| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "extensions/browser/api/socket/tls_socket.h" | 5 #include "extensions/browser/api/socket/tls_socket.h" |
| 6 | 6 |
| 7 #include <utility> | 7 #include <utility> |
| 8 | 8 |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 174 Socket::SocketType TLSSocket::GetSocketType() const { | 174 Socket::SocketType TLSSocket::GetSocketType() const { |
| 175 return Socket::TYPE_TLS; | 175 return Socket::TYPE_TLS; |
| 176 } | 176 } |
| 177 | 177 |
| 178 // static | 178 // static |
| 179 void TLSSocket::UpgradeSocketToTLS( | 179 void TLSSocket::UpgradeSocketToTLS( |
| 180 Socket* socket, | 180 Socket* socket, |
| 181 scoped_refptr<net::SSLConfigService> ssl_config_service, | 181 scoped_refptr<net::SSLConfigService> ssl_config_service, |
| 182 net::CertVerifier* cert_verifier, | 182 net::CertVerifier* cert_verifier, |
| 183 net::TransportSecurityState* transport_security_state, | 183 net::TransportSecurityState* transport_security_state, |
| 184 net::CTVerifier* ct_verifier, |
| 185 net::CTPolicyEnforcer* ct_policy_enforcer, |
| 184 const std::string& extension_id, | 186 const std::string& extension_id, |
| 185 api::socket::SecureOptions* options, | 187 api::socket::SecureOptions* options, |
| 186 const TLSSocket::SecureCallback& callback) { | 188 const TLSSocket::SecureCallback& callback) { |
| 187 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); | 189 DCHECK_CURRENTLY_ON(content::BrowserThread::IO); |
| 188 TCPSocket* tcp_socket = static_cast<TCPSocket*>(socket); | 190 TCPSocket* tcp_socket = static_cast<TCPSocket*>(socket); |
| 189 std::unique_ptr<net::SSLClientSocket> null_sock; | 191 std::unique_ptr<net::SSLClientSocket> null_sock; |
| 190 | 192 |
| 191 if (!tcp_socket || tcp_socket->GetSocketType() != Socket::TYPE_TCP || | 193 if (!tcp_socket || tcp_socket->GetSocketType() != Socket::TYPE_TCP || |
| 192 !tcp_socket->ClientStream() || !tcp_socket->IsConnected() || | 194 !tcp_socket->ClientStream() || !tcp_socket->IsConnected() || |
| 193 tcp_socket->HasPendingRead()) { | 195 tcp_socket->HasPendingRead()) { |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 234 // only one active here). Then have the old socket release ownership on | 236 // only one active here). Then have the old socket release ownership on |
| 235 // that client stream. | 237 // that client stream. |
| 236 socket_handle->SetSocket( | 238 socket_handle->SetSocket( |
| 237 std::unique_ptr<net::StreamSocket>(tcp_socket->ClientStream())); | 239 std::unique_ptr<net::StreamSocket>(tcp_socket->ClientStream())); |
| 238 tcp_socket->Release(); | 240 tcp_socket->Release(); |
| 239 | 241 |
| 240 DCHECK(transport_security_state); | 242 DCHECK(transport_security_state); |
| 241 net::SSLClientSocketContext context; | 243 net::SSLClientSocketContext context; |
| 242 context.cert_verifier = cert_verifier; | 244 context.cert_verifier = cert_verifier; |
| 243 context.transport_security_state = transport_security_state; | 245 context.transport_security_state = transport_security_state; |
| 246 context.cert_transparency_verifier = ct_verifier; |
| 247 context.ct_policy_enforcer = ct_policy_enforcer; |
| 244 | 248 |
| 245 // Fill in the SSL socket params. | 249 // Fill in the SSL socket params. |
| 246 net::SSLConfig ssl_config; | 250 net::SSLConfig ssl_config; |
| 247 ssl_config_service->GetSSLConfig(&ssl_config); | 251 ssl_config_service->GetSSLConfig(&ssl_config); |
| 248 if (options && options->tls_version.get()) { | 252 if (options && options->tls_version.get()) { |
| 249 uint16_t version_min = 0, version_max = 0; | 253 uint16_t version_min = 0, version_max = 0; |
| 250 api::socket::TLSVersionConstraints* versions = options->tls_version.get(); | 254 api::socket::TLSVersionConstraints* versions = options->tls_version.get(); |
| 251 if (versions->min.get()) { | 255 if (versions->min.get()) { |
| 252 version_min = SSLProtocolVersionFromString(*versions->min.get()); | 256 version_min = SSLProtocolVersionFromString(*versions->min.get()); |
| 253 } | 257 } |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 299 if (status != net::OK) { | 303 if (status != net::OK) { |
| 300 DVLOG(1) << "Status is not OK or IO-pending: " | 304 DVLOG(1) << "Status is not OK or IO-pending: " |
| 301 << net::ErrorToString(status); | 305 << net::ErrorToString(status); |
| 302 } | 306 } |
| 303 connect_cb.Run(status); | 307 connect_cb.Run(status); |
| 304 } | 308 } |
| 305 } | 309 } |
| 306 | 310 |
| 307 } // namespace extensions | 311 } // namespace extensions |
| 308 | 312 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2067843003:
Require a CTVerifier and CTPolicyEnforcer for TLS/QUIC sockets (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master