| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 #include "base/metrics/histogram_macros.h" | 21 #include "base/metrics/histogram_macros.h" |
| 22 #include "base/profiler/scoped_tracker.h" | 22 #include "base/profiler/scoped_tracker.h" |
| 23 #include "base/stl_util.h" | 23 #include "base/stl_util.h" |
| 24 #include "base/strings/string_piece.h" | 24 #include "base/strings/string_piece.h" |
| 25 #include "base/synchronization/lock.h" | 25 #include "base/synchronization/lock.h" |
| 26 #include "base/threading/sequenced_worker_pool.h" | 26 #include "base/threading/sequenced_worker_pool.h" |
| 27 #include "base/threading/thread_local.h" | 27 #include "base/threading/thread_local.h" |
| 28 #include "base/values.h" | 28 #include "base/values.h" |
| 29 #include "crypto/ec_private_key.h" | 29 #include "crypto/ec_private_key.h" |
| 30 #include "crypto/openssl_util.h" | 30 #include "crypto/openssl_util.h" |
| 31 #include "crypto/rsa_private_key.h" |
| 31 #include "crypto/scoped_openssl_types.h" | 32 #include "crypto/scoped_openssl_types.h" |
| 32 #include "net/base/ip_address_number.h" | 33 #include "net/base/ip_address_number.h" |
| 33 #include "net/base/net_errors.h" | 34 #include "net/base/net_errors.h" |
| 34 #include "net/cert/cert_policy_enforcer.h" | 35 #include "net/cert/cert_policy_enforcer.h" |
| 35 #include "net/cert/cert_verifier.h" | 36 #include "net/cert/cert_verifier.h" |
| 36 #include "net/cert/ct_ev_whitelist.h" | 37 #include "net/cert/ct_ev_whitelist.h" |
| 37 #include "net/cert/ct_verifier.h" | 38 #include "net/cert/ct_verifier.h" |
| 38 #include "net/cert/x509_certificate_net_log_param.h" | 39 #include "net/cert/x509_certificate_net_log_param.h" |
| 39 #include "net/cert/x509_util_openssl.h" | 40 #include "net/cert/x509_util_openssl.h" |
| 40 #include "net/http/transport_security_state.h" | 41 #include "net/http/transport_security_state.h" |
| (...skipping 1754 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1795 LOG(WARNING) << "Failed to set client certificate"; | 1796 LOG(WARNING) << "Failed to set client certificate"; |
| 1796 return -1; | 1797 return -1; |
| 1797 } | 1798 } |
| 1798 | 1799 |
| 1799 #if defined(OS_NACL) | 1800 #if defined(OS_NACL) |
| 1800 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); | 1801 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); |
| 1801 return -1; | 1802 return -1; |
| 1802 #else | 1803 #else |
| 1803 // TODO(davidben): Lift this call up to the embedder so we can actually test | 1804 // TODO(davidben): Lift this call up to the embedder so we can actually test |
| 1804 // this code. https://crbug.com/394131 | 1805 // this code. https://crbug.com/394131 |
| 1805 private_key_ = FetchClientCertPrivateKey( | 1806 if (!private_key_) { |
| 1806 ssl_config_.client_cert.get(), | 1807 private_key_ = FetchClientCertPrivateKey( |
| 1807 g_platform_key_task_runner.Get().task_runner()); | 1808 ssl_config_.client_cert.get(), |
| 1809 g_platform_key_task_runner.Get().task_runner()); |
| 1810 } |
| 1808 if (!private_key_) { | 1811 if (!private_key_) { |
| 1809 // Could not find the private key. Fail the handshake and surface an | 1812 // Could not find the private key. Fail the handshake and surface an |
| 1810 // appropriate error to the caller. | 1813 // appropriate error to the caller. |
| 1811 LOG(WARNING) << "Client cert found without private key"; | 1814 LOG(WARNING) << "Client cert found without private key"; |
| 1812 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); | 1815 OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY); |
| 1813 return -1; | 1816 return -1; |
| 1814 } | 1817 } |
| 1815 | 1818 |
| 1816 SSL_set_private_key_method(ssl_, &SSLContext::kPrivateKeyMethod); | 1819 SSL_set_private_key_method(ssl_, &SSLContext::kPrivateKeyMethod); |
| 1817 | 1820 |
| (...skipping 336 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2154 if (next_handshake_state_ == STATE_HANDSHAKE) { | 2157 if (next_handshake_state_ == STATE_HANDSHAKE) { |
| 2155 OnHandshakeIOComplete(signature_result_); | 2158 OnHandshakeIOComplete(signature_result_); |
| 2156 return; | 2159 return; |
| 2157 } | 2160 } |
| 2158 | 2161 |
| 2159 // During a renegotiation, either Read or Write calls may be blocked on an | 2162 // During a renegotiation, either Read or Write calls may be blocked on an |
| 2160 // asynchronous private key operation. | 2163 // asynchronous private key operation. |
| 2161 PumpReadWriteEvents(); | 2164 PumpReadWriteEvents(); |
| 2162 } | 2165 } |
| 2163 | 2166 |
| 2167 void SSLClientSocketOpenSSL::ForceClientCertificateAndKeyForTest( |
| 2168 scoped_refptr<X509Certificate> client_cert, |
| 2169 scoped_ptr<SSLPrivateKey> client_private_key) { |
| 2170 ssl_config_.send_client_cert = true; |
| 2171 ssl_config_.client_cert = client_cert; |
| 2172 private_key_ = client_private_key.Pass(); |
| 2173 } |
| 2174 |
| 2164 } // namespace net | 2175 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 994743003:
Support for client certs in ssl_server_socket.
Base URL: https://chromium.googlesource.com/chromium/src.git@master