OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_server_socket_nss.h" | 5 #include "net/socket/ssl_server_socket_nss.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <winsock2.h> | 8 #include <winsock2.h> |
9 #endif | 9 #endif |
10 | 10 |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
101 user_read_buf_len_(0), | 101 user_read_buf_len_(0), |
102 user_write_buf_len_(0), | 102 user_write_buf_len_(0), |
103 nss_fd_(NULL), | 103 nss_fd_(NULL), |
104 nss_bufs_(NULL), | 104 nss_bufs_(NULL), |
105 transport_socket_(transport_socket.Pass()), | 105 transport_socket_(transport_socket.Pass()), |
106 ssl_config_(ssl_config), | 106 ssl_config_(ssl_config), |
107 cert_(cert), | 107 cert_(cert), |
108 next_handshake_state_(STATE_NONE), | 108 next_handshake_state_(STATE_NONE), |
109 completed_handshake_(false) { | 109 completed_handshake_(false) { |
110 // TODO(hclam): Need a better way to clone a key. | 110 // TODO(hclam): Need a better way to clone a key. |
111 std::vector<uint8> key_bytes; | 111 std::vector<uint8_t> key_bytes; |
112 CHECK(key->ExportPrivateKey(&key_bytes)); | 112 CHECK(key->ExportPrivateKey(&key_bytes)); |
113 key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); | 113 key_.reset(crypto::RSAPrivateKey::CreateFromPrivateKeyInfo(key_bytes)); |
114 CHECK(key_.get()); | 114 CHECK(key_.get()); |
115 } | 115 } |
116 | 116 |
117 SSLServerSocketNSS::~SSLServerSocketNSS() { | 117 SSLServerSocketNSS::~SSLServerSocketNSS() { |
118 if (nss_fd_ != NULL) { | 118 if (nss_fd_ != NULL) { |
119 PR_Close(nss_fd_); | 119 PR_Close(nss_fd_); |
120 nss_fd_ = NULL; | 120 nss_fd_ = NULL; |
121 } | 121 } |
(...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
232 | 232 |
233 if (rv == ERR_IO_PENDING) { | 233 if (rv == ERR_IO_PENDING) { |
234 user_write_callback_ = callback; | 234 user_write_callback_ = callback; |
235 } else { | 235 } else { |
236 user_write_buf_ = NULL; | 236 user_write_buf_ = NULL; |
237 user_write_buf_len_ = 0; | 237 user_write_buf_len_ = 0; |
238 } | 238 } |
239 return rv; | 239 return rv; |
240 } | 240 } |
241 | 241 |
242 int SSLServerSocketNSS::SetReceiveBufferSize(int32 size) { | 242 int SSLServerSocketNSS::SetReceiveBufferSize(int32_t size) { |
243 return transport_socket_->SetReceiveBufferSize(size); | 243 return transport_socket_->SetReceiveBufferSize(size); |
244 } | 244 } |
245 | 245 |
246 int SSLServerSocketNSS::SetSendBufferSize(int32 size) { | 246 int SSLServerSocketNSS::SetSendBufferSize(int32_t size) { |
247 return transport_socket_->SetSendBufferSize(size); | 247 return transport_socket_->SetSendBufferSize(size); |
248 } | 248 } |
249 | 249 |
250 bool SSLServerSocketNSS::IsConnected() const { | 250 bool SSLServerSocketNSS::IsConnected() const { |
251 // TODO(wtc): Find out if we should check transport_socket_->IsConnected() | 251 // TODO(wtc): Find out if we should check transport_socket_->IsConnected() |
252 // as well. | 252 // as well. |
253 return completed_handshake_; | 253 return completed_handshake_; |
254 } | 254 } |
255 | 255 |
256 void SSLServerSocketNSS::Disconnect() { | 256 void SSLServerSocketNSS::Disconnect() { |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
377 SSLCipherSuiteInfo info; | 377 SSLCipherSuiteInfo info; |
378 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) == | 378 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) == |
