OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_server_socket_openssl.h" | 5 #include "net/socket/ssl_server_socket_openssl.h" |
6 | 6 |
7 #include <openssl/err.h> | 7 #include <openssl/err.h> |
8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
9 | 9 |
10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
(...skipping 598 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
609 // 0 => use default buffer sizes. | 609 // 0 => use default buffer sizes. |
610 if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0)) | 610 if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0)) |
611 return ERR_UNEXPECTED; | 611 return ERR_UNEXPECTED; |
612 DCHECK(ssl_bio); | 612 DCHECK(ssl_bio); |
613 DCHECK(transport_bio_); | 613 DCHECK(transport_bio_); |
614 | 614 |
615 SSL_set_bio(ssl_, ssl_bio, ssl_bio); | 615 SSL_set_bio(ssl_, ssl_bio, ssl_bio); |
616 | 616 |
617 // Set certificate and private key. | 617 // Set certificate and private key. |
618 DCHECK(cert_->os_cert_handle()); | 618 DCHECK(cert_->os_cert_handle()); |
| 619 #if defined(USE_OPENSSL_CERTS) |
619 if (SSL_use_certificate(ssl_, cert_->os_cert_handle()) != 1) { | 620 if (SSL_use_certificate(ssl_, cert_->os_cert_handle()) != 1) { |
620 LOG(ERROR) << "Cannot set certificate."; | 621 LOG(ERROR) << "Cannot set certificate."; |
621 return ERR_UNEXPECTED; | 622 return ERR_UNEXPECTED; |
622 } | 623 } |
| 624 #else |
| 625 // Convert OSCertHandle to X509 structure. |
| 626 std::string der_string; |
| 627 if (!X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)) |
| 628 return ERR_UNEXPECTED; |
| 629 |
| 630 const unsigned char* der_string_array = |
| 631 reinterpret_cast<const unsigned char*>(der_string.data()); |
| 632 |
| 633 crypto::ScopedOpenSSL<X509, X509_free> |
| 634 x509(d2i_X509(NULL, &der_string_array, der_string.length())); |
| 635 if (!x509.get()) |
| 636 return ERR_UNEXPECTED; |
| 637 |
| 638 // On success, SSL_use_certificate acquires a reference to |x509|. |
| 639 if (SSL_use_certificate(ssl_, x509.get()) != 1) { |
| 640 LOG(ERROR) << "Cannot set certificate."; |
| 641 return ERR_UNEXPECTED; |
| 642 } |
| 643 #endif // USE_OPENSSL_CERTS |
623 | 644 |
624 DCHECK(key_->key()); | 645 DCHECK(key_->key()); |
625 if (SSL_use_PrivateKey(ssl_, key_->key()) != 1) { | 646 if (SSL_use_PrivateKey(ssl_, key_->key()) != 1) { |
626 LOG(ERROR) << "Cannot set private key."; | 647 LOG(ERROR) << "Cannot set private key."; |
627 return ERR_UNEXPECTED; | 648 return ERR_UNEXPECTED; |
628 } | 649 } |
629 | 650 |
630 // OpenSSL defaults some options to on, others to off. To avoid ambiguity, | 651 // OpenSSL defaults some options to on, others to off. To avoid ambiguity, |
631 // set everything we care about to an absolute value. | 652 // set everything we care about to an absolute value. |
632 SslSetClearMask options; | 653 SslSetClearMask options; |
(...skipping 22 matching lines...) Expand all Loading... |
655 | 676 |
656 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); | 677 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); |
657 | 678 |
658 SSL_set_mode(ssl_, mode.set_mask); | 679 SSL_set_mode(ssl_, mode.set_mask); |
659 SSL_clear_mode(ssl_, mode.clear_mask); | 680 SSL_clear_mode(ssl_, mode.clear_mask); |
660 | 681 |
661 return OK; | 682 return OK; |
662 } | 683 } |
663 | 684 |
664 } // namespace net | 685 } // namespace net |
OLD | NEW |