OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
7 #pragma once | 7 #pragma once |
8 | 8 |
9 #include <certt.h> | 9 #include <certt.h> |
10 #include <keyt.h> | 10 #include <keyt.h> |
(...skipping 14 matching lines...) Expand all Loading... |
25 #include "net/base/ssl_config_service.h" | 25 #include "net/base/ssl_config_service.h" |
26 #include "net/base/x509_certificate.h" | 26 #include "net/base/x509_certificate.h" |
27 #include "net/socket/ssl_client_socket.h" | 27 #include "net/socket/ssl_client_socket.h" |
28 | 28 |
29 namespace net { | 29 namespace net { |
30 | 30 |
31 class BoundNetLog; | 31 class BoundNetLog; |
32 class CertVerifier; | 32 class CertVerifier; |
33 class ClientSocketHandle; | 33 class ClientSocketHandle; |
34 class DnsCertProvenanceChecker; | 34 class DnsCertProvenanceChecker; |
| 35 class SingleRequestCertVerifier; |
35 class SSLHostInfo; | 36 class SSLHostInfo; |
36 class X509Certificate; | 37 class X509Certificate; |
37 | 38 |
38 // An SSL client socket implemented with Mozilla NSS. | 39 // An SSL client socket implemented with Mozilla NSS. |
39 class SSLClientSocketNSS : public SSLClientSocket { | 40 class SSLClientSocketNSS : public SSLClientSocket { |
40 public: | 41 public: |
41 // Takes ownership of the |transport_socket|, which must already be connected. | 42 // Takes ownership of the |transport_socket|, which must already be connected. |
42 // The hostname specified in |host_and_port| will be compared with the name(s) | 43 // The hostname specified in |host_and_port| will be compared with the name(s) |
43 // in the server's certificate during the SSL handshake. If SSL client | 44 // in the server's certificate during the SSL handshake. If SSL client |
44 // authentication is requested, the host_and_port field of SSLCertRequestInfo | 45 // authentication is requested, the host_and_port field of SSLCertRequestInfo |
45 // will be populated with |host_and_port|. |ssl_config| specifies | 46 // will be populated with |host_and_port|. |ssl_config| specifies |
46 // the SSL settings. | 47 // the SSL settings. |
47 SSLClientSocketNSS(ClientSocketHandle* transport_socket, | 48 SSLClientSocketNSS(ClientSocketHandle* transport_socket, |
48 const HostPortPair& host_and_port, | 49 const HostPortPair& host_and_port, |
49 const SSLConfig& ssl_config, | 50 const SSLConfig& ssl_config, |
50 SSLHostInfo* ssl_host_info, | 51 SSLHostInfo* ssl_host_info, |
| 52 CertVerifier* cert_verifier, |
51 DnsCertProvenanceChecker* dnsrr_resolver); | 53 DnsCertProvenanceChecker* dnsrr_resolver); |
52 ~SSLClientSocketNSS(); | 54 ~SSLClientSocketNSS(); |
53 | 55 |
54 // SSLClientSocket methods: | 56 // SSLClientSocket methods: |
55 virtual void GetSSLInfo(SSLInfo* ssl_info); | 57 virtual void GetSSLInfo(SSLInfo* ssl_info); |
56 virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); | 58 virtual void GetSSLCertRequestInfo(SSLCertRequestInfo* cert_request_info); |
57 virtual NextProtoStatus GetNextProto(std::string* proto); | 59 virtual NextProtoStatus GetNextProto(std::string* proto); |
58 virtual void UseDNSSEC(DNSSECProvider* provider); | 60 virtual void UseDNSSEC(DNSSECProvider* provider); |
59 | 61 |
60 // ClientSocket methods: | 62 // ClientSocket methods: |
(...skipping 125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
186 // we used an SSLHostInfo's verification. | 188 // we used an SSLHostInfo's verification. |
187 const CertVerifyResult* server_cert_verify_result_; | 189 const CertVerifyResult* server_cert_verify_result_; |
188 CertVerifyResult local_server_cert_verify_result_; | 190 CertVerifyResult local_server_cert_verify_result_; |
189 int ssl_connection_status_; | 191 int ssl_connection_status_; |
190 | 192 |
191 // Stores client authentication information between ClientAuthHandler and | 193 // Stores client authentication information between ClientAuthHandler and |
192 // GetSSLCertRequestInfo calls. | 194 // GetSSLCertRequestInfo calls. |
193 std::vector<scoped_refptr<X509Certificate> > client_certs_; | 195 std::vector<scoped_refptr<X509Certificate> > client_certs_; |
194 bool client_auth_cert_needed_; | 196 bool client_auth_cert_needed_; |
195 | 197 |
196 scoped_ptr<CertVerifier> verifier_; | 198 CertVerifier* const cert_verifier_; |
| 199 scoped_ptr<SingleRequestCertVerifier> verifier_; |
197 | 200 |
198 // True if NSS has called HandshakeCallback. | 201 // True if NSS has called HandshakeCallback. |
199 bool handshake_callback_called_; | 202 bool handshake_callback_called_; |
200 | 203 |
201 // True if the SSL handshake has been completed. | 204 // True if the SSL handshake has been completed. |
202 bool completed_handshake_; | 205 bool completed_handshake_; |
203 | 206 |
204 // True if we are lying about being connected in order to merge the first | 207 // True if we are lying about being connected in order to merge the first |
205 // Write call into a Snap Start handshake. | 208 // Write call into a Snap Start handshake. |
206 bool pseudo_connected_; | 209 bool pseudo_connected_; |
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
251 | 254 |
252 base::TimeTicks start_cert_verification_time_; | 255 base::TimeTicks start_cert_verification_time_; |
253 | 256 |
254 scoped_ptr<SSLHostInfo> ssl_host_info_; | 257 scoped_ptr<SSLHostInfo> ssl_host_info_; |
255 DnsCertProvenanceChecker* const dns_cert_checker_; | 258 DnsCertProvenanceChecker* const dns_cert_checker_; |
256 }; | 259 }; |
257 | 260 |
258 } // namespace net | 261 } // namespace net |
259 | 262 |
260 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ | 263 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_NSS_H_ |
OLD | NEW |