Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(171)

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 361193003: Eliminate ScopedOpenSSL in favour of scoped_ptr<> specializations. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <openssl/err.h> 10 #include <openssl/err.h>
11 #include <openssl/opensslv.h> 11 #include <openssl/opensslv.h>
12 #include <openssl/ssl.h> 12 #include <openssl/ssl.h>
13 13
14 #include "base/bind.h" 14 #include "base/bind.h"
15 #include "base/callback_helpers.h" 15 #include "base/callback_helpers.h"
16 #include "base/memory/singleton.h" 16 #include "base/memory/singleton.h"
17 #include "base/metrics/histogram.h" 17 #include "base/metrics/histogram.h"
18 #include "base/synchronization/lock.h" 18 #include "base/synchronization/lock.h"
19 #include "crypto/ec_private_key.h" 19 #include "crypto/ec_private_key.h"
20 #include "crypto/openssl_util.h" 20 #include "crypto/openssl_util.h"
21 #include "crypto/scoped_openssl_types.h"
21 #include "net/base/net_errors.h" 22 #include "net/base/net_errors.h"
22 #include "net/cert/cert_verifier.h" 23 #include "net/cert/cert_verifier.h"
23 #include "net/cert/single_request_cert_verifier.h" 24 #include "net/cert/single_request_cert_verifier.h"
24 #include "net/cert/x509_certificate_net_log_param.h" 25 #include "net/cert/x509_certificate_net_log_param.h"
25 #include "net/socket/openssl_ssl_util.h" 26 #include "net/socket/openssl_ssl_util.h"
26 #include "net/socket/ssl_error_params.h" 27 #include "net/socket/ssl_error_params.h"
27 #include "net/socket/ssl_session_cache_openssl.h" 28 #include "net/socket/ssl_session_cache_openssl.h"
28 #include "net/ssl/openssl_client_key_store.h" 29 #include "net/ssl/openssl_client_key_store.h"
29 #include "net/ssl/ssl_cert_request_info.h" 30 #include "net/ssl/ssl_cert_request_info.h"
30 #include "net/ssl/ssl_connection_status_flags.h" 31 #include "net/ssl/ssl_connection_status_flags.h"
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after
89 90
90 // Compute a unique key string for the SSL session cache. |socket| is an 91 // Compute a unique key string for the SSL session cache. |socket| is an
91 // input socket object. Return a string. 92 // input socket object. Return a string.
92 std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) { 93 std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) {
93 std::string result = socket.host_and_port().ToString(); 94 std::string result = socket.host_and_port().ToString();
94 result.append("/"); 95 result.append("/");
95 result.append(socket.ssl_session_cache_shard()); 96 result.append(socket.ssl_session_cache_shard());
96 return result; 97 return result;
97 } 98 }
98 99
100 static void FreeX509Stack(STACK_OF(X509) * ptr) {
101 sk_X509_pop_free(ptr, X509_free);
102 }
103
99 } // namespace 104 } // namespace
100 105
101 class SSLClientSocketOpenSSL::SSLContext { 106 class SSLClientSocketOpenSSL::SSLContext {
102 public: 107 public:
103 static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); } 108 static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); }
104 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } 109 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); }
105 SSLSessionCacheOpenSSL* session_cache() { return &session_cache_; } 110 SSLSessionCacheOpenSSL* session_cache() { return &session_cache_; }
106 111
107 SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) { 112 SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) {
108 DCHECK(ssl); 113 DCHECK(ssl);
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after
163 const unsigned char* in, 168 const unsigned char* in,
164 unsigned int inlen, void* arg) { 169 unsigned int inlen, void* arg) {
165 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); 170 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
166 return socket->SelectNextProtoCallback(out, outlen, in, inlen); 171 return socket->SelectNextProtoCallback(out, outlen, in, inlen);
167 } 172 }
168 173
169 // This is the index used with SSL_get_ex_data to retrieve the owner 174 // This is the index used with SSL_get_ex_data to retrieve the owner
170 // SSLClientSocketOpenSSL object from an SSL instance. 175 // SSLClientSocketOpenSSL object from an SSL instance.
171 int ssl_socket_data_index_; 176 int ssl_socket_data_index_;
172 177
173 crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx_; 178 crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free>::Type ssl_ctx_;
174 // |session_cache_| must be destroyed before |ssl_ctx_|. 179 // |session_cache_| must be destroyed before |ssl_ctx_|.
175 SSLSessionCacheOpenSSL session_cache_; 180 SSLSessionCacheOpenSSL session_cache_;
176 }; 181 };
177 182
178 // PeerCertificateChain is a helper object which extracts the certificate 183 // PeerCertificateChain is a helper object which extracts the certificate
179 // chain, as given by the server, from an OpenSSL socket and performs the needed 184 // chain, as given by the server, from an OpenSSL socket and performs the needed
180 // resource management. The first element of the chain is the leaf certificate 185 // resource management. The first element of the chain is the leaf certificate
181 // and the other elements are in the order given by the server. 186 // and the other elements are in the order given by the server.
182 class SSLClientSocketOpenSSL::PeerCertificateChain { 187 class SSLClientSocketOpenSSL::PeerCertificateChain {
183 public: 188 public:
(...skipping 18 matching lines...) Expand all
202 } 207 }
203 208
204 X509* operator[](size_t index) const { 209 X509* operator[](size_t index) const {
205 DCHECK_LT(index, size()); 210 DCHECK_LT(index, size());
206 return sk_X509_value(openssl_chain_.get(), index); 211 return sk_X509_value(openssl_chain_.get(), index);
207 } 212 }
208 213
209 bool IsValid() { return os_chain_.get() && openssl_chain_.get(); } 214 bool IsValid() { return os_chain_.get() && openssl_chain_.get(); }
210 215
211 private: 216 private:
212 static void FreeX509Stack(STACK_OF(X509)* cert_chain) { 217 typedef crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>::Type
213 sk_X509_pop_free(cert_chain, X509_free); 218 ScopedX509Stack;
214 }
215 219
216 friend class crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>; 220 ScopedX509Stack openssl_chain_;
217
218 crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack> openssl_chain_;
219 221
220 scoped_refptr<X509Certificate> os_chain_; 222 scoped_refptr<X509Certificate> os_chain_;
221 }; 223 };
222 224
223 SSLClientSocketOpenSSL::PeerCertificateChain& 225 SSLClientSocketOpenSSL::PeerCertificateChain&
224 SSLClientSocketOpenSSL::PeerCertificateChain::operator=( 226 SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
225 const PeerCertificateChain& other) { 227 const PeerCertificateChain& other) {
226 if (this == &other) 228 if (this == &other)
227 return *this; 229 return *this;
228 230
(...skipping 1218 matching lines...) Expand 10 before | Expand all | Expand 10 after
1447 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; 1449 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
1448 return SSL_TLSEXT_ERR_OK; 1450 return SSL_TLSEXT_ERR_OK;
1449 } 1451 }
1450 1452
1451 scoped_refptr<X509Certificate> 1453 scoped_refptr<X509Certificate>
1452 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1454 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1453 return server_cert_; 1455 return server_cert_;
1454 } 1456 }
1455 1457
1456 } // namespace net 1458 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/test_tools/crypto_test_utils_openssl.cc ('k') | net/socket/ssl_client_socket_openssl_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698