| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| (...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 331 transport_recv_busy_(false), | 331 transport_recv_busy_(false), |
| 332 transport_recv_eof_(false), | 332 transport_recv_eof_(false), |
| 333 weak_factory_(this), | 333 weak_factory_(this), |
| 334 pending_read_error_(kNoPendingReadResult), | 334 pending_read_error_(kNoPendingReadResult), |
| 335 transport_write_error_(OK), | 335 transport_write_error_(OK), |
| 336 server_cert_chain_(new PeerCertificateChain(NULL)), | 336 server_cert_chain_(new PeerCertificateChain(NULL)), |
| 337 completed_handshake_(false), | 337 completed_handshake_(false), |
| 338 was_ever_used_(false), | 338 was_ever_used_(false), |
| 339 client_auth_cert_needed_(false), | 339 client_auth_cert_needed_(false), |
| 340 cert_verifier_(context.cert_verifier), | 340 cert_verifier_(context.cert_verifier), |
| 341 server_bound_cert_service_(context.server_bound_cert_service), | 341 channel_id_service_(context.channel_id_service), |
| 342 ssl_(NULL), | 342 ssl_(NULL), |
| 343 transport_bio_(NULL), | 343 transport_bio_(NULL), |
| 344 transport_(transport_socket.Pass()), | 344 transport_(transport_socket.Pass()), |
| 345 host_and_port_(host_and_port), | 345 host_and_port_(host_and_port), |
| 346 ssl_config_(ssl_config), | 346 ssl_config_(ssl_config), |
| 347 ssl_session_cache_shard_(context.ssl_session_cache_shard), | 347 ssl_session_cache_shard_(context.ssl_session_cache_shard), |
| 348 trying_cached_session_(false), | 348 trying_cached_session_(false), |
| 349 next_handshake_state_(STATE_NONE), | 349 next_handshake_state_(STATE_NONE), |
| 350 npn_status_(kNextProtoUnsupported), | 350 npn_status_(kNextProtoUnsupported), |
| 351 channel_id_xtn_negotiated_(false), | 351 channel_id_xtn_negotiated_(false), |
| (...skipping 10 matching lines...) Expand all Loading... |
| 362 cert_request_info->cert_key_types = cert_key_types_; | 362 cert_request_info->cert_key_types = cert_key_types_; |
| 363 } | 363 } |
| 364 | 364 |
| 365 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( | 365 SSLClientSocket::NextProtoStatus SSLClientSocketOpenSSL::GetNextProto( |
| 366 std::string* proto, std::string* server_protos) { | 366 std::string* proto, std::string* server_protos) { |
| 367 *proto = npn_proto_; | 367 *proto = npn_proto_; |
| 368 *server_protos = server_protos_; | 368 *server_protos = server_protos_; |
| 369 return npn_status_; | 369 return npn_status_; |
| 370 } | 370 } |
| 371 | 371 |
| 372 ServerBoundCertService* | 372 ChannelIDService* |
| 373 SSLClientSocketOpenSSL::GetServerBoundCertService() const { | 373 SSLClientSocketOpenSSL::GetChannelIDService() const { |
| 374 return server_bound_cert_service_; | 374 return channel_id_service_; |
| 375 } | 375 } |
| 376 | 376 |
| 377 int SSLClientSocketOpenSSL::ExportKeyingMaterial( | 377 int SSLClientSocketOpenSSL::ExportKeyingMaterial( |
| 378 const base::StringPiece& label, | 378 const base::StringPiece& label, |
| 379 bool has_context, const base::StringPiece& context, | 379 bool has_context, const base::StringPiece& context, |
| 380 unsigned char* out, unsigned int outlen) { | 380 unsigned char* out, unsigned int outlen) { |
| 381 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 381 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 382 | 382 |
| 383 int rv = SSL_export_keying_material( | 383 int rv = SSL_export_keying_material( |
| 384 ssl_, out, outlen, label.data(), label.size(), | 384 ssl_, out, outlen, label.data(), label.size(), |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 546 ssl_info->cert = server_cert_verify_result_.verified_cert; | 546 ssl_info->cert = server_cert_verify_result_.verified_cert; |
| 547 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 547 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