379 SECSuccess) { | 379 SECSuccess) { |
380 if (strcmp(info.keaTypeName, "ECDHE") != 0) { | 380 if (strcmp(info.keaTypeName, "ECDHE") != 0) { |
381 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); | 381 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); |
382 } | 382 } |
383 } | 383 } |
384 } | 384 } |
385 } | 385 } |
386 | 386 |
387 for (std::vector<uint16>::const_iterator it = | 387 for (std::vector<uint16_t>::const_iterator it = |
388 ssl_config_.disabled_cipher_suites.begin(); | 388 ssl_config_.disabled_cipher_suites.begin(); |
389 it != ssl_config_.disabled_cipher_suites.end(); ++it) { | 389 it != ssl_config_.disabled_cipher_suites.end(); ++it) { |
390 // This will fail if the specified cipher is not implemented by NSS, but | 390 // This will fail if the specified cipher is not implemented by NSS, but |
391 // the failure is harmless. | 391 // the failure is harmless. |
392 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | 392 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); |
393 } | 393 } |
394 | 394 |
395 // Server socket doesn't need session tickets. | 395 // Server socket doesn't need session tickets. |
396 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_FALSE); | 396 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_FALSE); |
397 if (rv != SECSuccess) { | 397 if (rv != SECSuccess) { |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
449 | 449 |
450 // Parse into a CERTCertificate structure. | 450 // Parse into a CERTCertificate structure. |
451 CERTCertificate* cert = CERT_NewTempCertificate( | 451 CERTCertificate* cert = CERT_NewTempCertificate( |
452 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); | 452 CERT_GetDefaultCertDB(), &der_cert, NULL, PR_FALSE, PR_TRUE); |
453 if (!cert) { | 453 if (!cert) { |
454 LogFailedNSSFunction(net_log_, "CERT_NewTempCertificate", ""); | 454 LogFailedNSSFunction(net_log_, "CERT_NewTempCertificate", ""); |
455 return MapNSSError(PORT_GetError()); | 455 return MapNSSError(PORT_GetError()); |
456 } | 456 } |
457 | 457 |
458 // Get a key of SECKEYPrivateKey* structure. | 458 // Get a key of SECKEYPrivateKey* structure. |
459 std::vector<uint8> key_vector; | 459 std::vector<uint8_t> key_vector; |
460 if (!key_->ExportPrivateKey(&key_vector)) { | 460 if (!key_->ExportPrivateKey(&key_vector)) { |
461 CERT_DestroyCertificate(cert); | 461 CERT_DestroyCertificate(cert); |
462 return ERR_UNEXPECTED; | 462 return ERR_UNEXPECTED; |
463 } | 463 } |
464 | 464 |
465 SECKEYPrivateKeyStr* private_key = NULL; | 465 SECKEYPrivateKeyStr* private_key = NULL; |
466 PK11SlotInfo* slot = PK11_GetInternalSlot(); | 466 PK11SlotInfo* slot = PK11_GetInternalSlot(); |
467 if (!slot) { | 467 if (!slot) { |
468 CERT_DestroyCertificate(cert); | 468 CERT_DestroyCertificate(cert); |
469 return ERR_UNEXPECTED; | 469 return ERR_UNEXPECTED; |
(...skipping 378 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
848 // initializes the NSS base library. | 848 // initializes the NSS base library. |
849 EnsureNSSSSLInit(); | 849 EnsureNSSSSLInit(); |
850 if (!NSS_IsInitialized()) | 850 if (!NSS_IsInitialized()) |
851 return ERR_UNEXPECTED; | 851 return ERR_UNEXPECTED; |
852 | 852 |
853 EnableSSLServerSockets(); | 853 EnableSSLServerSockets(); |
854 return OK; | 854 return OK; |
855 } | 855 } |
856 | 856 |
857 } // namespace net | 857 } // namespace net |
OLD | NEW |