| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
| 11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "base/memory/weak_ptr.h" | 12 #include "base/memory/weak_ptr.h" |
| 13 #include "net/base/completion_callback.h" | 13 #include "net/base/completion_callback.h" |
| 14 #include "net/base/io_buffer.h" | 14 #include "net/base/io_buffer.h" |
| 15 #include "net/cert/cert_verify_result.h" | 15 #include "net/cert/cert_verify_result.h" |
| 16 #include "net/cert/ct_verify_result.h" |
| 16 #include "net/socket/client_socket_handle.h" | 17 #include "net/socket/client_socket_handle.h" |
| 17 #include "net/socket/ssl_client_socket.h" | 18 #include "net/socket/ssl_client_socket.h" |
| 18 #include "net/ssl/channel_id_service.h" | 19 #include "net/ssl/channel_id_service.h" |
| 19 #include "net/ssl/ssl_client_cert_type.h" | 20 #include "net/ssl/ssl_client_cert_type.h" |
| 20 #include "net/ssl/ssl_config_service.h" | 21 #include "net/ssl/ssl_config_service.h" |
| 21 | 22 |
| 22 // Avoid including misc OpenSSL headers, i.e.: | 23 // Avoid including misc OpenSSL headers, i.e.: |
| 23 // <openssl/bio.h> | 24 // <openssl/bio.h> |
| 24 typedef struct bio_st BIO; | 25 typedef struct bio_st BIO; |
| 25 // <openssl/evp.h> | 26 // <openssl/evp.h> |
| 26 typedef struct evp_pkey_st EVP_PKEY; | 27 typedef struct evp_pkey_st EVP_PKEY; |
| 27 // <openssl/ssl.h> | 28 // <openssl/ssl.h> |
| 28 typedef struct ssl_st SSL; | 29 typedef struct ssl_st SSL; |
| 29 // <openssl/x509.h> | 30 // <openssl/x509.h> |
| 30 typedef struct x509_st X509; | 31 typedef struct x509_st X509; |
| 31 // <openssl/ossl_type.h> | 32 // <openssl/ossl_type.h> |
| 32 typedef struct x509_store_ctx_st X509_STORE_CTX; | 33 typedef struct x509_store_ctx_st X509_STORE_CTX; |
| 33 | 34 |
| 34 namespace net { | 35 namespace net { |
| 35 | 36 |
| 36 class CertVerifier; | 37 class CertVerifier; |
| 38 class CTVerifier; |
| 37 class SingleRequestCertVerifier; | 39 class SingleRequestCertVerifier; |
| 38 class SSLCertRequestInfo; | 40 class SSLCertRequestInfo; |
| 39 class SSLInfo; | 41 class SSLInfo; |
| 40 | 42 |
| 41 // An SSL client socket implemented with OpenSSL. | 43 // An SSL client socket implemented with OpenSSL. |
| 42 class SSLClientSocketOpenSSL : public SSLClientSocket { | 44 class SSLClientSocketOpenSSL : public SSLClientSocket { |
| 43 public: | 45 public: |
| 44 // Takes ownership of the transport_socket, which may already be connected. | 46 // Takes ownership of the transport_socket, which may already be connected. |
| 45 // The given hostname will be compared with the name(s) in the server's | 47 // The given hostname will be compared with the name(s) in the server's |
| 46 // certificate during the SSL handshake. ssl_config specifies the SSL | 48 // certificate during the SSL handshake. ssl_config specifies the SSL |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 114 void OnHandshakeCompletion(); | 116 void OnHandshakeCompletion(); |
| 115 | 117 |
| 116 bool DoTransportIO(); | 118 bool DoTransportIO(); |
| 117 int DoHandshake(); | 119 int DoHandshake(); |
| 118 int DoChannelIDLookup(); | 120 int DoChannelIDLookup(); |
| 119 int DoChannelIDLookupComplete(int result); | 121 int DoChannelIDLookupComplete(int result); |
| 120 int DoVerifyCert(int result); | 122 int DoVerifyCert(int result); |
| 121 int DoVerifyCertComplete(int result); | 123 int DoVerifyCertComplete(int result); |
| 122 void DoConnectCallback(int result); | 124 void DoConnectCallback(int result); |
| 123 X509Certificate* UpdateServerCert(); | 125 X509Certificate* UpdateServerCert(); |
| 126 void VerifyCT(); |
| 124 | 127 |
| 125 void OnHandshakeIOComplete(int result); | 128 void OnHandshakeIOComplete(int result); |
| 126 void OnSendComplete(int result); | 129 void OnSendComplete(int result); |
| 127 void OnRecvComplete(int result); | 130 void OnRecvComplete(int result); |
| 128 | 131 |
| 129 int DoHandshakeLoop(int last_io_result); | 132 int DoHandshakeLoop(int last_io_result); |
| 130 int DoReadLoop(int result); | 133 int DoReadLoop(int result); |
| 131 int DoWriteLoop(int result); | 134 int DoWriteLoop(int result); |
| 132 int DoPayloadRead(); | 135 int DoPayloadRead(); |
| 133 int DoPayloadWrite(); | 136 int DoPayloadWrite(); |
| (...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 166 int cmd, | 169 int cmd, |
