net/socket/ssl_client_socket_openssl.cc - Issue 1474983003: Support for client certs in ssl_server_socket.

Unified Diff: net/socket/ssl_client_socket_openssl.cc

Issue 1474983003: Support for client certs in ssl_server_socket. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixed nits Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_openssl.cc

diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc

index 355fd508ace5afaa4a4a108e48c643476c240555..e70713cf1c0c6ee62b09053e243b65222780e232 100644

--- a/net/socket/ssl_client_socket_openssl.cc

+++ b/net/socket/ssl_client_socket_openssl.cc

@@ -91,64 +91,6 @@ const uint8_t kTbProtocolVersionMinor = 4;

const uint8_t kTbMinProtocolVersionMajor = 0;

const uint8_t kTbMinProtocolVersionMinor = 3;

-void FreeX509Stack(STACK_OF(X509)* ptr) {

- sk_X509_pop_free(ptr, X509_free);

-using ScopedX509Stack = crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>;

-// Used for encoding the |connection_status| field of an SSLInfo object.

-int EncodeSSLConnectionStatus(uint16_t cipher_suite,

- int compression,

- int version) {

- return cipher_suite |

- ((compression & SSL_CONNECTION_COMPRESSION_MASK) <<

- SSL_CONNECTION_COMPRESSION_SHIFT) |

- ((version & SSL_CONNECTION_VERSION_MASK) <<

- SSL_CONNECTION_VERSION_SHIFT);

-// Returns the net SSL version number (see ssl_connection_status_flags.h) for

-// this SSL connection.

-int GetNetSSLVersion(SSL* ssl) {

- switch (SSL_version(ssl)) {

- case TLS1_VERSION:

- return SSL_CONNECTION_VERSION_TLS1;

- case TLS1_1_VERSION:

- return SSL_CONNECTION_VERSION_TLS1_1;

- case TLS1_2_VERSION:

- return SSL_CONNECTION_VERSION_TLS1_2;

- default:

- NOTREACHED();

- return SSL_CONNECTION_VERSION_UNKNOWN;

- }

-ScopedX509 OSCertHandleToOpenSSL(

- X509Certificate::OSCertHandle os_handle) {

-#if defined(USE_OPENSSL_CERTS)

- return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));

-#else // !defined(USE_OPENSSL_CERTS)

- std::string der_encoded;

- if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))

- return ScopedX509();

- const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());

- return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size()));

-#endif // defined(USE_OPENSSL_CERTS)

-ScopedX509Stack OSCertHandlesToOpenSSL(

- const X509Certificate::OSCertHandles& os_handles) {

- ScopedX509Stack stack(sk_X509_new_null());

- for (size_t i = 0; i < os_handles.size(); i++) {

- ScopedX509 x509 = OSCertHandleToOpenSSL(os_handles[i]);

- if (!x509)

- return ScopedX509Stack();

- sk_X509_push(stack.get(), x509.release());

- }

- return stack;

bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {

switch (EVP_MD_type(md)) {

case NID_md5_sha1:

@@ -845,9 +787,11 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {

ssl_info->key_exchange_info =

SSL_SESSION_get_key_exchange_info(SSL_get_session(ssl_));

- ssl_info->connection_status = EncodeSSLConnectionStatus(

- static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)), 0 /* no compression */,

- GetNetSSLVersion(ssl_));

+ SSLConnectionStatusSetCipherSuite(

+ static_cast<uint16_t>(SSL_CIPHER_get_id(cipher)),

+ &ssl_info->connection_status);

+ SSLConnectionStatusSetVersion(GetNetSSLVersion(ssl_),

+ &ssl_info->connection_status);

if (!SSL_get_secure_renegotiation_support(ssl_))

ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;

« no previous file with comments | « net/net.gypi ('k') | net/socket/ssl_server_socket_nss.h » ('j') | no next file with comments »