| 548 ssl_info->is_issued_by_known_root = | 548 ssl_info->is_issued_by_known_root = |
| 549 server_cert_verify_result_.is_issued_by_known_root; | 549 server_cert_verify_result_.is_issued_by_known_root; |
| 550 ssl_info->public_key_hashes = | 550 ssl_info->public_key_hashes = |
| 551 server_cert_verify_result_.public_key_hashes; | 551 server_cert_verify_result_.public_key_hashes; |
| 552 ssl_info->client_cert_sent = | 552 ssl_info->client_cert_sent = |
| 553 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); | 553 ssl_config_.send_client_cert && ssl_config_.client_cert.get(); |
| 554 ssl_info->channel_id_sent = WasChannelIDSent(); | 554 ssl_info->channel_id_sent = WasChannelIDSent(); |
| 555 | 555 |
| 556 RecordChannelIDSupport(server_bound_cert_service_, | 556 RecordChannelIDSupport(channel_id_service_, |
| 557 channel_id_xtn_negotiated_, | 557 channel_id_xtn_negotiated_, |
| 558 ssl_config_.channel_id_enabled, | 558 ssl_config_.channel_id_enabled, |
| 559 crypto::ECPrivateKey::IsSupported()); | 559 crypto::ECPrivateKey::IsSupported()); |
| 560 | 560 |
| 561 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); | 561 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_); |
| 562 CHECK(cipher); | 562 CHECK(cipher); |
| 563 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); | 563 ssl_info->security_bits = SSL_CIPHER_get_bits(cipher, NULL); |
| 564 const COMP_METHOD* compression = SSL_get_current_compression(ssl_); | 564 const COMP_METHOD* compression = SSL_get_current_compression(ssl_); |
| 565 | 565 |
| 566 ssl_info->connection_status = EncodeSSLConnectionStatus( | 566 ssl_info->connection_status = EncodeSSLConnectionStatus( |
| (...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 733 } | 733 } |
| 734 } | 734 } |
| 735 int rv = SSL_set_cipher_list(ssl_, command.c_str()); | 735 int rv = SSL_set_cipher_list(ssl_, command.c_str()); |
| 736 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL. | 736 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL. |
| 737 // This will almost certainly result in the socket failing to complete the | 737 // This will almost certainly result in the socket failing to complete the |
| 738 // handshake at which point the appropriate error is bubbled up to the client. | 738 // handshake at which point the appropriate error is bubbled up to the client. |
| 739 LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') " | 739 LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') " |
| 740 "returned " << rv; | 740 "returned " << rv; |
| 741 | 741 |
| 742 // TLS channel ids. | 742 // TLS channel ids. |
| 743 if (IsChannelIDEnabled(ssl_config_, server_bound_cert_service_)) { | 743 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) { |
| 744 SSL_enable_tls_channel_id(ssl_); | 744 SSL_enable_tls_channel_id(ssl_); |
| 745 } | 745 } |
| 746 | 746 |
| 747 return OK; | 747 return OK; |
| 748 } | 748 } |
| 749 | 749 |
| 750 void SSLClientSocketOpenSSL::DoReadCallback(int rv) { | 750 void SSLClientSocketOpenSSL::DoReadCallback(int rv) { |
| 751 // Since Run may result in Read being called, clear |user_read_callback_| | 751 // Since Run may result in Read being called, clear |user_read_callback_| |
| 752 // up front. | 752 // up front. |
| 753 if (rv > 0) | 753 if (rv > 0) |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 838 net_log_.AddEvent( | 838 net_log_.AddEvent( |
| 839 NetLog::TYPE_SSL_HANDSHAKE_ERROR, | 839 NetLog::TYPE_SSL_HANDSHAKE_ERROR, |
| 840 CreateNetLogSSLErrorCallback(net_error, ssl_error)); | 840 CreateNetLogSSLErrorCallback(net_error, ssl_error)); |
| 841 } | 841 } |
| 842 } | 842 } |
| 843 return net_error; | 843 return net_error; |
| 844 } | 844 } |
| 845 | 845 |