| 167 const char *argp, int argi, long argl, | 170 const char *argp, int argi, long argl, |
| 168 long retvalue); | 171 long retvalue); |
| 169 | 172 |
| 170 // Callback that is used to obtain information about the state of the SSL | 173 // Callback that is used to obtain information about the state of the SSL |
| 171 // handshake. | 174 // handshake. |
| 172 static void InfoCallback(const SSL* ssl, int type, int val); | 175 static void InfoCallback(const SSL* ssl, int type, int val); |
| 173 | 176 |
| 174 void CheckIfHandshakeFinished(); | 177 void CheckIfHandshakeFinished(); |
| 175 | 178 |
| 179 // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|. |
| 180 // SCTs are held in three separate vectors in ct_verify_result, each |
| 181 // vetor representing a particular verification state, this method associates |
| 182 // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to |
| 183 // the |ssl_info|.signed_certificate_timestamps list. |
| 184 void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const; |
| 185 |
| 176 bool transport_send_busy_; | 186 bool transport_send_busy_; |
| 177 bool transport_recv_busy_; | 187 bool transport_recv_busy_; |
| 178 | 188 |
| 179 scoped_refptr<DrainableIOBuffer> send_buffer_; | 189 scoped_refptr<DrainableIOBuffer> send_buffer_; |
| 180 scoped_refptr<IOBuffer> recv_buffer_; | 190 scoped_refptr<IOBuffer> recv_buffer_; |
| 181 | 191 |
| 182 CompletionCallback user_connect_callback_; | 192 CompletionCallback user_connect_callback_; |
| 183 CompletionCallback user_read_callback_; | 193 CompletionCallback user_read_callback_; |
| 184 CompletionCallback user_write_callback_; | 194 CompletionCallback user_write_callback_; |
| 185 | 195 |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 225 // allowed by the server. | 235 // allowed by the server. |
| 226 std::vector<std::string> cert_authorities_; | 236 std::vector<std::string> cert_authorities_; |
| 227 // List of SSLClientCertType values for client certificates allowed by the | 237 // List of SSLClientCertType values for client certificates allowed by the |
| 228 // server. | 238 // server. |
| 229 std::vector<SSLClientCertType> cert_key_types_; | 239 std::vector<SSLClientCertType> cert_key_types_; |
| 230 | 240 |
| 231 CertVerifier* const cert_verifier_; | 241 CertVerifier* const cert_verifier_; |
| 232 scoped_ptr<SingleRequestCertVerifier> verifier_; | 242 scoped_ptr<SingleRequestCertVerifier> verifier_; |
| 233 base::TimeTicks start_cert_verification_time_; | 243 base::TimeTicks start_cert_verification_time_; |
| 234 | 244 |
| 245 // Certificate Transparency: Verifier and result holder. |
| 246 ct::CTVerifyResult ct_verify_result_; |
| 247 CTVerifier* cert_transparency_verifier_; |
| 248 |
| 235 // The service for retrieving Channel ID keys. May be NULL. | 249 // The service for retrieving Channel ID keys. May be NULL. |
| 236 ChannelIDService* channel_id_service_; | 250 ChannelIDService* channel_id_service_; |
| 237 | 251 |
| 238 // Callback that is invoked when the connection finishes. | 252 // Callback that is invoked when the connection finishes. |
| 239 // | 253 // |
| 240 // Note: this callback will be run in Disconnect(). It will not alter | 254 // Note: this callback will be run in Disconnect(). It will not alter |
| 241 // any member variables of the SSLClientSocketOpenSSL. | 255 // any member variables of the SSLClientSocketOpenSSL. |
| 242 base::Closure handshake_completion_callback_; | 256 base::Closure handshake_completion_callback_; |
| 243 | 257 |
| 244 // OpenSSL stuff | 258 // OpenSSL stuff |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 287 // pinning failure. It is a (somewhat) human-readable string. | 301 // pinning failure. It is a (somewhat) human-readable string. |
| 288 std::string pinning_failure_log_; | 302 std::string pinning_failure_log_; |
| 289 | 303 |
| 290 BoundNetLog net_log_; | 304 BoundNetLog net_log_; |
| 291 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_; | 305 base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_; |
| 292 }; | 306 }; |
| 293 | 307 |
| 294 } // namespace net | 308 } // namespace net |
| 295 | 309 |
| 296 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ | 310 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 517083002:
Enable Certificate Transparency in the OpenSSL port. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ct-objects-extractor