Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(180)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.h

Issue 5386001: Cache certificate verification results in memory. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Upload before checkin Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_nss_factory.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
7 #pragma once 7 #pragma once
8 8
9 #include <string> 9 #include <string>
10 10
11 #include "base/scoped_ptr.h" 11 #include "base/scoped_ptr.h"
12 #include "net/base/cert_verify_result.h" 12 #include "net/base/cert_verify_result.h"
13 #include "net/base/completion_callback.h" 13 #include "net/base/completion_callback.h"
14 #include "net/base/io_buffer.h" 14 #include "net/base/io_buffer.h"
15 #include "net/base/ssl_config_service.h" 15 #include "net/base/ssl_config_service.h"
16 #include "net/socket/ssl_client_socket.h" 16 #include "net/socket/ssl_client_socket.h"
17 #include "net/socket/client_socket_handle.h" 17 #include "net/socket/client_socket_handle.h"
18 18
19 typedef struct bio_st BIO; 19 typedef struct bio_st BIO;
20 typedef struct evp_pkey_st EVP_PKEY; 20 typedef struct evp_pkey_st EVP_PKEY;
21 typedef struct ssl_st SSL; 21 typedef struct ssl_st SSL;
22 typedef struct x509_st X509; 22 typedef struct x509_st X509;
23 23
24 namespace net { 24 namespace net {
25 25
26 class CertVerifier; 26 class CertVerifier;
27 class SingleRequestCertVerifier;
27 class SSLCertRequestInfo; 28 class SSLCertRequestInfo;
28 class SSLConfig; 29 class SSLConfig;
29 class SSLInfo; 30 class SSLInfo;
30 31
31 // An SSL client socket implemented with OpenSSL. 32 // An SSL client socket implemented with OpenSSL.
32 class SSLClientSocketOpenSSL : public SSLClientSocket { 33 class SSLClientSocketOpenSSL : public SSLClientSocket {
33 public: 34 public:
34 // Takes ownership of the transport_socket, which may already be connected. 35 // Takes ownership of the transport_socket, which may already be connected.
35 // The given hostname will be compared with the name(s) in the server's 36 // The given hostname will be compared with the name(s) in the server's
36 // certificate during the SSL handshake. ssl_config specifies the SSL 37 // certificate during the SSL handshake. ssl_config specifies the SSL
37 // settings. 38 // settings.
38 SSLClientSocketOpenSSL(ClientSocketHandle* transport_socket, 39 SSLClientSocketOpenSSL(ClientSocketHandle* transport_socket,
39 const HostPortPair& host_and_port, 40 const HostPortPair& host_and_port,
40 const SSLConfig& ssl_config); 41 const SSLConfig& ssl_config,
42 CertVerifier* cert_verifier);
41 ~SSLClientSocketOpenSSL(); 43 ~SSLClientSocketOpenSSL();
42 44
43 const HostPortPair& host_and_port() const { return host_and_port_; } 45 const HostPortPair& host_and_port() const { return host_and_port_; }
44 46
45 // Callback from the SSL layer that indicates the remote server is requesting 47 // Callback from the SSL layer that indicates the remote server is requesting
46 // a certificate for this client. 48 // a certificate for this client.
47 int ClientCertRequestCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey); 49 int ClientCertRequestCallback(SSL* ssl, X509** x509, EVP_PKEY** pkey);
48 50
49 // Callback from the SSL layer to check which NPN protocol we are supporting 51 // Callback from the SSL layer to check which NPN protocol we are supporting
50 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, 52 int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen,
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after
124 // Set when handshake finishes. 126 // Set when handshake finishes.
125 scoped_refptr<X509Certificate> server_cert_; 127 scoped_refptr<X509Certificate> server_cert_;
126 CertVerifyResult server_cert_verify_result_; 128 CertVerifyResult server_cert_verify_result_;
127 bool completed_handshake_; 129 bool completed_handshake_;
128 130
129 // Stores client authentication information between ClientAuthHandler and 131 // Stores client authentication information between ClientAuthHandler and
130 // GetSSLCertRequestInfo calls. 132 // GetSSLCertRequestInfo calls.
131 std::vector<scoped_refptr<X509Certificate> > client_certs_; 133 std::vector<scoped_refptr<X509Certificate> > client_certs_;
132 bool client_auth_cert_needed_; 134 bool client_auth_cert_needed_;
133 135
134 scoped_ptr<CertVerifier> verifier_; 136 CertVerifier* const cert_verifier_;
137 scoped_ptr<SingleRequestCertVerifier> verifier_;
135 CompletionCallbackImpl<SSLClientSocketOpenSSL> handshake_io_callback_; 138 CompletionCallbackImpl<SSLClientSocketOpenSSL> handshake_io_callback_;
136 139
137 // OpenSSL stuff 140 // OpenSSL stuff
138 SSL* ssl_; 141 SSL* ssl_;
139 BIO* transport_bio_; 142 BIO* transport_bio_;
140 143
141 scoped_ptr<ClientSocketHandle> transport_; 144 scoped_ptr<ClientSocketHandle> transport_;
142 const HostPortPair host_and_port_; 145 const HostPortPair host_and_port_;
143 SSLConfig ssl_config_; 146 SSLConfig ssl_config_;
144 147
145 // Used for session cache diagnostics. 148 // Used for session cache diagnostics.
146 bool trying_cached_session_; 149 bool trying_cached_session_;
147 150
148 enum State { 151 enum State {
149 STATE_NONE, 152 STATE_NONE,
150 STATE_HANDSHAKE, 153 STATE_HANDSHAKE,
151 STATE_VERIFY_CERT, 154 STATE_VERIFY_CERT,
152 STATE_VERIFY_CERT_COMPLETE, 155 STATE_VERIFY_CERT_COMPLETE,
153 }; 156 };
154 State next_handshake_state_; 157 State next_handshake_state_;
155 NextProtoStatus npn_status_; 158 NextProtoStatus npn_status_;
156 std::string npn_proto_; 159 std::string npn_proto_;
157 BoundNetLog net_log_; 160 BoundNetLog net_log_;
158 }; 161 };
159 162
160 } // namespace net 163 } // namespace net
161 164
162 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 165 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
163 166
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_nss_factory.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698