| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
| 6 | 6 |
| 7 #include <errno.h> | 7 #include <errno.h> |
| 8 #include <string.h> | 8 #include <string.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 540 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 551 #if !defined(OS_NACL) | 551 #if !defined(OS_NACL) |
| 552 void SSLClientSocketImpl::SetSSLKeyLogFile( | 552 void SSLClientSocketImpl::SetSSLKeyLogFile( |
| 553 const base::FilePath& ssl_keylog_file, | 553 const base::FilePath& ssl_keylog_file, |
| 554 const scoped_refptr<base::SequencedTaskRunner>& task_runner) { | 554 const scoped_refptr<base::SequencedTaskRunner>& task_runner) { |
| 555 SSLContext::GetInstance()->SetSSLKeyLogFile(ssl_keylog_file, task_runner); | 555 SSLContext::GetInstance()->SetSSLKeyLogFile(ssl_keylog_file, task_runner); |
| 556 } | 556 } |
| 557 #endif | 557 #endif |
| 558 | 558 |
| 559 void SSLClientSocketImpl::GetSSLCertRequestInfo( | 559 void SSLClientSocketImpl::GetSSLCertRequestInfo( |
| 560 SSLCertRequestInfo* cert_request_info) { | 560 SSLCertRequestInfo* cert_request_info) { |
| 561 if (!ssl_) { |
| 562 NOTREACHED(); |
| 563 return; |
| 564 } |
| 565 |
| 561 cert_request_info->host_and_port = host_and_port_; | 566 cert_request_info->host_and_port = host_and_port_; |
| 562 cert_request_info->cert_authorities = cert_authorities_; | 567 |
| 563 cert_request_info->cert_key_types = cert_key_types_; | 568 cert_request_info->cert_authorities.clear(); |
| 569 STACK_OF(X509_NAME)* authorities = SSL_get_client_CA_list(ssl_.get()); |
| 570 for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) { |
| 571 X509_NAME* ca_name = sk_X509_NAME_value(authorities, i); |
| 572 uint8_t* str = nullptr; |
| 573 int length = i2d_X509_NAME(ca_name, &str); |
| 574 if (length > 0) { |
| 575 cert_request_info->cert_authorities.push_back(std::string( |
| 576 reinterpret_cast<const char*>(str), static_cast<size_t>(length))); |
| 577 } else { |
| 578 NOTREACHED(); // Error serializing |ca_name|. |
| 579 } |
| 580 OPENSSL_free(str); |
| 581 } |
| 582 |
| 583 cert_request_info->cert_key_types.clear(); |
| 584 const uint8_t* client_cert_types; |
| 585 size_t num_client_cert_types = |
| 586 SSL_get0_certificate_types(ssl_.get(), &client_cert_types); |
| 587 for (size_t i = 0; i < num_client_cert_types; i++) { |
| 588 cert_request_info->cert_key_types.push_back( |
| 589 static_cast<SSLClientCertType>(client_cert_types[i])); |
| 590 } |
| 564 } | 591 } |
| 565 | 592 |
| 566 ChannelIDService* SSLClientSocketImpl::GetChannelIDService() const { | 593 ChannelIDService* SSLClientSocketImpl::GetChannelIDService() const { |
| 567 return channel_id_service_; | 594 return channel_id_service_; |
| 568 } | 595 } |
| 569 | 596 |
| 570 Error SSLClientSocketImpl::GetTokenBindingSignature(crypto::ECPrivateKey* key, | 597 Error SSLClientSocketImpl::GetTokenBindingSignature(crypto::ECPrivateKey* key, |
| 571 TokenBindingType tb_type, | 598 TokenBindingType tb_type, |
| 572 std::vector<uint8_t>* out) { | 599 std::vector<uint8_t>* out) { |
| 573 // The same key will be used across multiple requests to sign the same value, | 600 // The same key will be used across multiple requests to sign the same value, |
| (...skipping 1048 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1622 | 1649 |
| 1623 // Clear any currently configured certificates. | 1650 // Clear any currently configured certificates. |
