Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(211)

Unified Diff: net/socket/ssl_client_socket_openssl.cc

Issue 206453002: Introduce USE_OPENSSL_CERTS for certificate handling. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index d04670fc14fcab9b1e7465a3525886b6b798b03a..3c4ef3da29df4750d32d7fe5c5ac9655d1dd8b70 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -386,7 +386,7 @@ SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
return *this;
}
-#if defined(USE_OPENSSL)
+#if defined(USE_OPENSSL_CERTS) || defined(OS_ANDROID)
// When OSCertHandle is typedef'ed to X509, this implementation does a short cut
// to avoid converting back and forth between der and X509 struct.
void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(SSL* ssl) {
@@ -417,7 +417,7 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(SSL* ssl) {
CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
}
}
-#else // !defined(USE_OPENSSL)
+#else // !defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(SSL* ssl) {
openssl_chain_.reset(NULL);
os_chain_ = NULL;
@@ -458,7 +458,7 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(SSL* ssl) {
os_chain_ = NULL;
}
}
-#endif // USE_OPENSSL
+#endif // defined(USE_OPENSSL_CERTS) || defined(OS_ANDROID)
// static
SSLSessionCacheOpenSSL::Config
@@ -474,7 +474,9 @@ void SSLClientSocket::ClearSessionCache() {
SSLClientSocketOpenSSL::SSLContext* context =
SSLClientSocketOpenSSL::SSLContext::GetInstance();
context->session_cache()->Flush();
+#if defined(USE_OPENSSL_CERTS) || defined(OS_ANDROID)
OpenSSLClientKeyStore::GetInstance()->Flush();
+#endif
}
SSLClientSocketOpenSSL::SSLClientSocketOpenSSL(
@@ -1413,7 +1415,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
DCHECK(ssl == ssl_);
DCHECK(*x509 == NULL);
DCHECK(*pkey == NULL);
-
+#if defined(USE_OPENSSL_CERTS) || defined(OS_ANDROID)
if (!ssl_config_.send_client_cert) {
// First pass: we know that a client certificate is needed, but we do not
// have one at hand.
@@ -1450,6 +1452,10 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
}
LOG(WARNING) << "Client cert found without private key";
}
+#else // !defined(USE_OPENSSL_CERTS) && !defined(OS_ANDROID)
+ // OS handling of client certificates is not yet implemented.
+ NOTIMPLEMENTED();
+#endif // defined(USE_OPENSSL_CERTS) || defined(OS_ANDROID)
// Send no client certificate.
return 0;

Powered by Google App Engine
This is Rietveld 408576698