OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
(...skipping 362 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
373 } | 373 } |
374 long set_mask; | 374 long set_mask; |
375 long clear_mask; | 375 long clear_mask; |
376 }; | 376 }; |
377 | 377 |
378 } // namespace | 378 } // namespace |
379 | 379 |
380 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( | 380 SSLClientSocketOpenSSL::SSLClientSocketOpenSSL( |
381 ClientSocketHandle* transport_socket, | 381 ClientSocketHandle* transport_socket, |
382 const HostPortPair& host_and_port, | 382 const HostPortPair& host_and_port, |
383 const SSLConfig& ssl_config) | 383 const SSLConfig& ssl_config, |
| 384 CertVerifier* cert_verifier) |
384 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( | 385 : ALLOW_THIS_IN_INITIALIZER_LIST(buffer_send_callback_( |
385 this, &SSLClientSocketOpenSSL::BufferSendComplete)), | 386 this, &SSLClientSocketOpenSSL::BufferSendComplete)), |
386 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( | 387 ALLOW_THIS_IN_INITIALIZER_LIST(buffer_recv_callback_( |
387 this, &SSLClientSocketOpenSSL::BufferRecvComplete)), | 388 this, &SSLClientSocketOpenSSL::BufferRecvComplete)), |
388 transport_send_busy_(false), | 389 transport_send_busy_(false), |
389 transport_recv_busy_(false), | 390 transport_recv_busy_(false), |
390 user_connect_callback_(NULL), | 391 user_connect_callback_(NULL), |
391 user_read_callback_(NULL), | 392 user_read_callback_(NULL), |
392 user_write_callback_(NULL), | 393 user_write_callback_(NULL), |
393 completed_handshake_(false), | 394 completed_handshake_(false), |
394 client_auth_cert_needed_(false), | 395 client_auth_cert_needed_(false), |
| 396 cert_verifier_(cert_verifier), |
395 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( | 397 ALLOW_THIS_IN_INITIALIZER_LIST(handshake_io_callback_( |
396 this, &SSLClientSocketOpenSSL::OnHandshakeIOComplete)), | 398 this, &SSLClientSocketOpenSSL::OnHandshakeIOComplete)), |
397 ssl_(NULL), | 399 ssl_(NULL), |
398 transport_bio_(NULL), | 400 transport_bio_(NULL), |
399 transport_(transport_socket), | 401 transport_(transport_socket), |
400 host_and_port_(host_and_port), | 402 host_and_port_(host_and_port), |
401 ssl_config_(ssl_config), | 403 ssl_config_(ssl_config), |
402 trying_cached_session_(false), | 404 trying_cached_session_(false), |
403 npn_status_(kNextProtoUnsupported), | 405 npn_status_(kNextProtoUnsupported), |
404 net_log_(transport_socket->socket()->NetLog()) { | 406 net_log_(transport_socket->socket()->NetLog()) { |
(...skipping 401 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
806 | 808 |
807 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { | 809 int SSLClientSocketOpenSSL::DoVerifyCert(int result) { |
808 DCHECK(server_cert_); | 810 DCHECK(server_cert_); |
809 GotoState(STATE_VERIFY_CERT_COMPLETE); | 811 GotoState(STATE_VERIFY_CERT_COMPLETE); |
810 int flags = 0; | 812 int flags = 0; |
811 | 813 |
812 if (ssl_config_.rev_checking_enabled) | 814 if (ssl_config_.rev_checking_enabled) |
813 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; | 815 flags |= X509Certificate::VERIFY_REV_CHECKING_ENABLED; |
814 if (ssl_config_.verify_ev_cert) | 816 if (ssl_config_.verify_ev_cert) |
815 flags |= X509Certificate::VERIFY_EV_CERT; | 817 flags |= X509Certificate::VERIFY_EV_CERT; |
816 verifier_.reset(new CertVerifier); | 818 verifier_.reset(new SingleRequestCertVerifier(cert_verifier_)); |
817 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, | 819 return verifier_->Verify(server_cert_, host_and_port_.host(), flags, |
818 &server_cert_verify_result_, | 820 &server_cert_verify_result_, |
819 &handshake_io_callback_); | 821 &handshake_io_callback_); |
820 } | 822 } |
821 | 823 |
822 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { | 824 int SSLClientSocketOpenSSL::DoVerifyCertComplete(int result) { |
823 verifier_.reset(); | 825 verifier_.reset(); |
824 | 826 |
825 if (result == OK) { | 827 if (result == OK) { |
826 // TODO(joth): Work out if we need to remember the intermediate CA certs | 828 // TODO(joth): Work out if we need to remember the intermediate CA certs |
(...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1181 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); | 1183 int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_); |
1182 | 1184 |
1183 if (rv >= 0) | 1185 if (rv >= 0) |
1184 return rv; | 1186 return rv; |
1185 | 1187 |
1186 int err = SSL_get_error(ssl_, rv); | 1188 int err = SSL_get_error(ssl_, rv); |
1187 return MapOpenSSLError(err, err_tracer); | 1189 return MapOpenSSLError(err, err_tracer); |
1188 } | 1190 } |
1189 | 1191 |
1190 } // namespace net | 1192 } // namespace net |
OLD | NEW |