OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 1509 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1520 int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) { | 1520 int SSLClientSocketOpenSSL::CertVerifyCallback(X509_STORE_CTX* store_ctx) { |
1521 if (!completed_connect_) { | 1521 if (!completed_connect_) { |
1522 // If the first handshake hasn't completed then we accept any certificates | 1522 // If the first handshake hasn't completed then we accept any certificates |
1523 // because we verify after the handshake. | 1523 // because we verify after the handshake. |
1524 return 1; | 1524 return 1; |
1525 } | 1525 } |
1526 | 1526 |
1527 CHECK(server_cert_.get()); | 1527 CHECK(server_cert_.get()); |
1528 | 1528 |
1529 PeerCertificateChain chain(store_ctx->untrusted); | 1529 PeerCertificateChain chain(store_ctx->untrusted); |
1530 if (chain.IsValid() && server_cert_->Equals(chain.AsOSChain())) | 1530 if (chain.IsValid() && server_cert_->Equals(chain.AsOSChain().get())) |
1531 return 1; | 1531 return 1; |
1532 | 1532 |
1533 if (!chain.IsValid()) | 1533 if (!chain.IsValid()) |
1534 LOG(ERROR) << "Received invalid certificate chain between handshakes"; | 1534 LOG(ERROR) << "Received invalid certificate chain between handshakes"; |
1535 else | 1535 else |
1536 LOG(ERROR) << "Server certificate changed between handshakes"; | 1536 LOG(ERROR) << "Server certificate changed between handshakes"; |
1537 return 0; | 1537 return 0; |
1538 } | 1538 } |
1539 | 1539 |
1540 // SelectNextProtoCallback is called by OpenSSL during the handshake. If the | 1540 // SelectNextProtoCallback is called by OpenSSL during the handshake. If the |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1656 if (handshake_succeeded_ && marked_session_as_good_) | 1656 if (handshake_succeeded_ && marked_session_as_good_) |
1657 OnHandshakeCompletion(); | 1657 OnHandshakeCompletion(); |
1658 } | 1658 } |
1659 | 1659 |
1660 scoped_refptr<X509Certificate> | 1660 scoped_refptr<X509Certificate> |
1661 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1661 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
1662 return server_cert_; | 1662 return server_cert_; |
1663 } | 1663 } |
1664 | 1664 |
1665 } // namespace net | 1665 } // namespace net |
OLD | NEW |