kTbMinProtocolVersionMinor = 2;
 
-void FreeX509Stack(STACK_OF(X509)* ptr) {
-  sk_X509_pop_free(ptr, X509_free);
-}
-
-using ScopedX509Stack = crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>;
-
-// Used for encoding the |connection_status| field of an SSLInfo object.
-int EncodeSSLConnectionStatus(uint16_t cipher_suite,
-                              int compression,
-                              int version) {
-  return cipher_suite |
-         ((compression & SSL_CONNECTION_COMPRESSION_MASK) <<
-          SSL_CONNECTION_COMPRESSION_SHIFT) |
-         ((version & SSL_CONNECTION_VERSION_MASK) <<
-          SSL_CONNECTION_VERSION_SHIFT);
-}
-
-// Returns the net SSL version number (see ssl_connection_status_flags.h) for
-// this SSL connection.
-int GetNetSSLVersion(SSL* ssl) {
-  switch (SSL_version(ssl)) {
-    case TLS1_VERSION:
-      return SSL_CONNECTION_VERSION_TLS1;
-    case TLS1_1_VERSION:
-      return SSL_CONNECTION_VERSION_TLS1_1;
-    case TLS1_2_VERSION:
-      return SSL_CONNECTION_VERSION_TLS1_2;
-    default:
-      NOTREACHED();
-      return SSL_CONNECTION_VERSION_UNKNOWN;
-  }
-}
-
-ScopedX509 OSCertHandleToOpenSSL(
-    X509Certificate::OSCertHandle os_handle) {
-#if defined(USE_OPENSSL_CERTS)
-  return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));
-#else  // !defined(USE_OPENSSL_CERTS)
-  std::string der_encoded;
-  if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))
-    return ScopedX509();
-  const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());
-  return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size()));
-#endif  // defined(USE_OPENSSL_CERTS)
-}
-
-ScopedX509Stack OSCertHandlesToOpenSSL(
-    const X509Certificate::OSCertHandles& os_handles) {
-  ScopedX509Stack stack(sk_X509_new_null());
-  for (size_t i = 0; i < os_handles.size(); i++) {
-    ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]);
-    if (!x509)
-      return ScopedX509Stack();
-    sk_X509_push(stack.get(), x509.release());
-  }
-  return stack;
-}
-
 bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {
   switch (EVP_MD_type(md)) {
     case NID_md5_sha1:
@@ -455,7 +397,7 @@ class SSLClientSocketOpenSSL::PeerCertificateChain {
   }
 
  private:
-  ScopedX509Stack openssl_chain_;
+  ScopedX509_STACK openssl_chain_;
 };
 
 SSLClientSocketOpenSSL::PeerCertificateChain&
@@ -807,9 +749,11 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
   ssl_info->key_exchange_info =
       SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_));
 
-  ssl_info->connection_status = EncodeSSLConnectionStatus(
-      static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), 0 /* no compression */,
-      GetNetSSLVersion(ssl_));
+  SSLConnectionStatusSetCipherSuite(
+      static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)),
+      &ssl_info->connection_status);
+  SSLConnectionStatusSetVersion(GetNetSSLVersion(ssl_),
+                                &ssl_info->connection_status);

[davidben, 2016/01/25 20:56:10]

Why did this change?

[ryanchung, 2016/01/29 23:22:12]

You mentioned compression doesn't exists anymore and that there's
SSLConnectionStatusSetCipherSuite and SSLConnectionStatusSetVersion so I
interpreted that I should remove EncodeSSLConnectionStatus. Please correct me if
I interpreted this wrong.

Quote:

[davidben, 2016/02/04 00:40:11]

Derp! Sorry, my bad. I wasn't paying attention and completely forgot
EncodeSSLConnectionStatus was part of this file.

 
   if (!SSL_get_secure_renegotiation_support(ssl_))
     ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
@@ -1875,7 +1819,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
       return -1;
     }
 
-    ScopedX509Stack chain = OSCertHandlesToOpenSSL(
+    ScopedX509_STACK chain = OSCertHandlesToOpenSSL(
         ssl_config_.client_cert->GetIntermediateCertificates());
     if (!chain) {
       LOG(WARNING) << "Failed to import intermediate certificates";