Chromium Code Reviews Chromium Code Reviews
Issue 441823002:
Support intermediate certificates for OpenSSL client auth. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/memory/weak_ptr.h" | 12 #include "base/memory/weak_ptr.h" |
| 13 #include "net/base/completion_callback.h" | 13 #include "net/base/completion_callback.h" |
| 14 #include "net/base/io_buffer.h" | 14 #include "net/base/io_buffer.h" |
| 15 #include "net/cert/cert_verify_result.h" | 15 #include "net/cert/cert_verify_result.h" |
| 16 #include "net/socket/client_socket_handle.h" | 16 #include "net/socket/client_socket_handle.h" |
| 17 #include "net/socket/ssl_client_socket.h" | 17 #include "net/socket/ssl_client_socket.h" |
| 18 #include "net/ssl/channel_id_service.h" | 18 #include "net/ssl/channel_id_service.h" |
| 19 #include "net/ssl/ssl_client_cert_type.h" | 19 #include "net/ssl/ssl_client_cert_type.h" |
| 20 #include "net/ssl/ssl_config_service.h" | 20 #include "net/ssl/ssl_config_service.h" |
| 21 | 21 |
| 22 // Avoid including misc OpenSSL headers, i.e.: | 22 // Avoid including misc OpenSSL headers, i.e.: |
| 23 // <openssl/bio.h> | 23 // <openssl/bio.h> |
| 24 typedef struct bio_st BIO; | 24 typedef struct bio_st BIO; |
| 25 // <openssl/evp.h> | 25 // <openssl/evp.h> |
| 26 typedef struct evp_pkey_st EVP_PKEY; | 26 typedef struct evp_pkey_st EVP_PKEY; |
| 27 // <openssl/ssl.h> | 27 // <openssl/ssl.h> |
| 28 typedef struct ssl_st SSL; | 28 typedef struct ssl_st SSL; |
| 29 // <openssl/x509.h> | 29 // <openssl/x509.h> |
| 30 struct stack_st_X509; | |
|
Ryan Sleevi
2014/08/14 01:27:18
Unnecessary?
davidben
2014/08/14 16:50:16
Removed. (Remnant of previous iteration.)
| |
| 30 typedef struct x509_st X509; | 31 typedef struct x509_st X509; |
| 31 // <openssl/ossl_type.h> | 32 // <openssl/ossl_type.h> |
| 32 typedef struct x509_store_ctx_st X509_STORE_CTX; | 33 typedef struct x509_store_ctx_st X509_STORE_CTX; |
| 33 | 34 |
| 34 namespace net { | 35 namespace net { |
| 35 | 36 |
| 36 class CertVerifier; | 37 class CertVerifier; |
| 37 class SingleRequestCertVerifier; | 38 class SingleRequestCertVerifier; |
| 38 class SSLCertRequestInfo; | 39 class SSLCertRequestInfo; |
| 39 class SSLInfo; | 40 class SSLInfo; |
| (...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 135 | 136 |
| 136 int BufferSend(); | 137 int BufferSend(); |
| 137 int BufferRecv(); | 138 int BufferRecv(); |
| 138 void BufferSendComplete(int result); | 139 void BufferSendComplete(int result); |
| 139 void BufferRecvComplete(int result); | 140 void BufferRecvComplete(int result); |
| 140 void TransportWriteComplete(int result); | 141 void TransportWriteComplete(int result); |
| 141 int TransportReadComplete(int result); | 142 int TransportReadComplete(int result); |
| 142 | 143 |
| 143 // Callback from the SSL layer that indicates the remote server is requesting | 144 // Callback from the SSL layer that indicates the remote server is requesting |
| 144 // a certificate for this client. | 145 // a certificate for this client. |
| 145 int ClientCertRequestCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey); | 146 int ClientCertRequestCallback(SSL* ssl); |
| 146 | 147 |
| 147 // CertVerifyCallback is called to verify the server's certificates. We do | 148 // CertVerifyCallback is called to verify the server's certificates. We do |
| 148 // verification after the handshake so this function only enforces that the | 149 // verification after the handshake so this function only enforces that the |
| 149 // certificates don't change during renegotiation. | 150 // certificates don't change during renegotiation. |
| 150 int CertVerifyCallback(X509_STORE_CTX *store_ctx); | 151 int CertVerifyCallback(X509_STORE_CTX *store_ctx); |
| 151 | 152 |
| 152 // Callback from the SSL layer to check which NPN protocol we are supporting | 153 // Callback from the SSL layer to check which NPN protocol we are supporting |
| 153 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, | 154 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, |
| 154 const unsigned char* in, unsigned int inlen); | 155 const unsigned char* in, unsigned int inlen); |
| 155 | 156 |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 269 // True if channel ID extension was negotiated. | 270 // True if channel ID extension was negotiated. |
| 270 bool channel_id_xtn_negotiated_; | 271 bool channel_id_xtn_negotiated_; |
| 271 // The request handle for |channel_id_service_|. | 272 // The request handle for |channel_id_service_|. |
| 272 ChannelIDService::RequestHandle channel_id_request_handle_; | 273 ChannelIDService::RequestHandle channel_id_request_handle_; |
| 273 BoundNetLog net_log_; | 274 BoundNetLog net_log_; |
| 274 }; | 275 }; |
| 275 | 276 |
| 276 } // namespace net | 277 } // namespace net |
| 277 | 278 |
| 278 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 279 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| OLD | NEW |
