| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <openssl/err.h> | 10 #include <openssl/err.h> |
| 11 #include <openssl/opensslv.h> | 11 #include <openssl/opensslv.h> |
| 12 #include <openssl/ssl.h> | 12 #include <openssl/ssl.h> |
| 13 | 13 |
| 14 #include "base/bind.h" | 14 #include "base/bind.h" |
| 15 #include "base/callback_helpers.h" | 15 #include "base/callback_helpers.h" |
| 16 #include "base/memory/singleton.h" | 16 #include "base/memory/singleton.h" |
| 17 #include "base/metrics/histogram.h" | 17 #include "base/metrics/histogram.h" |
| 18 #include "base/synchronization/lock.h" | 18 #include "base/synchronization/lock.h" |
| 19 #include "crypto/ec_private_key.h" | 19 #include "crypto/ec_private_key.h" |
| 20 #include "crypto/openssl_util.h" | 20 #include "crypto/openssl_util.h" |
| 21 #include "crypto/scoped_openssl_types.h" |
| 21 #include "net/base/net_errors.h" | 22 #include "net/base/net_errors.h" |
| 22 #include "net/cert/cert_verifier.h" | 23 #include "net/cert/cert_verifier.h" |
| 23 #include "net/cert/single_request_cert_verifier.h" | 24 #include "net/cert/single_request_cert_verifier.h" |
| 24 #include "net/cert/x509_certificate_net_log_param.h" | 25 #include "net/cert/x509_certificate_net_log_param.h" |
| 25 #include "net/socket/openssl_ssl_util.h" | 26 #include "net/socket/openssl_ssl_util.h" |
| 26 #include "net/socket/ssl_error_params.h" | 27 #include "net/socket/ssl_error_params.h" |
| 27 #include "net/socket/ssl_session_cache_openssl.h" | 28 #include "net/socket/ssl_session_cache_openssl.h" |
| 28 #include "net/ssl/openssl_client_key_store.h" | 29 #include "net/ssl/openssl_client_key_store.h" |
| 29 #include "net/ssl/ssl_cert_request_info.h" | 30 #include "net/ssl/ssl_cert_request_info.h" |
| 30 #include "net/ssl/ssl_connection_status_flags.h" | 31 #include "net/ssl/ssl_connection_status_flags.h" |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 89 | 90 |
| 90 // Compute a unique key string for the SSL session cache. |socket| is an | 91 // Compute a unique key string for the SSL session cache. |socket| is an |
| 91 // input socket object. Return a string. | 92 // input socket object. Return a string. |
| 92 std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) { | 93 std::string GetSocketSessionCacheKey(const SSLClientSocketOpenSSL& socket) { |
| 93 std::string result = socket.host_and_port().ToString(); | 94 std::string result = socket.host_and_port().ToString(); |
| 94 result.append("/"); | 95 result.append("/"); |
| 95 result.append(socket.ssl_session_cache_shard()); | 96 result.append(socket.ssl_session_cache_shard()); |
| 96 return result; | 97 return result; |
| 97 } | 98 } |
| 98 | 99 |
| 100 static void FreeX509Stack(STACK_OF(X509) * ptr) { |
| 101 sk_X509_pop_free(ptr, X509_free); |
| 102 } |
| 103 |
| 99 } // namespace | 104 } // namespace |
| 100 | 105 |
| 101 class SSLClientSocketOpenSSL::SSLContext { | 106 class SSLClientSocketOpenSSL::SSLContext { |
| 102 public: | 107 public: |
| 103 static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); } | 108 static SSLContext* GetInstance() { return Singleton<SSLContext>::get(); } |
| 104 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } | 109 SSL_CTX* ssl_ctx() { return ssl_ctx_.get(); } |
| 105 SSLSessionCacheOpenSSL* session_cache() { return &session_cache_; } | 110 SSLSessionCacheOpenSSL* session_cache() { return &session_cache_; } |
| 106 | 111 |
| 107 SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) { | 112 SSLClientSocketOpenSSL* GetClientSocketFromSSL(const SSL* ssl) { |
| 108 DCHECK(ssl); | 113 DCHECK(ssl); |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 163 const unsigned char* in, | 168 const unsigned char* in, |
| 164 unsigned int inlen, void* arg) { | 169 unsigned int inlen, void* arg) { |
| 165 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); | 170 SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl); |
| 166 return socket->SelectNextProtoCallback(out, outlen, in, inlen); | 171 return socket->SelectNextProtoCallback(out, outlen, in, inlen); |
