OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
(...skipping 494 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
505 net_log_(transport_->socket()->NetLog()) {} | 505 net_log_(transport_->socket()->NetLog()) {} |
506 | 506 |
507 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() { | 507 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() { |
508 Disconnect(); | 508 Disconnect(); |
509 } | 509 } |
510 | 510 |
511 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( | 511 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( |
512 SSLCertRequestInfo* cert_request_info) { | 512 SSLCertRequestInfo* cert_request_info) { |
513 cert_request_info->host_and_port = host_and_port_; | 513 cert_request_info->host_and_port = host_and_port_; |
514 cert_request_info->cert_authorities = cert_authorities_; | 514 cert_request_info->cert_authorities = cert_authorities_; |
515 cert_request_info->cert_key_types = cert_key_types_; | |
515 } | 516 } |
516 | 517 |
517 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( | 518 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( |
518 std::string* proto, std::string* server_protos) { | 519 std::string* proto, std::string* server_protos) { |
519 *proto = npn_proto_; | 520 *proto = npn_proto_; |
520 *server_protos = server_protos_; | 521 *server_protos = server_protos_; |
521 return npn_status_; | 522 return npn_status_; |
522 } | 523 } |
523 | 524 |
524 ServerBoundCertService* | 525 ServerBoundCertService* |
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
609 user_write_buf_ = NULL; | 610 user_write_buf_ = NULL; |
610 user_write_buf_len_ = 0; | 611 user_write_buf_len_ = 0; |
611 | 612 |
612 pending_read_error_ = kNoPendingReadResult; | 613 pending_read_error_ = kNoPendingReadResult; |
613 transport_write_error_ = OK; | 614 transport_write_error_ = OK; |
614 | 615 |
615 server_cert_verify_result_.Reset(); | 616 server_cert_verify_result_.Reset(); |
616 completed_handshake_ = false; | 617 completed_handshake_ = false; |
617 | 618 |
618 cert_authorities_.clear(); | 619 cert_authorities_.clear(); |
620 cert_key_types_.clear(); | |
619 client_auth_cert_needed_ = false; | 621 client_auth_cert_needed_ = false; |
620 } | 622 } |
621 | 623 |
622 bool SSLClientSocketOpenSSL::IsConnected() const { | 624 bool SSLClientSocketOpenSSL::IsConnected() const { |
623 // If the handshake has not yet completed. | 625 // If the handshake has not yet completed. |
624 if (!completed_handshake_) | 626 if (!completed_handshake_) |
625 return false; | 627 return false; |
626 // If an asynchronous operation is still pending. | 628 // If an asynchronous operation is still pending. |
627 if (user_read_buf_.get() || user_write_buf_.get()) | 629 if (user_read_buf_.get() || user_write_buf_.get()) |
628 return true; | 630 return true; |
(...skipping 776 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1405 | 1407 |
1406 int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, | 1408 int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, |
1407 X509** x509, | 1409 X509** x509, |
1408 EVP_PKEY** pkey) { | 1410 EVP_PKEY** pkey) { |
1409 DVLOG(3) << "OpenSSL ClientCertRequestCallback called"; | 1411 DVLOG(3) << "OpenSSL ClientCertRequestCallback called"; |
1410 DCHECK(ssl == ssl_); | 1412 DCHECK(ssl == ssl_); |
1411 DCHECK(*x509 == NULL); | 1413 DCHECK(*x509 == NULL); |
1412 DCHECK(*pkey == NULL); | 1414 DCHECK(*pkey == NULL); |
1413 #if defined(USE_OPENSSL_CERTS) | 1415 #if defined(USE_OPENSSL_CERTS) |
1414 if (!ssl_config_.send_client_cert) { | 1416 if (!ssl_config_.send_client_cert) { |
1415 // First pass: we know that a client certificate is needed, but we do not | 1417 // First pass: we know that a client certificate is needed, but we do not |
wtc
2014/04/25 18:52:40
Hmm... I believe almost the code in the first pass
davidben
2014/04/25 20:52:31
Hrm. Yeah, looks like it. I suspect it was done th
Ryan Sleevi
2014/04/26 01:47:33
Yeah, when we support platform native auth, this w
davidben
2014/04/30 21:48:17
Alright. Moved stuff out from there.
| |
1416 // have one at hand. | 1418 // have one at hand. |
1417 client_auth_cert_needed_ = true; | 1419 client_auth_cert_needed_ = true; |
1418 STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl); | 1420 STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl); |
1419 for (int i = 0; i < sk_X509_NAME_num(authorities); i++) { | 1421 for (int i = 0; i < sk_X509_NAME_num(authorities); i++) { |
1420 X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i); | 1422 X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i); |
1421 unsigned char* str = NULL; | 1423 unsigned char* str = NULL; |
1422 int length = i2d_X509_NAME(ca_name, &str); | 1424 int length = i2d_X509_NAME(ca_name, &str); |
1423 cert_authorities_.push_back(std::string( | 1425 cert_authorities_.push_back(std::string( |
1424 reinterpret_cast<const char*>(str), | 1426 reinterpret_cast<const char*>(str), |
1425 static_cast<size_t>(length))); | 1427 static_cast<size_t>(length))); |
1426 OPENSSL_free(str); | 1428 OPENSSL_free(str); |
1427 } | 1429 } |
1428 | 1430 |
1431 char* client_cert_types; | |
1432 size_t num_client_cert_types; | |
1433 SSL_get_client_certificate_types(ssl, &client_cert_types, | |
1434 &num_client_cert_types); | |
1435 for (size_t i = 0; i < num_client_cert_types; i++) { | |
1436 cert_key_types_.push_back( | |
1437 static_cast<SSLClientCertType>(client_cert_types[i])); | |
1438 } | |
1439 | |
1429 return -1; // Suspends handshake. | 1440 return -1; // Suspends handshake. |
1430 } | 1441 } |
1431 | 1442 |
1432 // Second pass: a client certificate should have been selected. | 1443 // Second pass: a client certificate should have been selected. |
1433 if (ssl_config_.client_cert.get()) { | 1444 if (ssl_config_.client_cert.get()) { |
1434 // A note about ownership: FetchClientCertPrivateKey() increments | 1445 // A note about ownership: FetchClientCertPrivateKey() increments |
1435 // the reference count of the EVP_PKEY. Ownership of this reference | 1446 // the reference count of the EVP_PKEY. Ownership of this reference |
1436 // is passed directly to OpenSSL, which will release the reference | 1447 // is passed directly to OpenSSL, which will release the reference |
1437 // using EVP_PKEY_free() when the SSL object is destroyed. | 1448 // using EVP_PKEY_free() when the SSL object is destroyed. |
1438 OpenSSLClientKeyStore::ScopedEVP_PKEY privkey; | 1449 OpenSSLClientKeyStore::ScopedEVP_PKEY privkey; |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1565 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; | 1576 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; |
1566 return SSL_TLSEXT_ERR_OK; | 1577 return SSL_TLSEXT_ERR_OK; |
1567 } | 1578 } |
1568 | 1579 |
1569 scoped_refptr<X509Certificate> | 1580 scoped_refptr<X509Certificate> |
1570 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1581 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
1571 return server_cert_; | 1582 return server_cert_; |
1572 } | 1583 } |
1573 | 1584 |
1574 } // namespace net | 1585 } // namespace net |
OLD | NEW |