Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1942)

Unified Diff: net/socket/ssl_client_socket_openssl.h

Issue 177143004: OpenSSL: don't allow the server certificate to change during renegotiation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 6 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_openssl.h
diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
index 5f4800a08de3ee71114e706e43dfae353f0fb23a..916903eb3df0daf1433363b26b5fe289c0dde8c6 100644
--- a/net/socket/ssl_client_socket_openssl.h
+++ b/net/socket/ssl_client_socket_openssl.h
@@ -27,6 +27,8 @@ typedef struct evp_pkey_st EVP_PKEY;
typedef struct ssl_st SSL;
// <openssl/x509.h>
typedef struct x509_st X509;
+// <openssl/ossl_type.h>
+typedef struct x509_store_ctx_st X509_STORE_CTX;
namespace net {
@@ -131,6 +133,11 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
// Channel IDs.
void ChannelIDRequestCallback(SSL* ssl, EVP_PKEY** pkey);
+ // CertificateCallback is called to verify the server's certificates. We do
+ // verification after the handshake so this function only enforces that the
+ // certificates don't change during renegotiation.
+ int CertificateCallback(X509_STORE_CTX *store_ctx);
wtc 2014/02/27 22:12:07 Nit: rename this function "VerifyCertCallback".
agl 2014/02/27 22:31:23 Done.
+
// Callback from the SSL layer to check which NPN protocol we are supporting
int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen,
const unsigned char* in, unsigned int inlen);
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698