OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_server_socket_openssl.h" | 5 #include "net/socket/ssl_server_socket_openssl.h" |
6 | 6 |
7 #include <openssl/err.h> | 7 #include <openssl/err.h> |
8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
9 | 9 |
10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
(...skipping 598 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
609 // 0 => use default buffer sizes. | 609 // 0 => use default buffer sizes. |
610 if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0)) | 610 if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0)) |
611 return ERR_UNEXPECTED; | 611 return ERR_UNEXPECTED; |
612 DCHECK(ssl_bio); | 612 DCHECK(ssl_bio); |
613 DCHECK(transport_bio_); | 613 DCHECK(transport_bio_); |
614 | 614 |
615 SSL_set_bio(ssl_, ssl_bio, ssl_bio); | 615 SSL_set_bio(ssl_, ssl_bio, ssl_bio); |
616 | 616 |
617 // Set certificate and private key. | 617 // Set certificate and private key. |
618 DCHECK(cert_->os_cert_handle()); | 618 DCHECK(cert_->os_cert_handle()); |
619 #if defined(USE_OPENSSL_CERTS) | |
619 if (SSL_use_certificate(ssl_, cert_->os_cert_handle()) != 1) { | 620 if (SSL_use_certificate(ssl_, cert_->os_cert_handle()) != 1) { |
620 LOG(ERROR) << "Cannot set certificate."; | 621 LOG(ERROR) << "Cannot set certificate."; |
621 return ERR_UNEXPECTED; | 622 return ERR_UNEXPECTED; |
622 } | 623 } |
624 #else | |
625 // Convert OSCertHandle to X509 structure. | |
626 std::string der_string; | |
627 if (!X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)) | |
628 return ERR_UNEXPECTED; | |
629 | |
630 const unsigned char* der_string_array = | |
631 reinterpret_cast<const unsigned char*>(der_string.data()); | |
632 | |
633 X509* cert = d2i_X509(NULL, &der_string_array, der_string.length()); | |
wtc
2014/06/11 16:50:39
Nit: the |cert_| member is of the X509Certificate
haavardm
2014/06/11 18:09:27
Done.
| |
634 if (!cert) | |
635 return ERR_UNEXPECTED; | |
636 | |
637 // On success, SSL_use_certificate counts up the reference count on cert. | |
638 if (SSL_use_certificate(ssl_, cert) != 1) { | |
wtc
2014/06/11 16:50:39
Does |ssl_| own |cert| if this SSL_use_certificate
haavardm
2014/06/11 18:09:27
It counts up the reference counting and will free
| |
639 LOG(ERROR) << "Cannot set certificate."; | |
640 X509_free(cert); | |
641 return ERR_UNEXPECTED; | |
642 } | |
643 #endif // USE_OPENSSL_CERTS | |
623 | 644 |
624 DCHECK(key_->key()); | 645 DCHECK(key_->key()); |
625 if (SSL_use_PrivateKey(ssl_, key_->key()) != 1) { | 646 if (SSL_use_PrivateKey(ssl_, key_->key()) != 1) { |
626 LOG(ERROR) << "Cannot set private key."; | 647 LOG(ERROR) << "Cannot set private key."; |
627 return ERR_UNEXPECTED; | 648 return ERR_UNEXPECTED; |
628 } | 649 } |
629 | 650 |
630 // OpenSSL defaults some options to on, others to off. To avoid ambiguity, | 651 // OpenSSL defaults some options to on, others to off. To avoid ambiguity, |
631 // set everything we care about to an absolute value. | 652 // set everything we care about to an absolute value. |
632 SslSetClearMask options; | 653 SslSetClearMask options; |
(...skipping 22 matching lines...) Expand all Loading... | |
655 | 676 |
656 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); | 677 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); |
657 | 678 |
658 SSL_set_mode(ssl_, mode.set_mask); | 679 SSL_set_mode(ssl_, mode.set_mask); |
659 SSL_clear_mode(ssl_, mode.clear_mask); | 680 SSL_clear_mode(ssl_, mode.clear_mask); |
660 | 681 |
661 return OK; | 682 return OK; |
662 } | 683 } |
663 | 684 |
664 } // namespace net | 685 } // namespace net |
OLD | NEW |