Chromium Code Reviews Chromium Code Reviews
Issue 415853002:
Switch to using SSL_get0_certificate_types for client auth. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 1321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1332 X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i); | 1332 X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i); |
| 1333 unsigned char* str = NULL; | 1333 unsigned char* str = NULL; |
| 1334 int length = i2d_X509_NAME(ca_name, &str); | 1334 int length = i2d_X509_NAME(ca_name, &str); |
| 1335 cert_authorities_.push_back(std::string( | 1335 cert_authorities_.push_back(std::string( |
| 1336 reinterpret_cast<const char*>(str), | 1336 reinterpret_cast<const char*>(str), |
| 1337 static_cast<size_t>(length))); | 1337 static_cast<size_t>(length))); |
| 1338 OPENSSL_free(str); | 1338 OPENSSL_free(str); |
| 1339 } | 1339 } |
| 1340 | 1340 |
| 1341 const unsigned char* client_cert_types; | 1341 const unsigned char* client_cert_types; |
| 1342 size_t num_client_cert_types; | 1342 size_t num_client_cert_types = |
| 1343 SSL_get_client_certificate_types(ssl, &client_cert_types, | 1343 SSL_get0_certificate_types(ssl, &client_cert_types); |
|
davidben
2014/07/23 23:27:55
Even though this is upstream's API, it does have t
| |
| 1344 &num_client_cert_types); | |
| 1345 for (size_t i = 0; i < num_client_cert_types; i++) { | 1344 for (size_t i = 0; i < num_client_cert_types; i++) { |
| 1346 cert_key_types_.push_back( | 1345 cert_key_types_.push_back( |
| 1347 static_cast<SSLClientCertType>(client_cert_types[i])); | 1346 static_cast<SSLClientCertType>(client_cert_types[i])); |
| 1348 } | 1347 } |
| 1349 | 1348 |
| 1350 return -1; // Suspends handshake. | 1349 return -1; // Suspends handshake. |
| 1351 } | 1350 } |
| 1352 | 1351 |
| 1353 // Second pass: a client certificate should have been selected. | 1352 // Second pass: a client certificate should have been selected. |
| 1354 if (ssl_config_.client_cert.get()) { | 1353 if (ssl_config_.client_cert.get()) { |
| (...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1506 return socket->MaybeReplayTransportError( | 1505 return socket->MaybeReplayTransportError( |
| 1507 bio, cmd, argp, argi, argl, retvalue); | 1506 bio, cmd, argp, argi, argl, retvalue); |
| 1508 } | 1507 } |
| 1509 | 1508 |
| 1510 scoped_refptr<X509Certificate> | 1509 scoped_refptr<X509Certificate> |
| 1511 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1510 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1512 return server_cert_; | 1511 return server_cert_; |
| 1513 } | 1512 } |
| 1514 | 1513 |
| 1515 } // namespace net | 1514 } // namespace net |
| OLD | NEW |
