OLD | NEW |
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED) | 5 #if !defined(DART_IO_DISABLED) && !defined(DART_IO_SECURE_SOCKET_DISABLED) |
6 | 6 |
7 #include "platform/globals.h" | 7 #include "platform/globals.h" |
8 #if defined(TARGET_OS_ANDROID) || defined(TARGET_OS_LINUX) || \ | 8 #if defined(TARGET_OS_ANDROID) || defined(TARGET_OS_LINUX) || \ |
9 defined(TARGET_OS_WINDOWS) || defined(TARGET_OS_FUCHSIA) | 9 defined(TARGET_OS_WINDOWS) || defined(TARGET_OS_FUCHSIA) |
10 | 10 |
(...skipping 1504 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1515 status = BIO_new_bio_pair(&ssl_side, kInternalBIOSize, &socket_side_, | 1515 status = BIO_new_bio_pair(&ssl_side, kInternalBIOSize, &socket_side_, |
1516 kInternalBIOSize); | 1516 kInternalBIOSize); |
1517 CheckStatus(status, "TlsException", "BIO_new_bio_pair"); | 1517 CheckStatus(status, "TlsException", "BIO_new_bio_pair"); |
1518 | 1518 |
1519 assert(context != NULL); | 1519 assert(context != NULL); |
1520 ssl_ = SSL_new(context); | 1520 ssl_ = SSL_new(context); |
1521 SSL_set_bio(ssl_, ssl_side, ssl_side); | 1521 SSL_set_bio(ssl_, ssl_side, ssl_side); |
1522 SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right? | 1522 SSL_set_mode(ssl_, SSL_MODE_AUTO_RETRY); // TODO(whesse): Is this right? |
1523 SSL_set_ex_data(ssl_, filter_ssl_index, this); | 1523 SSL_set_ex_data(ssl_, filter_ssl_index, this); |
1524 | 1524 |
1525 #if defined(TARGET_OS_FUCHSIA) | |
1526 // Temporary workaround until we isolate the memory leak issue. | |
1527 SSL_set_verify(ssl_, SSL_VERIFY_NONE, NULL); | |
1528 #else | |
1529 if (is_server_) { | 1525 if (is_server_) { |
1530 int certificate_mode = | 1526 int certificate_mode = |
1531 request_client_certificate ? SSL_VERIFY_PEER : SSL_VERIFY_NONE; | 1527 request_client_certificate ? SSL_VERIFY_PEER : SSL_VERIFY_NONE; |
1532 if (require_client_certificate) { | 1528 if (require_client_certificate) { |
1533 certificate_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; | 1529 certificate_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; |
1534 } | 1530 } |
1535 SSL_set_verify(ssl_, certificate_mode, NULL); | 1531 SSL_set_verify(ssl_, certificate_mode, NULL); |
1536 } else { | 1532 } else { |
1537 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); | 1533 SetAlpnProtocolList(protocols_handle, ssl_, NULL, false); |
1538 status = SSL_set_tlsext_host_name(ssl_, hostname); | 1534 status = SSL_set_tlsext_host_name(ssl_, hostname); |
1539 CheckStatus(status, "TlsException", "Set SNI host name"); | 1535 CheckStatus(status, "TlsException", "Set SNI host name"); |
1540 // Sets the hostname in the certificate-checking object, so it is checked | 1536 // Sets the hostname in the certificate-checking object, so it is checked |
1541 // against the certificate presented by the server. | 1537 // against the certificate presented by the server. |
1542 X509_VERIFY_PARAM* certificate_checking_parameters = SSL_get0_param(ssl_); | 1538 X509_VERIFY_PARAM* certificate_checking_parameters = SSL_get0_param(ssl_); |
1543 hostname_ = strdup(hostname); | 1539 hostname_ = strdup(hostname); |
1544 X509_VERIFY_PARAM_set_flags( | 1540 X509_VERIFY_PARAM_set_flags( |
1545 certificate_checking_parameters, | 1541 certificate_checking_parameters, |
1546 X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_TRUSTED_FIRST); | 1542 X509_V_FLAG_PARTIAL_CHAIN | X509_V_FLAG_TRUSTED_FIRST); |
1547 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters, 0); | 1543 X509_VERIFY_PARAM_set_hostflags(certificate_checking_parameters, 0); |
1548 status = X509_VERIFY_PARAM_set1_host(certificate_checking_parameters, | 1544 status = X509_VERIFY_PARAM_set1_host(certificate_checking_parameters, |
1549 hostname_, strlen(hostname_)); | 1545 hostname_, strlen(hostname_)); |
1550 CheckStatus(status, "TlsException", | 1546 CheckStatus(status, "TlsException", |
1551 "Set hostname for certificate checking"); | 1547 "Set hostname for certificate checking"); |
1552 } | 1548 } |
1553 #endif // defined(TARGET_OS_FUCHSIA) | |
1554 // Make the connection: | 1549 // Make the connection: |
1555 if (is_server_) { | 1550 if (is_server_) { |
1556 status = SSL_accept(ssl_); | 1551 status = SSL_accept(ssl_); |
1557 if (SSL_LOG_STATUS) { | 1552 if (SSL_LOG_STATUS) { |
1558 Log::Print("SSL_accept status: %d\n", status); | 1553 Log::Print("SSL_accept status: %d\n", status); |
1559 } | 1554 } |
1560 if (status != 1) { | 1555 if (status != 1) { |
1561 // TODO(whesse): expect a needs-data error here. Handle other errors. | 1556 // TODO(whesse): expect a needs-data error here. Handle other errors. |
1562 error = SSL_get_error(ssl_, status); | 1557 error = SSL_get_error(ssl_, status); |
1563 if (SSL_LOG_STATUS) { | 1558 if (SSL_LOG_STATUS) { |
(...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1778 return bytes_processed; | 1773 return bytes_processed; |
1779 } | 1774 } |
1780 | 1775 |
1781 } // namespace bin | 1776 } // namespace bin |
1782 } // namespace dart | 1777 } // namespace dart |
1783 | 1778 |
1784 #endif // defined(TARGET_OS_LINUX) | 1779 #endif // defined(TARGET_OS_LINUX) |
1785 | 1780 |
1786 #endif // !defined(DART_IO_DISABLED) && | 1781 #endif // !defined(DART_IO_DISABLED) && |
1787 // !defined(DART_IO_SECURE_SOCKET_DISABLED) | 1782 // !defined(DART_IO_SECURE_SOCKET_DISABLED) |
OLD | NEW |