OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "base/memory/weak_ptr.h" | 12 #include "base/memory/weak_ptr.h" |
13 #include "net/base/completion_callback.h" | 13 #include "net/base/completion_callback.h" |
14 #include "net/base/io_buffer.h" | 14 #include "net/base/io_buffer.h" |
15 #include "net/cert/cert_verify_result.h" | 15 #include "net/cert/cert_verify_result.h" |
16 #include "net/socket/client_socket_handle.h" | 16 #include "net/socket/client_socket_handle.h" |
17 #include "net/socket/ssl_client_socket.h" | 17 #include "net/socket/ssl_client_socket.h" |
18 #include "net/ssl/server_bound_cert_service.h" | 18 #include "net/ssl/server_bound_cert_service.h" |
19 #include "net/ssl/ssl_config_service.h" | 19 #include "net/ssl/ssl_config_service.h" |
20 | 20 |
21 // Avoid including misc OpenSSL headers, i.e.: | 21 // Avoid including misc OpenSSL headers, i.e.: |
22 // <openssl/bio.h> | 22 // <openssl/bio.h> |
23 typedef struct bio_st BIO; | 23 typedef struct bio_st BIO; |
24 // <openssl/evp.h> | 24 // <openssl/evp.h> |
25 typedef struct evp_pkey_st EVP_PKEY; | 25 typedef struct evp_pkey_st EVP_PKEY; |
26 // <openssl/ssl.h> | 26 // <openssl/ssl.h> |
27 typedef struct ssl_st SSL; | 27 typedef struct ssl_st SSL; |
28 // <openssl/x509.h> | 28 // <openssl/x509.h> |
29 typedef struct x509_st X509; | 29 typedef struct x509_st X509; |
30 // <openssl/ossl_type.h> | |
31 typedef struct x509_store_ctx_st X509_STORE_CTX; | |
30 | 32 |
31 namespace net { | 33 namespace net { |
32 | 34 |
33 class CertVerifier; | 35 class CertVerifier; |
34 class SingleRequestCertVerifier; | 36 class SingleRequestCertVerifier; |
35 class SSLCertRequestInfo; | 37 class SSLCertRequestInfo; |
36 class SSLInfo; | 38 class SSLInfo; |
37 | 39 |
38 // An SSL client socket implemented with OpenSSL. | 40 // An SSL client socket implemented with OpenSSL. |
39 class SSLClientSocketOpenSSL : public SSLClientSocket { | 41 class SSLClientSocketOpenSSL : public SSLClientSocket { |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
124 int TransportReadComplete(int result); | 126 int TransportReadComplete(int result); |
125 | 127 |
126 // Callback from the SSL layer that indicates the remote server is requesting | 128 // Callback from the SSL layer that indicates the remote server is requesting |
127 // a certificate for this client. | 129 // a certificate for this client. |
128 int ClientCertRequestCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey); | 130 int ClientCertRequestCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey); |
129 | 131 |
130 // Callback from the SSL layer that indicates the remote server supports TLS | 132 // Callback from the SSL layer that indicates the remote server supports TLS |
131 // Channel IDs. | 133 // Channel IDs. |
132 void ChannelIDRequestCallback(SSL* ssl, EVP_PKEY** pkey); | 134 void ChannelIDRequestCallback(SSL* ssl, EVP_PKEY** pkey); |
133 | 135 |
136 // CertificateCallback is called to verify the server's certificates. We do | |
137 // verification after the handshake so this function only enforces that the | |
138 // certificates don't change during renegotiation. | |
139 int CertificateCallback(X509_STORE_CTX *store_ctx); | |
wtc
2014/02/27 22:12:07
Nit: rename this function "VerifyCertCallback".
agl
2014/02/27 22:31:23
Done.
| |
140 | |
134 // Callback from the SSL layer to check which NPN protocol we are supporting | 141 // Callback from the SSL layer to check which NPN protocol we are supporting |
135 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, | 142 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, |
136 const unsigned char* in, unsigned int inlen); | 143 const unsigned char* in, unsigned int inlen); |
137 | 144 |
138 bool transport_send_busy_; | 145 bool transport_send_busy_; |
139 bool transport_recv_busy_; | 146 bool transport_recv_busy_; |
140 bool transport_recv_eof_; | 147 bool transport_recv_eof_; |
141 | 148 |
142 scoped_refptr<DrainableIOBuffer> send_buffer_; | 149 scoped_refptr<DrainableIOBuffer> send_buffer_; |
143 scoped_refptr<IOBuffer> recv_buffer_; | 150 scoped_refptr<IOBuffer> recv_buffer_; |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
219 // True if channel ID extension was negotiated. | 226 // True if channel ID extension was negotiated. |
220 bool channel_id_xtn_negotiated_; | 227 bool channel_id_xtn_negotiated_; |
221 // The request handle for |server_bound_cert_service_|. | 228 // The request handle for |server_bound_cert_service_|. |
222 ServerBoundCertService::RequestHandle channel_id_request_handle_; | 229 ServerBoundCertService::RequestHandle channel_id_request_handle_; |
223 BoundNetLog net_log_; | 230 BoundNetLog net_log_; |
224 }; | 231 }; |
225 | 232 |
226 } // namespace net | 233 } // namespace net |
227 | 234 |
228 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 235 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
OLD | NEW |