Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(5)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_server_socket_impl.cc

Issue 2786173003: Convert android to use X509CertificateBytes instead of X509CertificateOpenSSL. (Closed)
Patch Set: rebase Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cert/ct_objects_extractor.cc ('k') | net/ssl/openssl_client_key_store.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_server_socket_impl.h" 5 #include "net/socket/ssl_server_socket_impl.h"
6 6
7 #include <utility> 7 #include <utility>
8 8
9 #include "base/callback_helpers.h" 9 #include "base/callback_helpers.h"
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 625 matching lines...) Expand 10 before | Expand all | Expand 10 after
636 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), 636 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(),
637 SSLServerSocketImpl::CertVerifyCallback, 637 SSLServerSocketImpl::CertVerifyCallback,
638 ssl_server_config_.client_cert_verifier); 638 ssl_server_config_.client_cert_verifier);
639 break; 639 break;
640 case SSLServerConfig::ClientCertType::NO_CLIENT_CERT: 640 case SSLServerConfig::ClientCertType::NO_CLIENT_CERT:
641 break; 641 break;
642 } 642 }
643 643
644 // Set certificate and private key. 644 // Set certificate and private key.
645 DCHECK(cert_->os_cert_handle()); 645 DCHECK(cert_->os_cert_handle());
646 #if defined(USE_OPENSSL_CERTS) 646 #if BUILDFLAG(USE_BYTE_CERTS)
647 bssl::UniquePtr<X509> x509(X509_parse_from_buffer(cert_->os_cert_handle()));
648 CHECK(x509);
649 // On success, SSL_CTX_use_certificate acquires a reference to |x509|.
650 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), x509.get()));
651 #elif defined(USE_OPENSSL_CERTS)
647 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), cert_->os_cert_handle())); 652 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), cert_->os_cert_handle()));
648 #else 653 #else
649 // Convert OSCertHandle to X509 structure. 654 // Convert OSCertHandle to X509 structure.
650 std::string der_string; 655 std::string der_string;
651 CHECK(X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)); 656 CHECK(X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string));
652 657
653 const unsigned char* der_string_array = 658 const unsigned char* der_string_array =
654 reinterpret_cast<const unsigned char*>(der_string.data()); 659 reinterpret_cast<const unsigned char*>(der_string.data());
655 660
656 bssl::UniquePtr<X509> x509( 661 bssl::UniquePtr<X509> x509(
657 d2i_X509(NULL, &der_string_array, der_string.length())); 662 d2i_X509(NULL, &der_string_array, der_string.length()));
658 CHECK(x509); 663 CHECK(x509);
659 664
660 // On success, SSL_CTX_use_certificate acquires a reference to |x509|. 665 // On success, SSL_CTX_use_certificate acquires a reference to |x509|.
661 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), x509.get())); 666 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), x509.get()));
662 #endif // USE_OPENSSL_CERTS 667 #endif // USE_OPENSSL_CERTS && !USE_BYTE_CERTS
davidben 2017/04/11 23:42:45 You can simplify this a bit and SSL_CTX_use_certif
mattm 2017/04/12 23:07:45 Updated. Mind taking another look?
663 668
664 DCHECK(key_->key()); 669 DCHECK(key_->key());
665 CHECK(SSL_CTX_use_PrivateKey(ssl_ctx_.get(), key_->key())); 670 CHECK(SSL_CTX_use_PrivateKey(ssl_ctx_.get(), key_->key()));
666 671
667 DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_min); 672 DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_min);
668 DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_max); 673 DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_max);
669 CHECK(SSL_CTX_set_min_proto_version(ssl_ctx_.get(), 674 CHECK(SSL_CTX_set_min_proto_version(ssl_ctx_.get(),
670 ssl_server_config_.version_min)); 675 ssl_server_config_.version_min));
671 CHECK(SSL_CTX_set_max_proto_version(ssl_ctx_.get(), 676 CHECK(SSL_CTX_set_max_proto_version(ssl_ctx_.get(),
672 ssl_server_config_.version_max)); 677 ssl_server_config_.version_max));
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
731 SSLServerContextImpl::~SSLServerContextImpl() {} 736 SSLServerContextImpl::~SSLServerContextImpl() {}
732 737
733 std::unique_ptr<SSLServerSocket> SSLServerContextImpl::CreateSSLServerSocket( 738 std::unique_ptr<SSLServerSocket> SSLServerContextImpl::CreateSSLServerSocket(
734 std::unique_ptr<StreamSocket> socket) { 739 std::unique_ptr<StreamSocket> socket) {
735 bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx_.get())); 740 bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx_.get()));
736 return std::unique_ptr<SSLServerSocket>( 741 return std::unique_ptr<SSLServerSocket>(
737 new SSLServerSocketImpl(std::move(socket), std::move(ssl))); 742 new SSLServerSocketImpl(std::move(socket), std::move(ssl)));
738 } 743 }
739 744
740 } // namespace net 745 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/ct_objects_extractor.cc ('k') | net/ssl/openssl_client_key_store.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698