Chromium Code Reviews Chromium Code Reviews
Issue 173853014:
Make OpenSSL UpdateServerCert() OS independent. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| (...skipping 13 matching lines...) Expand all Loading... | |
| 24 // <openssl/evp.h> | 24 // <openssl/evp.h> |
| 25 typedef struct evp_pkey_st EVP_PKEY; | 25 typedef struct evp_pkey_st EVP_PKEY; |
| 26 // <openssl/ssl.h> | 26 // <openssl/ssl.h> |
| 27 typedef struct ssl_st SSL; | 27 typedef struct ssl_st SSL; |
| 28 // <openssl/x509.h> | 28 // <openssl/x509.h> |
| 29 typedef struct x509_st X509; | 29 typedef struct x509_st X509; |
| 30 | 30 |
| 31 namespace net { | 31 namespace net { |
| 32 | 32 |
| 33 class CertVerifier; | 33 class CertVerifier; |
| 34 class PeerCertificateChain; | |
|
wtc
2014/03/10 21:45:34
This class is in the net namespace and is defined
haavardm
2014/03/11 18:43:21
Done.
| |
| 34 class SingleRequestCertVerifier; | 35 class SingleRequestCertVerifier; |
| 35 class SSLCertRequestInfo; | 36 class SSLCertRequestInfo; |
| 36 class SSLInfo; | 37 class SSLInfo; |
| 37 | 38 |
| 38 // An SSL client socket implemented with OpenSSL. | 39 // An SSL client socket implemented with OpenSSL. |
| 39 class SSLClientSocketOpenSSL : public SSLClientSocket { | 40 class SSLClientSocketOpenSSL : public SSLClientSocket { |
| 40 public: | 41 public: |
| 41 // Takes ownership of the transport_socket, which may already be connected. | 42 // Takes ownership of the transport_socket, which may already be connected. |
| 42 // The given hostname will be compared with the name(s) in the server's | 43 // The given hostname will be compared with the name(s) in the server's |
| 43 // certificate during the SSL handshake. ssl_config specifies the SSL | 44 // certificate during the SSL handshake. ssl_config specifies the SSL |
| 44 // settings. | 45 // settings. |
| 45 SSLClientSocketOpenSSL(scoped_ptr<ClientSocketHandle> transport_socket, | 46 SSLClientSocketOpenSSL(scoped_ptr<ClientSocketHandle> transport_socket, |
| 46 const HostPortPair& host_and_port, | 47 const HostPortPair& host_and_port, |
| 47 const SSLConfig& ssl_config, | 48 const SSLConfig& ssl_config, |
| 48 const SSLClientSocketContext& context); | 49 const SSLClientSocketContext& context); |
| 49 virtual ~SSLClientSocketOpenSSL(); | 50 virtual ~SSLClientSocketOpenSSL(); |
| 50 | 51 |
| 51 const HostPortPair& host_and_port() const { return host_and_port_; } | 52 const HostPortPair& host_and_port() const { return host_and_port_; } |
| 52 const std::string& ssl_session_cache_shard() const { | 53 const std::string& ssl_session_cache_shard() const { |
| 53 return ssl_session_cache_shard_; | 54 return ssl_session_cache_shard_; |
| 54 } | 55 } |
| 55 | 56 |
| 56 // SSLClientSocket implementation. | 57 // SSLClientSocket implementation. |
| 57 virtual void GetSSLCertRequestInfo( | 58 virtual void GetSSLCertRequestInfo( |
| 58 SSLCertRequestInfo* cert_request_info) OVERRIDE; | 59 SSLCertRequestInfo* cert_request_info) OVERRIDE; |
| 59 virtual NextProtoStatus GetNextProto(std::string* proto, | 60 virtual NextProtoStatus GetNextProto(std::string* proto, |
| 60 std::string* server_protos) OVERRIDE; | 61 std::string* server_protos) OVERRIDE; |
| 61 virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; | 62 virtual ServerBoundCertService* GetServerBoundCertService() const OVERRIDE; |
| 63 // For unit testing only. | |
| 64 virtual const scoped_refptr<X509Certificate> GetUnverifiedServerCertificate() | |
|
wtc
2014/03/10 21:45:34
Here you list the method under an "SSLClientSocket
Ryan Sleevi
2014/03/11 00:15:15
Yeah, not a fan of exposing this publicly.