| 846 int SSLClientSocketOpenSSL::DoChannelIDLookup() { | 846 int SSLClientSocketOpenSSL::DoChannelIDLookup() { |
| 847 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); | 847 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); |
| 848 return server_bound_cert_service_->GetOrCreateDomainBoundCert( | 848 return channel_id_service_->GetOrCreateChannelID( |
| 849 host_and_port_.host(), | 849 host_and_port_.host(), |
| 850 &channel_id_private_key_, | 850 &channel_id_private_key_, |
| 851 &channel_id_cert_, | 851 &channel_id_cert_, |
| 852 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | 852 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, |
| 853 base::Unretained(this)), | 853 base::Unretained(this)), |
| 854 &channel_id_request_handle_); | 854 &channel_id_request_handle_); |
| 855 } | 855 } |
| 856 | 856 |
| 857 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) { | 857 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) { |
| 858 if (result < 0) | 858 if (result < 0) |
| 859 return result; | 859 return result; |
| 860 | 860 |
| 861 DCHECK_LT(0u, channel_id_private_key_.size()); | 861 DCHECK_LT(0u, channel_id_private_key_.size()); |
| 862 // Decode key. | 862 // Decode key. |
| 863 std::vector<uint8> encrypted_private_key_info; | 863 std::vector<uint8> encrypted_private_key_info; |
| 864 std::vector<uint8> subject_public_key_info; | 864 std::vector<uint8> subject_public_key_info; |
| 865 encrypted_private_key_info.assign( | 865 encrypted_private_key_info.assign( |
| 866 channel_id_private_key_.data(), | 866 channel_id_private_key_.data(), |
| 867 channel_id_private_key_.data() + channel_id_private_key_.size()); | 867 channel_id_private_key_.data() + channel_id_private_key_.size()); |
| 868 subject_public_key_info.assign( | 868 subject_public_key_info.assign( |
| 869 channel_id_cert_.data(), | 869 channel_id_cert_.data(), |
| 870 channel_id_cert_.data() + channel_id_cert_.size()); | 870 channel_id_cert_.data() + channel_id_cert_.size()); |
| 871 scoped_ptr<crypto::ECPrivateKey> ec_private_key( | 871 scoped_ptr<crypto::ECPrivateKey> ec_private_key( |
| 872 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( | 872 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( |
| 873 ServerBoundCertService::kEPKIPassword, | 873 ChannelIDService::kEPKIPassword, |
| 874 encrypted_private_key_info, | 874 encrypted_private_key_info, |
| 875 subject_public_key_info)); | 875 subject_public_key_info)); |
| 876 if (!ec_private_key) { | 876 if (!ec_private_key) { |
| 877 LOG(ERROR) << "Failed to import Channel ID."; | 877 LOG(ERROR) << "Failed to import Channel ID."; |
| 878 return ERR_CHANNEL_ID_IMPORT_FAILED; | 878 return ERR_CHANNEL_ID_IMPORT_FAILED; |
| 879 } | 879 } |
| 880 | 880 |
| 881 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key | 881 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key |
| 882 // type. | 882 // type. |
| 883 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 883 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| (...skipping 563 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1447 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; | 1447 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; |
| 1448 return SSL_TLSEXT_ERR_OK; | 1448 return SSL_TLSEXT_ERR_OK; |
| 1449 } | 1449 } |
| 1450 | 1450 |
| 1451 scoped_refptr<X509Certificate> | 1451 scoped_refptr<X509Certificate> |
| 1452 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1452 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1453 return server_cert_; | 1453 return server_cert_; |
| 1454 } | 1454 } |
| 1455 | 1455 |
| 1456 } // namespace net | 1456 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 356713005:
Rename ServerBoundCert => ChannelID to reflect the current name (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src