OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_server_socket_impl.h" | 5 #include "net/socket/ssl_server_socket_impl.h" |
6 | 6 |
7 #include <utility> | 7 #include <utility> |
8 | 8 |
9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
(...skipping 625 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
636 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), | 636 SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), |
637 SSLServerSocketImpl::CertVerifyCallback, | 637 SSLServerSocketImpl::CertVerifyCallback, |
638 ssl_server_config_.client_cert_verifier); | 638 ssl_server_config_.client_cert_verifier); |
639 break; | 639 break; |
640 case SSLServerConfig::ClientCertType::NO_CLIENT_CERT: | 640 case SSLServerConfig::ClientCertType::NO_CLIENT_CERT: |
641 break; | 641 break; |
642 } | 642 } |
643 | 643 |
644 // Set certificate and private key. | 644 // Set certificate and private key. |
645 DCHECK(cert_->os_cert_handle()); | 645 DCHECK(cert_->os_cert_handle()); |
646 #if defined(USE_OPENSSL_CERTS) | 646 #if BUILDFLAG(USE_BYTE_CERTS) |
647 bssl::UniquePtr<X509> x509(X509_parse_from_buffer(cert_->os_cert_handle())); | |
648 CHECK(x509); | |
649 // On success, SSL_CTX_use_certificate acquires a reference to |x509|. | |
650 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), x509.get())); | |
651 #elif defined(USE_OPENSSL_CERTS) | |
647 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), cert_->os_cert_handle())); | 652 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), cert_->os_cert_handle())); |
648 #else | 653 #else |
649 // Convert OSCertHandle to X509 structure. | 654 // Convert OSCertHandle to X509 structure. |
650 std::string der_string; | 655 std::string der_string; |
651 CHECK(X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)); | 656 CHECK(X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)); |
652 | 657 |
653 const unsigned char* der_string_array = | 658 const unsigned char* der_string_array = |
654 reinterpret_cast<const unsigned char*>(der_string.data()); | 659 reinterpret_cast<const unsigned char*>(der_string.data()); |
655 | 660 |
656 bssl::UniquePtr<X509> x509( | 661 bssl::UniquePtr<X509> x509( |
657 d2i_X509(NULL, &der_string_array, der_string.length())); | 662 d2i_X509(NULL, &der_string_array, der_string.length())); |
658 CHECK(x509); | 663 CHECK(x509); |
659 | 664 |
660 // On success, SSL_CTX_use_certificate acquires a reference to |x509|. | 665 // On success, SSL_CTX_use_certificate acquires a reference to |x509|. |
661 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), x509.get())); | 666 CHECK(SSL_CTX_use_certificate(ssl_ctx_.get(), x509.get())); |
662 #endif // USE_OPENSSL_CERTS | 667 #endif // USE_OPENSSL_CERTS && !USE_BYTE_CERTS |
davidben
2017/04/11 23:42:45
You can simplify this a bit and SSL_CTX_use_certif
mattm
2017/04/12 23:07:45
Updated. Mind taking another look?
| |
663 | 668 |
664 DCHECK(key_->key()); | 669 DCHECK(key_->key()); |
665 CHECK(SSL_CTX_use_PrivateKey(ssl_ctx_.get(), key_->key())); | 670 CHECK(SSL_CTX_use_PrivateKey(ssl_ctx_.get(), key_->key())); |
666 | 671 |
667 DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_min); | 672 DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_min); |
668 DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_max); | 673 DCHECK_LT(SSL3_VERSION, ssl_server_config_.version_max); |
669 CHECK(SSL_CTX_set_min_proto_version(ssl_ctx_.get(), | 674 CHECK(SSL_CTX_set_min_proto_version(ssl_ctx_.get(), |
670 ssl_server_config_.version_min)); | 675 ssl_server_config_.version_min)); |
671 CHECK(SSL_CTX_set_max_proto_version(ssl_ctx_.get(), | 676 CHECK(SSL_CTX_set_max_proto_version(ssl_ctx_.get(), |
672 ssl_server_config_.version_max)); | 677 ssl_server_config_.version_max)); |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
731 SSLServerContextImpl::~SSLServerContextImpl() {} | 736 SSLServerContextImpl::~SSLServerContextImpl() {} |
732 | 737 |
733 std::unique_ptr<SSLServerSocket> SSLServerContextImpl::CreateSSLServerSocket( | 738 std::unique_ptr<SSLServerSocket> SSLServerContextImpl::CreateSSLServerSocket( |
734 std::unique_ptr<StreamSocket> socket) { | 739 std::unique_ptr<StreamSocket> socket) { |
735 bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx_.get())); | 740 bssl::UniquePtr<SSL> ssl(SSL_new(ssl_ctx_.get())); |
736 return std::unique_ptr<SSLServerSocket>( | 741 return std::unique_ptr<SSLServerSocket>( |
737 new SSLServerSocketImpl(std::move(socket), std::move(ssl))); | 742 new SSLServerSocketImpl(std::move(socket), std::move(ssl))); |
738 } | 743 } |
739 | 744 |
740 } // namespace net | 745 } // namespace net |
OLD | NEW |