| OLD | NEW |
|---|
| 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
| 2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
| 3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
| 4 | 4 |
| 5 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED) | 5 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED) |
| 6 | 6 |
| 7 #include "platform/globals.h" | 7 #include "platform/globals.h" |
| 8 #if defined(TARGET_OS_ANDROID) || defined(TARGET_OS_LINUX) || \ | 8 #if defined(TARGET_OS_ANDROID) || defined(TARGET_OS_LINUX) || \ |
| 9 defined(TARGET_OS_WINDOWS) || defined(TARGET_OS_FUCHSIA) | 9 defined(TARGET_OS_WINDOWS) || defined(TARGET_OS_FUCHSIA) |
| 10 | 10 |
| (...skipping 1504 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1515 status = BIO_new_bio_pair(&ssl_side, kInternalBIOSize, &socket_side_, | 1515 status = BIO_new_bio_pair(&ssl_side, kInternalBIOSize, &socket_side_, |
| 1516 kInternalBIOSize); | 1516 kInternalBIOSize); |
| 1517 CheckStatus(status, "TlsException", "BIO_new_bio_pair"); | 1517 CheckStatus(status, "TlsException", "BIO_new_bio_pair"); |
| 1518 | 1518 |
| 1519 assert(context != NULL); | 1519 assert(context != NULL); |
| 1520 ssl_ = SSL_new(context); | 1520 ssl_ = SSL_new(context); |
| 1521 SSL_set_bio(ssl_, ssl_side, ssl_side); | 1521 SSL_set_bio(ssl_, ssl_side, ssl_side); |
| 1522 SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right? | 1522 SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right? |
| 1523 SSL_set_ex_data(ssl_, filter_ssl_index, this); | 1523 SSL_set_ex_data(ssl_, filter_ssl_index, this); |
| 1524 | 1524 |
| 1525 #if defined(TARGET_OS_FUCHSIA) | |
| 1526 // Temporary workaround until we isolate the memory leak issue. | |
| 1527 SSL_set_verify(ssl_, SSL_VERIFY_NONE, NULL); | |
| 1528 #else | |
| 1529 if (is_server_) { | 1525 if (is_server_) { |
| 1530 int certificate_mode = | 1526 int certificate_mode = |
| 1531 request_client_certificate ? SSL_VERIFY_PEER : SSL_VERIFY_NONE; | 1527 request_client_certificate ? SSL_VERIFY_PEER : SSL_VERIFY_NONE; |
| 1532 if (require_client_certificate) { | 1528 if (require_client_certificate) { |
| 1533 certificate_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; | 1529 certificate_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; |
| 1534 } | 1530 } |
| 1535 SSL_set_verify(ssl_, certificate_mode, NULL); | 1531 SSL_set_verify(ssl_, certificate_mode, NULL); |
| 1536 } else { | 1532 } else { |
| 1537 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); | 1533 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); |
| 1538 status = SSL_set_tlsext_host_name(ssl_, hostname); | 1534 status = SSL_set_tlsext_host_name(ssl_, hostname); |
| 1539 CheckStatus(status, "TlsException", "Set SNI host name"); | 1535 CheckStatus(status, "TlsException", "Set SNI host name"); |
| 1540 // Sets the hostname in the certificate-checking object, so it is checked | 1536 // Sets the hostname in the certificate-checking object, so it is checked |
| 1541 // against the certificate presented by the server. | 1537 // against the certificate presented by the server. |
| 1542 X509_VERIFY_PARAM* certificate_checking_parameters = SSL_get0_param(ssl_); | 1538 X509_VERIFY_PARAM* certificate_checking_parameters = SSL_get0_param(ssl_); |
| 1543 hostname_ = strdup(hostname); | 1539 hostname_ = strdup(hostname); |
| 1544 X509_VERIFY_PARAM_set_flags( | 1540 X509_VERIFY_PARAM_set_flags( |
| 1545 certificate_checking_parameters, | 1541 certificate_checking_parameters, |
| 1546 X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_TRUSTED_FIRST); | 1542 X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_TRUSTED_FIRST); |
| 1547 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters, 0); | 1543 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters, 0); |
| 1548 status = X509_VERIFY_PARAM_set1_host(certificate_checking_parameters, | 1544 status = X509_VERIFY_PARAM_set1_host(certificate_checking_parameters, |
| 1549 hostname_, strlen(hostname_)); | 1545 hostname_, strlen(hostname_)); |
| 1550 CheckStatus(status, "TlsException", | 1546 CheckStatus(status, "TlsException", |
| 1551 "Set hostname for certificate checking"); | 1547 "Set hostname for certificate checking"); |
| 1552 } | 1548 } |
| 1553 #endif // defined(TARGET_OS_FUCHSIA) | |
| 1554 // Make the connection: | 1549 // Make the connection: |
| 1555 if (is_server_) { | 1550 if (is_server_) { |
| 1556 status = SSL_accept(ssl_); | 1551 status = SSL_accept(ssl_); |
| 1557 if (SSL_LOG_STATUS) { | 1552 if (SSL_LOG_STATUS) { |
| 1558 Log::Print("SSL_accept status: %d\n", status); | 1553 Log::Print("SSL_accept status: %d\n", status); |
| 1559 } | 1554 } |
| 1560 if (status != 1) { | 1555 if (status != 1) { |
| 1561 // TODO(whesse): expect a needs-data error here. Handle other errors. | 1556 // TODO(whesse): expect a needs-data error here. Handle other errors. |
| 1562 error = SSL_get_error(ssl_, status); | 1557 error = SSL_get_error(ssl_, status); |
| 1563 if (SSL_LOG_STATUS) { | 1558 if (SSL_LOG_STATUS) { |
| (...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1778 return bytes_processed; | 1773 return bytes_processed; |
| 1779 } | 1774 } |
| 1780 | 1775 |
| 1781 } // namespace bin | 1776 } // namespace bin |
| 1782 } // namespace dart | 1777 } // namespace dart |
| 1783 | 1778 |
| 1784 #endif // defined(TARGET_OS_LINUX) | 1779 #endif // defined(TARGET_OS_LINUX) |
| 1785 | 1780 |
| 1786 #endif // !defined(DART_IO_DISABLED) && | 1781 #endif // !defined(DART_IO_DISABLED) && |
| 1787 // !defined(DART_IO_SECURE_SOCKET_DISABLED) | 1782 // !defined(DART_IO_SECURE_SOCKET_DISABLED) |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2545833003:
Fuchsia: Throttle epoll to prevent message queues from being overwhelmed with level-triggered event… (Closed)
