| Index: net/socket/ssl_client_socket_openssl.h
|
| diff --git a/net/socket/ssl_client_socket_openssl.h b/net/socket/ssl_client_socket_openssl.h
|
| index 5f4800a08de3ee71114e706e43dfae353f0fb23a..0fc9cbe2ad897cf42c590858ba2e1b44cf0e0294 100644
|
| --- a/net/socket/ssl_client_socket_openssl.h
|
| +++ b/net/socket/ssl_client_socket_openssl.h
|
| @@ -27,6 +27,8 @@ typedef struct evp_pkey_st EVP_PKEY;
|
| typedef struct ssl_st SSL;
|
| // <openssl/x509.h>
|
| typedef struct x509_st X509;
|
| +// <openssl/ossl_type.h>
|
| +typedef struct x509_store_ctx_st X509_STORE_CTX;
|
|
|
| namespace net {
|
|
|
| @@ -131,6 +133,11 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
|
| // Channel IDs.
|
| void ChannelIDRequestCallback(SSL* ssl, EVP_PKEY** pkey);
|
|
|
| + // CertVerifyCallback is called to verify the server's certificates. We do
|
| + // verification after the handshake so this function only enforces that the
|
| + // certificates don't change during renegotiation.
|
| + int CertVerifyCallback(X509_STORE_CTX *store_ctx);
|
| +
|
| // Callback from the SSL layer to check which NPN protocol we are supporting
|
| int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen,
|
| const unsigned char* in, unsigned int inlen);
|
|
|
Chromium Code Reviews
Issue 177143004:
OpenSSL: don't allow the server certificate to change during renegotiation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src