| 1624 SSL_certs_clear(ssl_.get()); | 1651 SSL_certs_clear(ssl_.get()); |
| 1625 | 1652 |
| 1626 #if defined(OS_IOS) | 1653 #if defined(OS_IOS) |
| 1627 // TODO(droger): Support client auth on iOS. See http://crbug.com/145954). | 1654 // TODO(droger): Support client auth on iOS. See http://crbug.com/145954). |
| 1628 LOG(WARNING) << "Client auth is not supported"; | 1655 LOG(WARNING) << "Client auth is not supported"; |
| 1629 #else // !defined(OS_IOS) | 1656 #else // !defined(OS_IOS) |
| 1630 if (!ssl_config_.send_client_cert) { | 1657 if (!ssl_config_.send_client_cert) { |
| 1631 // First pass: we know that a client certificate is needed, but we do not | 1658 // First pass: we know that a client certificate is needed, but we do not |
| 1632 // have one at hand. | 1659 // have one at hand. Suspend the handshake. SSL_get_error will return |
| 1633 STACK_OF(X509_NAME)* authorities = SSL_get_client_CA_list(ssl); | 1660 // SSL_ERROR_WANT_X509_LOOKUP. |
| 1634 for (size_t i = 0; i < sk_X509_NAME_num(authorities); i++) { | |
| 1635 X509_NAME* ca_name = (X509_NAME*)sk_X509_NAME_value(authorities, i); | |
| 1636 unsigned char* str = NULL; | |
| 1637 int length = i2d_X509_NAME(ca_name, &str); | |
| 1638 cert_authorities_.push_back(std::string( | |
| 1639 reinterpret_cast<const char*>(str), static_cast<size_t>(length))); | |
| 1640 OPENSSL_free(str); | |
| 1641 } | |
| 1642 | |
| 1643 const unsigned char* client_cert_types; | |
| 1644 size_t num_client_cert_types = | |
| 1645 SSL_get0_certificate_types(ssl, &client_cert_types); | |
| 1646 for (size_t i = 0; i < num_client_cert_types; i++) { | |
| 1647 cert_key_types_.push_back( | |
| 1648 static_cast<SSLClientCertType>(client_cert_types[i])); | |
| 1649 } | |
| 1650 | |
| 1651 // Suspends handshake. SSL_get_error will return SSL_ERROR_WANT_X509_LOOKUP. | |
| 1652 return -1; | 1661 return -1; |
| 1653 } | 1662 } |
| 1654 | 1663 |
| 1655 // Second pass: a client certificate should have been selected. | 1664 // Second pass: a client certificate should have been selected. |
| 1656 if (ssl_config_.client_cert.get()) { | 1665 if (ssl_config_.client_cert.get()) { |
| 1657 bssl::UniquePtr<X509> leaf_x509 = | 1666 bssl::UniquePtr<X509> leaf_x509 = |
| 1658 OSCertHandleToOpenSSL(ssl_config_.client_cert->os_cert_handle()); | 1667 OSCertHandleToOpenSSL(ssl_config_.client_cert->os_cert_handle()); |
| 1659 if (!leaf_x509) { | 1668 if (!leaf_x509) { |
| 1660 LOG(WARNING) << "Failed to import certificate"; | 1669 LOG(WARNING) << "Failed to import certificate"; |
| 1661 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); | 1670 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_BAD_FORMAT); |
| (...skipping 383 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2045 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2054 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
| 2046 !certificate_requested_) { | 2055 !certificate_requested_) { |
| 2047 net_error = ERR_SSL_PROTOCOL_ERROR; | 2056 net_error = ERR_SSL_PROTOCOL_ERROR; |
| 2048 } | 2057 } |
| 2049 } | 2058 } |
| 2050 | 2059 |
| 2051 return net_error; | 2060 return net_error; |
| 2052 } | 2061 } |
| 2053 | 2062 |
| 2054 } // namespace net | 2063 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2601493002:
Remove an unnecessary copy of SSLCertRequestInfo data. (Closed)
