Chromium Code Reviews Chromium Code Reviews
Issue 1665433002:
Adds SecurityContext.setTrustedCertificatesBytes (Closed)
Base URL: git@github.com:dart-lang/sdk.git@master| Index: sdk/lib/io/security_context.dart |
| diff --git a/sdk/lib/io/security_context.dart b/sdk/lib/io/security_context.dart |
| index 4675b60048a0fbaefd2478176f73ff7f4c5cdc4b..365a749222b0856c2c6bd566c4c86cdaedf64577 100644 |
| --- a/sdk/lib/io/security_context.dart |
| +++ b/sdk/lib/io/security_context.dart |
| @@ -41,11 +41,8 @@ abstract class SecurityContext { |
| * [keyFile] is a PEM file containing an encrypted |
| * private key, encrypted with [password]. An unencrypted file can be |
| * used, but this is not usual. |
| - * |
| - * The function returns a [Future] that completes when the key has been added |
| - * to the context. |
| */ |
| - Future usePrivateKey(String keyFile, {String password}); |
| + void usePrivateKeySync(String keyFile, {String password}); |
| /** |
| * Sets the private key for a server certificate or client certificate. |
| @@ -62,20 +59,19 @@ abstract class SecurityContext { |
| * Sets the set of trusted X509 certificates used by [SecureSocket] |
| * client connections, when connecting to a secure server. |
| * |
| - * There are two ways to set a set of trusted certificates, with a single |
| - * PEM file, or with a directory containing individual PEM files for |
| - * certificates. |
| - * |
| - * [file] is an optional PEM file containing X509 certificates, usually |
| + * [file] is the path to a PEM file containing X509 certificates, usually |
| * root certificates from certificate authorities. |
| + */ |
| + void setTrustedCertificatesSync(String file); |
| + |
| + /** |
| + * Sets the set of trusted X509 certificates used by [SecureSocket] |
| + * client connections, when connecting to a secure server. |
| * |
| - * [directory] is an optional directory containing PEM files. The directory |
| - * must also have filesystem links added, which link extra filenames based |
| - * on the hash of a certificate's distinguished name (DN) to the file |
| - * containing that certificate. OpenSSL contains a tool called c_rehash |
| - * to create these links in a directory. |
| + * [file] is the contents of a PEM file containing X509 certificates, usually |
| + * root certificates from certificate authorities. |
| */ |
| - void setTrustedCertificates({String file, String directory}); |
| + void setTrustedCertificatesBytes(List<int> certBytes); |
| /** |
| * Sets the chain of X509 certificates served by [SecureServer] |
| @@ -85,11 +81,8 @@ abstract class SecurityContext { |
| * the root authority and intermediate authorities forming the signed |
| * chain to the server certificate, and ending with the server certificate. |
| * The private key for the server certificate is set by [usePrivateKey]. |
| - * |
| - * The function returns a [Future] that completes when the certificate chain |
| - * has been set. |
| */ |
| - Future useCertificateChain(String file); |
| + void useCertificateChainSync(String file); |
| /** |
| * Sets the chain of X509 certificates served by [SecureServer] |
| @@ -109,7 +102,16 @@ abstract class SecurityContext { |
| * client. [file] is a PEM file containing the accepted signing authority |
| * certificates - the authority names are extracted from the certificates. |
| */ |
| - void setClientAuthorities(String file); |
|
kevmoo
2016/02/05 22:26:06
Keep this API around for 1.15 marked as deprecated
zra
2016/02/05 23:10:39
Done.
|
| + void setClientAuthoritiesSync(String file); |
| + |
| + /** |
| + * Sets the list of authority names that a [SecureServer] will advertise |
| + * as accepted, when requesting a client certificate from a connecting |
| + * client. [authCertBytes] is the contents of a PEM file containing the |
| + * accepted signing authority certificates - the authority names are extracted |
| + * from the certificates. |
| + */ |
| + void setClientAuthoritiesBytes(List<int> authCertBytes); |
| /** |
| * Sets the list of application-level protocols supported by a client |