haavardm
2014/03/11 18:43:21
Done.
| |
| 65 const OVERRIDE; | |
| 62 | 66 |
| 63 // SSLSocket implementation. | 67 // SSLSocket implementation. |
| 64 virtual int ExportKeyingMaterial(const base::StringPiece& label, | 68 virtual int ExportKeyingMaterial(const base::StringPiece& label, |
| 65 bool has_context, | 69 bool has_context, |
| 66 const base::StringPiece& context, | 70 const base::StringPiece& context, |
| 67 unsigned char* out, | 71 unsigned char* out, |
| 68 unsigned int outlen) OVERRIDE; | 72 unsigned int outlen) OVERRIDE; |
| 69 virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; | 73 virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; |
| 70 | 74 |
| 71 // StreamSocket implementation. | 75 // StreamSocket implementation. |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 162 // the result to return on the *next* call to DoPayloadRead(). A value > 0 | 166 // the result to return on the *next* call to DoPayloadRead(). A value > 0 |
| 163 // indicates there is no pending result, otherwise 0 indicates EOF and < 0 | 167 // indicates there is no pending result, otherwise 0 indicates EOF and < 0 |
| 164 // indicates an error. | 168 // indicates an error. |
| 165 int pending_read_error_; | 169 int pending_read_error_; |
| 166 | 170 |
| 167 // Used by TransportWriteComplete() and TransportReadComplete() to signify an | 171 // Used by TransportWriteComplete() and TransportReadComplete() to signify an |
| 168 // error writing to the transport socket. A value of OK indicates no error. | 172 // error writing to the transport socket. A value of OK indicates no error. |
| 169 int transport_write_error_; | 173 int transport_write_error_; |
| 170 | 174 |
| 171 // Set when handshake finishes. | 175 // Set when handshake finishes. |
| 176 scoped_ptr<PeerCertificateChain> server_cert_chain_; | |
| 172 scoped_refptr<X509Certificate> server_cert_; | 177 scoped_refptr<X509Certificate> server_cert_; |
| 173 CertVerifyResult server_cert_verify_result_; | 178 CertVerifyResult server_cert_verify_result_; |
| 174 bool completed_handshake_; | 179 bool completed_handshake_; |
| 175 | 180 |
| 176 // Stores client authentication information between ClientAuthHandler and | 181 // Stores client authentication information between ClientAuthHandler and |
| 177 // GetSSLCertRequestInfo calls. | 182 // GetSSLCertRequestInfo calls. |
| 178 bool client_auth_cert_needed_; | 183 bool client_auth_cert_needed_; |
| 179 // List of DER-encoded X.509 DistinguishedName of certificate authorities | 184 // List of DER-encoded X.509 DistinguishedName of certificate authorities |
| 180 // allowed by the server. | 185 // allowed by the server. |
| 181 std::vector<std::string> cert_authorities_; | 186 std::vector<std::string> cert_authorities_; |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 219 // True if channel ID extension was negotiated. | 224 // True if channel ID extension was negotiated. |
| 220 bool channel_id_xtn_negotiated_; | 225 bool channel_id_xtn_negotiated_; |
| 221 // The request handle for |server_bound_cert_service_|. | 226 // The request handle for |server_bound_cert_service_|. |
| 222 ServerBoundCertService::RequestHandle channel_id_request_handle_; | 227 ServerBoundCertService::RequestHandle channel_id_request_handle_; |
| 223 BoundNetLog net_log_; | 228 BoundNetLog net_log_; |
| 224 }; | 229 }; |
| 225 | 230 |
| 226 } // namespace net | 231 } // namespace net |
| 227 | 232 |
| 228 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 233 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| OLD | NEW |
