| OLD | NEW |
|---|
| 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED) | 5 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED) |
| 6 | 6 |
| 7 #include "platform/globals.h" | 7 #include "platform/globals.h" |
| 8 #if defined(TARGET_OS_ANDROID) || defined(TARGET_OS_LINUX) || \ | 8 #if defined(TARGET_OS_ANDROID) || defined(TARGET_OS_LINUX) || \ |
| 9 defined(TARGET_OS_WINDOWS) | 9 defined(TARGET_OS_WINDOWS) || defined(TARGET_OS_FUCHSIA) |
| 10 | 10 |
| 11 #include "bin/secure_socket.h" | 11 #include "bin/secure_socket.h" |
| 12 #include "bin/secure_socket_boringssl.h" | 12 #include "bin/secure_socket_boringssl.h" |
| 13 | 13 |
| 14 #include <errno.h> | 14 #include <errno.h> |
| 15 #include <fcntl.h> | 15 #include <fcntl.h> |
| 16 #include <stdio.h> | 16 #include <stdio.h> |
| 17 #include <string.h> | 17 #include <string.h> |
| 18 #include <sys/stat.h> | 18 #include <sys/stat.h> |
| 19 | 19 |
| (...skipping 739 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 759 } | 759 } |
| 760 | 760 |
| 761 | 761 |
| 762 void FUNCTION_NAME(SecurityContext_AlpnSupported)(Dart_NativeArguments args) { | 762 void FUNCTION_NAME(SecurityContext_AlpnSupported)(Dart_NativeArguments args) { |
| 763 Dart_SetReturnValue(args, Dart_NewBoolean(true)); | 763 Dart_SetReturnValue(args, Dart_NewBoolean(true)); |
| 764 } | 764 } |
| 765 | 765 |
| 766 | 766 |
| 767 static void AddCompiledInCerts(SSLContext* context) { | 767 static void AddCompiledInCerts(SSLContext* context) { |
| 768 if (root_certificates_pem == NULL) { | 768 if (root_certificates_pem == NULL) { |
| 769 if (SSL_LOG_STATUS) { |
| 770 Log::Print("Missing compiled-in roots\n"); |
| 771 } |
| 769 return; | 772 return; |
| 770 } | 773 } |
| 771 X509_STORE* store = SSL_CTX_get_cert_store(context->context()); | 774 X509_STORE* store = SSL_CTX_get_cert_store(context->context()); |
| 772 BIO* roots_bio = | 775 BIO* roots_bio = |
| 773 BIO_new_mem_buf(const_cast<unsigned char*>(root_certificates_pem), | 776 BIO_new_mem_buf(const_cast<unsigned char*>(root_certificates_pem), |
| 774 root_certificates_pem_length); | 777 root_certificates_pem_length); |
| 775 X509* root_cert; | 778 X509* root_cert; |
| 776 // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case, | 779 // PEM_read_bio_X509 reads PEM-encoded certificates from a bio (in our case, |
| 777 // backed by a memory buffer), and returns X509 objects, one by one. | 780 // backed by a memory buffer), and returns X509 objects, one by one. |
| 778 // When the end of the bio is reached, it returns null. | 781 // When the end of the bio is reached, it returns null. |
| (...skipping 14 matching lines...) Expand all Loading... |
| 793 | 796 |
| 794 | 797 |
| 795 static void LoadRootCertFile(SSLContext* context, const char* file) { | 798 static void LoadRootCertFile(SSLContext* context, const char* file) { |
| 796 if (SSL_LOG_STATUS) { | 799 if (SSL_LOG_STATUS) { |
| 797 Log::Print("Looking for trusted roots in %s\n", file); | 800 Log::Print("Looking for trusted roots in %s\n", file); |
| 798 } | 801 } |
| 799 if (!File::Exists(file)) { | 802 if (!File::Exists(file)) { |
| 800 ThrowIOException(-1, "TlsException", "Failed to find root cert file"); | 803 ThrowIOException(-1, "TlsException", "Failed to find root cert file"); |
| 801 } | 804 } |
| 802 int status = SSL_CTX_load_verify_locations(context->context(), file, NULL); | 805 int status = SSL_CTX_load_verify_locations(context->context(), file, NULL); |
| 803 CheckStatus(status, "TlsException", "Failure trusting builtint roots"); | 806 CheckStatus(status, "TlsException", "Failure trusting builtin roots"); |
| 804 if (SSL_LOG_STATUS) { | 807 if (SSL_LOG_STATUS) { |
| 805 Log::Print("Trusting roots from: %s\n", file); | 808 Log::Print("Trusting roots from: %s\n", file); |
