OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_server_socket_openssl.h" | 5 #include "net/socket/ssl_server_socket_openssl.h" |
6 | 6 |
7 #include <openssl/err.h> | 7 #include <openssl/err.h> |
8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
9 | 9 |
10 #include "base/callback_helpers.h" | 10 #include "base/callback_helpers.h" |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 #include "crypto/openssl_util.h" | 12 #include "crypto/openssl_util.h" |
13 #include "crypto/rsa_private_key.h" | 13 #include "crypto/rsa_private_key.h" |
| 14 #include "crypto/scoped_openssl_types.h" |
14 #include "net/base/net_errors.h" | 15 #include "net/base/net_errors.h" |
15 #include "net/socket/openssl_ssl_util.h" | 16 #include "net/socket/openssl_ssl_util.h" |
16 #include "net/socket/ssl_error_params.h" | 17 #include "net/socket/ssl_error_params.h" |
17 | 18 |
18 #define GotoState(s) next_handshake_state_ = s | 19 #define GotoState(s) next_handshake_state_ = s |
19 | 20 |
20 namespace net { | 21 namespace net { |
21 | 22 |
22 void EnableSSLServerSockets() { | 23 void EnableSSLServerSockets() { |
23 // No-op because CreateSSLServerSocket() calls crypto::EnsureOpenSSLInit(). | 24 // No-op because CreateSSLServerSocket() calls crypto::EnsureOpenSSLInit(). |
(...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
591 user_write_buf_len_ = 0; | 592 user_write_buf_len_ = 0; |
592 ResetAndReturn(&user_write_callback_).Run(rv); | 593 ResetAndReturn(&user_write_callback_).Run(rv); |
593 } | 594 } |
594 | 595 |
595 int SSLServerSocketOpenSSL::Init() { | 596 int SSLServerSocketOpenSSL::Init() { |
596 DCHECK(!ssl_); | 597 DCHECK(!ssl_); |
597 DCHECK(!transport_bio_); | 598 DCHECK(!transport_bio_); |
598 | 599 |
599 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 600 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
600 | 601 |
601 crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx( | 602 scoped_ptr<SSL_CTX, crypto::OpenSSLDestroyer<SSL_CTX, SSL_CTX_free> > ssl_ctx( |
602 // It support SSLv2, SSLv3, and TLSv1. | 603 // It support SSLv2, SSLv3, and TLSv1. |
603 SSL_CTX_new(SSLv23_server_method())); | 604 SSL_CTX_new(SSLv23_server_method())); |
604 ssl_ = SSL_new(ssl_ctx.get()); | 605 ssl_ = SSL_new(ssl_ctx.get()); |
605 if (!ssl_) | 606 if (!ssl_) |
606 return ERR_UNEXPECTED; | 607 return ERR_UNEXPECTED; |
607 | 608 |
608 BIO* ssl_bio = NULL; | 609 BIO* ssl_bio = NULL; |
609 // 0 => use default buffer sizes. | 610 // 0 => use default buffer sizes. |
610 if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0)) | 611 if (!BIO_new_bio_pair(&ssl_bio, 0, &transport_bio_, 0)) |
611 return ERR_UNEXPECTED; | 612 return ERR_UNEXPECTED; |
(...skipping 11 matching lines...) Expand all Loading... |
623 } | 624 } |
624 #else | 625 #else |
625 // Convert OSCertHandle to X509 structure. | 626 // Convert OSCertHandle to X509 structure. |
626 std::string der_string; | 627 std::string der_string; |
627 if (!X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)) | 628 if (!X509Certificate::GetDEREncoded(cert_->os_cert_handle(), &der_string)) |
628 return ERR_UNEXPECTED; | 629 return ERR_UNEXPECTED; |
629 | 630 |
630 const unsigned char* der_string_array = | 631 const unsigned char* der_string_array = |
631 reinterpret_cast<const unsigned char*>(der_string.data()); | 632 reinterpret_cast<const unsigned char*>(der_string.data()); |
632 | 633 |
633 crypto::ScopedOpenSSL<X509, X509_free> | 634 scoped_ptr<X509, crypto::OpenSSLDestroyer<X509, X509_free> > x509( |
634 x509(d2i_X509(NULL, &der_string_array, der_string.length())); | 635 d2i_X509(NULL, &der_string_array, der_string.length())); |
635 if (!x509.get()) | 636 if (!x509.get()) |
636 return ERR_UNEXPECTED; | 637 return ERR_UNEXPECTED; |
637 | 638 |
638 // On success, SSL_use_certificate acquires a reference to |x509|. | 639 // On success, SSL_use_certificate acquires a reference to |x509|. |
639 if (SSL_use_certificate(ssl_, x509.get()) != 1) { | 640 if (SSL_use_certificate(ssl_, x509.get()) != 1) { |
640 LOG(ERROR) << "Cannot set certificate."; | 641 LOG(ERROR) << "Cannot set certificate."; |
641 return ERR_UNEXPECTED; | 642 return ERR_UNEXPECTED; |
642 } | 643 } |
643 #endif // USE_OPENSSL_CERTS | 644 #endif // USE_OPENSSL_CERTS |
644 | 645 |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
676 | 677 |
677 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); | 678 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); |
678 | 679 |
679 SSL_set_mode(ssl_, mode.set_mask); | 680 SSL_set_mode(ssl_, mode.set_mask); |
680 SSL_clear_mode(ssl_, mode.clear_mask); | 681 SSL_clear_mode(ssl_, mode.clear_mask); |
681 | 682 |
682 return OK; | 683 return OK; |
683 } | 684 } |
684 | 685 |
685 } // namespace net | 686 } // namespace net |
OLD | NEW |