Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(105)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: remoting/protocol/ssl_hmac_channel_authenticator.cc

Issue 238133002: Don't create CertVerifier in SslHmacChannelAuthenticator (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « remoting/protocol/ssl_hmac_channel_authenticator.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/bind_helpers.h" 8 #include "base/bind_helpers.h"
9 #include "crypto/secure_util.h" 9 #include "crypto/secure_util.h"
10 #include "net/base/host_port_pair.h" 10 #include "net/base/host_port_pair.h"
11 #include "net/base/io_buffer.h" 11 #include "net/base/io_buffer.h"
12 #include "net/base/net_errors.h" 12 #include "net/base/net_errors.h"
13 #include "net/cert/cert_verifier.h"
14 #include "net/cert/x509_certificate.h" 13 #include "net/cert/x509_certificate.h"
15 #include "net/http/transport_security_state.h" 14 #include "net/http/transport_security_state.h"
16 #include "net/socket/client_socket_factory.h" 15 #include "net/socket/client_socket_factory.h"
17 #include "net/socket/client_socket_handle.h" 16 #include "net/socket/client_socket_handle.h"
18 #include "net/socket/ssl_client_socket.h" 17 #include "net/socket/ssl_client_socket.h"
19 #include "net/socket/ssl_server_socket.h" 18 #include "net/socket/ssl_server_socket.h"
20 #include "net/ssl/ssl_config_service.h" 19 #include "net/ssl/ssl_config_service.h"
21 #include "remoting/base/rsa_key_pair.h" 20 #include "remoting/base/rsa_key_pair.h"
22 #include "remoting/protocol/auth_util.h" 21 #include "remoting/protocol/auth_util.h"
23 22
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after
80 net::CreateSSLServerSocket(socket.Pass(), 79 net::CreateSSLServerSocket(socket.Pass(),
81 cert.get(), 80 cert.get(),
82 local_key_pair_->private_key(), 81 local_key_pair_->private_key(),
83 ssl_config); 82 ssl_config);
84 net::SSLServerSocket* raw_server_socket = server_socket.get(); 83 net::SSLServerSocket* raw_server_socket = server_socket.get();
85 socket_ = server_socket.Pass(); 84 socket_ = server_socket.Pass();
86 result = raw_server_socket->Handshake( 85 result = raw_server_socket->Handshake(
87 base::Bind(&SslHmacChannelAuthenticator::OnConnected, 86 base::Bind(&SslHmacChannelAuthenticator::OnConnected,
88 base::Unretained(this))); 87 base::Unretained(this)));
89 } else { 88 } else {
90 cert_verifier_.reset(net::CertVerifier::CreateDefault());
91 transport_security_state_.reset(new net::TransportSecurityState); 89 transport_security_state_.reset(new net::TransportSecurityState);
92 90
93 net::SSLConfig::CertAndStatus cert_and_status; 91 net::SSLConfig::CertAndStatus cert_and_status;
94 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID; 92 cert_and_status.cert_status = net::CERT_STATUS_AUTHORITY_INVALID;
95 cert_and_status.der_cert = remote_cert_; 93 cert_and_status.der_cert = remote_cert_;
96 94
97 net::SSLConfig ssl_config; 95 net::SSLConfig ssl_config;
98 // Certificate verification and revocation checking are not needed 96 // Certificate verification and revocation checking are not needed
99 // because we use self-signed certs. Disable it so that the SSL 97 // because we use self-signed certs. Disable it so that the SSL
100 // layer doesn't try to initialize OCSP (OCSP works only on the IO 98 // layer doesn't try to initialize OCSP (OCSP works only on the IO
101 // thread). 99 // thread).
102 ssl_config.cert_io_enabled = false; 100 ssl_config.cert_io_enabled = false;
103 ssl_config.rev_checking_enabled = false; 101 ssl_config.rev_checking_enabled = false;
104 ssl_config.allowed_bad_certs.push_back(cert_and_status); 102 ssl_config.allowed_bad_certs.push_back(cert_and_status);
105 103
106 net::HostPortPair host_and_port(kSslFakeHostName, 0); 104 net::HostPortPair host_and_port(kSslFakeHostName, 0);
107 net::SSLClientSocketContext context; 105 net::SSLClientSocketContext context;
108 context.cert_verifier = cert_verifier_.get();
109 context.transport_security_state = transport_security_state_.get(); 106 context.transport_security_state = transport_security_state_.get();
110 scoped_ptr<net::ClientSocketHandle> connection(new net::ClientSocketHandle); 107 scoped_ptr<net::ClientSocketHandle> connection(new net::ClientSocketHandle);
111 connection->SetSocket(socket.Pass()); 108 connection->SetSocket(socket.Pass());
112 socket_ = 109 socket_ =
113 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( 110 net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket(
114 connection.Pass(), host_and_port, ssl_config, context); 111 connection.Pass(), host_and_port, ssl_config, context);
115 112
116 result = socket_->Connect( 113 result = socket_->Connect(
117 base::Bind(&SslHmacChannelAuthenticator::OnConnected, 114 base::Bind(&SslHmacChannelAuthenticator::OnConnected,
118 base::Unretained(this))); 115 base::Unretained(this)));
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
270 } 267 }
271 } 268 }
272 269
273 void SslHmacChannelAuthenticator::NotifyError(int error) { 270 void SslHmacChannelAuthenticator::NotifyError(int error) {
274 done_callback_.Run(static_cast<net::Error>(error), 271 done_callback_.Run(static_cast<net::Error>(error),
275 scoped_ptr<net::StreamSocket>()); 272 scoped_ptr<net::StreamSocket>());
276 } 273 }
277 274
278 } // namespace protocol 275 } // namespace protocol
279 } // namespace remoting 276 } // namespace remoting
OLDNEW
« no previous file with comments | « remoting/protocol/ssl_hmac_channel_authenticator.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698