| 806 } | 809 } |
| 807 } | 810 } |
| 808 | 811 |
| 809 | 812 |
| 810 static void LoadRootCertCache(SSLContext* context, const char* cache) { | 813 static void LoadRootCertCache(SSLContext* context, const char* cache) { |
| 811 if (SSL_LOG_STATUS) { | 814 if (SSL_LOG_STATUS) { |
| 812 Log::Print("Looking for trusted roots in %s\n", cache); | 815 Log::Print("Looking for trusted roots in %s\n", cache); |
| 813 } | 816 } |
| 814 if (Directory::Exists(cache) != Directory::EXISTS) { | 817 if (Directory::Exists(cache) != Directory::EXISTS) { |
| 815 ThrowIOException(-1, "TlsException", "Failed to find root cert cache"); | 818 ThrowIOException(-1, "TlsException", "Failed to find root cert cache"); |
| 816 } | 819 } |
| 817 int status = SSL_CTX_load_verify_locations(context->context(), NULL, cache); | 820 int status = SSL_CTX_load_verify_locations(context->context(), NULL, cache); |
| 818 CheckStatus(status, "TlsException", "Failure trusting builtint roots"); | 821 CheckStatus(status, "TlsException", "Failure trusting builtin roots"); |
| 819 if (SSL_LOG_STATUS) { | 822 if (SSL_LOG_STATUS) { |
| 820 Log::Print("Trusting roots from: %s\n", cache); | 823 Log::Print("Trusting roots from: %s\n", cache); |
| 821 } | 824 } |
| 822 } | 825 } |
| 823 | 826 |
| 824 | 827 |
| 825 void FUNCTION_NAME(SecurityContext_TrustBuiltinRoots)( | 828 void FUNCTION_NAME(SecurityContext_TrustBuiltinRoots)( |
| 826 Dart_NativeArguments args) { | 829 Dart_NativeArguments args) { |
| 827 SSLContext* context = GetSecurityContext(args); | 830 SSLContext* context = GetSecurityContext(args); |
| 828 | 831 |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 862 } | 865 } |
| 863 | 866 |
| 864 if (Directory::Exists(cachedir) == Directory::EXISTS) { | 867 if (Directory::Exists(cachedir) == Directory::EXISTS) { |
| 865 LoadRootCertCache(context, cachedir); | 868 LoadRootCertCache(context, cachedir); |
| 866 return; | 869 return; |
| 867 } | 870 } |
| 868 #endif // defined(TARGET_OS_ANDROID) | 871 #endif // defined(TARGET_OS_ANDROID) |
| 869 | 872 |
| 870 // Fall back on the compiled-in certs if the standard locations don't exist, | 873 // Fall back on the compiled-in certs if the standard locations don't exist, |
| 871 // or we aren't on Linux. | 874 // or we aren't on Linux. |
| 872 AddCompiledInCerts(context); | |
| 873 if (SSL_LOG_STATUS) { | 875 if (SSL_LOG_STATUS) { |
| 874 Log::Print("Trusting compiled-in roots\n"); | 876 Log::Print("Trusting compiled-in roots\n"); |
| 875 } | 877 } |
| 878 AddCompiledInCerts(context); |
| 876 } | 879 } |
| 877 | 880 |
| 878 | 881 |
| 879 static int UseChainBytesPKCS12(SSL_CTX* context, | 882 static int UseChainBytesPKCS12(SSL_CTX* context, |
| 880 BIO* bio, | 883 BIO* bio, |
| 881 const char* password) { | 884 const char* password) { |
| 882 ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL)); | 885 ScopedPKCS12 p12(d2i_PKCS12_bio(bio, NULL)); |
| 883 if (p12.get() == NULL) { | 886 if (p12.get() == NULL) { |
| 884 return 0; | 887 return 0; |
| 885 } | 888 } |
| (...skipping 865 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1751 return bytes_processed; | 1754 return bytes_processed; |
| 1752 } | 1755 } |
| 1753 | 1756 |
| 1754 } // namespace bin | 1757 } // namespace bin |
| 1755 } // namespace dart | 1758 } // namespace dart |
| 1756 | 1759 |
| 1757 #endif // defined(TARGET_OS_LINUX) | 1760 #endif // defined(TARGET_OS_LINUX) |
| 1758 | 1761 |
| 1759 #endif // !defined(DART_IO_DISABLED) && | 1762 #endif // !defined(DART_IO_DISABLED) && |
| 1760 // !defined(DART_IO_SECURE_SOCKET_DISABLED) | 1763 // !defined(DART_IO_SECURE_SOCKET_DISABLED) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2519133005:
Enable SecureSocket on Fuchsia using BoringSSL (Closed)