| 167 } | 172 } |
| 168 | 173 |
| 169 // This is the index used with SSL_get_ex_data to retrieve the owner | 174 // This is the index used with SSL_get_ex_data to retrieve the owner |
| 170 // SSLClientSocketOpenSSL object from an SSL instance. | 175 // SSLClientSocketOpenSSL object from an SSL instance. |
| 171 int ssl_socket_data_index_; | 176 int ssl_socket_data_index_; |
| 172 | 177 |
| 173 crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx_; | 178 crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free>::Type ssl_ctx_; |
| 174 // |session_cache_| must be destroyed before |ssl_ctx_|. | 179 // |session_cache_| must be destroyed before |ssl_ctx_|. |
| 175 SSLSessionCacheOpenSSL session_cache_; | 180 SSLSessionCacheOpenSSL session_cache_; |
| 176 }; | 181 }; |
| 177 | 182 |
| 178 // PeerCertificateChain is a helper object which extracts the certificate | 183 // PeerCertificateChain is a helper object which extracts the certificate |
| 179 // chain, as given by the server, from an OpenSSL socket and performs the needed | 184 // chain, as given by the server, from an OpenSSL socket and performs the needed |
| 180 // resource management. The first element of the chain is the leaf certificate | 185 // resource management. The first element of the chain is the leaf certificate |
| 181 // and the other elements are in the order given by the server. | 186 // and the other elements are in the order given by the server. |
| 182 class SSLClientSocketOpenSSL::PeerCertificateChain { | 187 class SSLClientSocketOpenSSL::PeerCertificateChain { |
| 183 public: | 188 public: |
| (...skipping 18 matching lines...) Expand all Loading... |
| 202 } | 207 } |
| 203 | 208 |
| 204 X509* operator[](size_t index) const { | 209 X509* operator[](size_t index) const { |
| 205 DCHECK_LT(index, size()); | 210 DCHECK_LT(index, size()); |
| 206 return sk_X509_value(openssl_chain_.get(), index); | 211 return sk_X509_value(openssl_chain_.get(), index); |
| 207 } | 212 } |
| 208 | 213 |
| 209 bool IsValid() { return os_chain_.get() && openssl_chain_.get(); } | 214 bool IsValid() { return os_chain_.get() && openssl_chain_.get(); } |
| 210 | 215 |
| 211 private: | 216 private: |
| 212 static void FreeX509Stack(STACK_OF(X509)* cert_chain) { | 217 typedef crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>::Type |
| 213 sk_X509_pop_free(cert_chain, X509_free); | 218 ScopedX509Stack; |
| 214 } | |
| 215 | 219 |
| 216 friend class crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack>; | 220 ScopedX509Stack openssl_chain_; |
| 217 | |
| 218 crypto::ScopedOpenSSL<STACK_OF(X509), FreeX509Stack> openssl_chain_; | |
| 219 | 221 |
| 220 scoped_refptr<X509Certificate> os_chain_; | 222 scoped_refptr<X509Certificate> os_chain_; |
| 221 }; | 223 }; |
| 222 | 224 |
| 223 SSLClientSocketOpenSSL::PeerCertificateChain& | 225 SSLClientSocketOpenSSL::PeerCertificateChain& |
| 224 SSLClientSocketOpenSSL::PeerCertificateChain::operator=( | 226 SSLClientSocketOpenSSL::PeerCertificateChain::operator=( |
| 225 const PeerCertificateChain& other) { | 227 const PeerCertificateChain& other) { |
| 226 if (this == &other) | 228 if (this == &other) |
| 227 return *this; | 229 return *this; |
| 228 | 230 |
| (...skipping 1218 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1447 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; | 1449 DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_; |
| 1448 return SSL_TLSEXT_ERR_OK; | 1450 return SSL_TLSEXT_ERR_OK; |
| 1449 } | 1451 } |
| 1450 | 1452 |
| 1451 scoped_refptr<X509Certificate> | 1453 scoped_refptr<X509Certificate> |
| 1452 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1454 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1453 return server_cert_; | 1455 return server_cert_; |
| 1454 } | 1456 } |
| 1455 | 1457 |
| 1456 } // namespace net | 1458 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 361193003:
Eliminate ScopedOpenSSL in favour of scoped_ptr<> specializations. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src