OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 926 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
937 flags |= CertVerifier::VERIFY_EV_CERT; | 937 flags |= CertVerifier::VERIFY_EV_CERT; |
938 if (ssl_config_.cert_io_enabled) | 938 if (ssl_config_.cert_io_enabled) |
939 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; | 939 flags |= CertVerifier::VERIFY_CERT_IO_ENABLED; |
940 if (ssl_config_.rev_checking_required_local_anchors) | 940 if (ssl_config_.rev_checking_required_local_anchors) |
941 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; | 941 flags |= CertVerifier::VERIFY_REV_CHECKING_REQUIRED_LOCAL_ANCHORS; |
942 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); | 942 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
943 return verifier_->Verify( | 943 return verifier_->Verify( |
944 server_cert_.get(), | 944 server_cert_.get(), |
945 host_and_port_.host(), | 945 host_and_port_.host(), |
946 flags, | 946 flags, |
947 NULL /* no CRL set */, | 947 #if defined(OS_NACL) |
948 // NaCl doesn't build the SSLConfigService. | |
949 // | |
950 // TODO(davidben): Route the CRLSet through SSLConfig so | |
951 // SSLClientSocket doesn't depend on SSLConfigService. | |
Ryan Sleevi
2014/08/04 23:48:46
File a bug against a TODO like this?
No clue why
davidben
2014/08/06 00:02:27
Filed https://code.google.com/p/chromium/issues/de
| |
952 NULL, | |
953 #else | |
954 SSLConfigService::GetCRLSet().get(), | |
955 #endif | |
948 &server_cert_verify_result_, | 956 &server_cert_verify_result_, |
949 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, | 957 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, |
950 base::Unretained(this)), | 958 base::Unretained(this)), |
951 net_log_); | 959 net_log_); |
952 } | 960 } |
953 | 961 |
954 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { | 962 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { |
955 verifier_.reset(); | 963 verifier_.reset(); |
956 | 964 |
957 if (result == OK) { | 965 if (result == OK) { |
(...skipping 550 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1508 return socket->MaybeReplayTransportError( | 1516 return socket->MaybeReplayTransportError( |
1509 bio, cmd, argp, argi, argl, retvalue); | 1517 bio, cmd, argp, argi, argl, retvalue); |
1510 } | 1518 } |
1511 | 1519 |
1512 scoped_refptr<X509Certificate> | 1520 scoped_refptr<X509Certificate> |
1513 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1521 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
1514 return server_cert_; | 1522 return server_cert_; |
1515 } | 1523 } |
1516 | 1524 |
1517 } // namespace net | 1525 } // namespace net |
OLD | NEW |