| Index: net/socket/ssl_server_socket.h
|
| diff --git a/net/socket/ssl_server_socket.h b/net/socket/ssl_server_socket.h
|
| index ceb9c0a27a898f85e8d812611fc2c9da3cb58c96..0989e28b85caf739243e55b70ab87bd6b8c5c4c7 100644
|
| --- a/net/socket/ssl_server_socket.h
|
| +++ b/net/socket/ssl_server_socket.h
|
| @@ -5,12 +5,15 @@
|
| #ifndef NET_SOCKET_SSL_SERVER_SOCKET_H_
|
| #define NET_SOCKET_SSL_SERVER_SOCKET_H_
|
|
|
| +#include <vector>
|
| +
|
| #include "base/basictypes.h"
|
| #include "base/memory/scoped_ptr.h"
|
| #include "net/base/completion_callback.h"
|
| #include "net/base/net_export.h"
|
| #include "net/socket/ssl_socket.h"
|
| #include "net/socket/stream_socket.h"
|
| +#include "net/ssl/ssl_client_cert_type.h"
|
|
|
| namespace crypto {
|
| class RSAPrivateKey;
|
| @@ -18,8 +21,10 @@ class RSAPrivateKey;
|
|
|
| namespace net {
|
|
|
| +class CertVerifier;
|
| struct SSLServerConfig;
|
| class X509Certificate;
|
| +typedef std::vector<scoped_refptr<X509Certificate>> CertificateList;
|
|
|
| class SSLServerSocket : public SSLSocket {
|
| public:
|
| @@ -30,6 +35,37 @@ class SSLServerSocket : public SSLSocket {
|
| // completion then the callback will be silently, as for other StreamSocket
|
| // calls.
|
| virtual int Handshake(const CompletionCallback& callback) = 0;
|
| +
|
| + // Indicates whether a client certificate is to be required by the upcoming
|
| + // Handshake.
|
| + virtual void SetRequireClientCert(bool require_client_cert) = 0;
|
| +
|
| + // Provides the list of certificates whose names are to be included in the
|
| + // CertificateRequest handshake message. Calling this function is only useful
|
| + // if certificates are allowed.
|
| + virtual void SetClientCertCAList(
|
| + const CertificateList& client_cert_ca_list) = 0;
|
| +
|
| + // Indicates that a client certificate is not only allowed but required, and
|
| + // provides the CertificateVerifier that is to be used to verify it during the
|
| + // handshake. The |client_cert_verifier| continues to be owned by the caller,
|
| + // and must exist at least until the handshake has completed.
|
| + // This function is meaningful only if client certificates are allowed.
|
| + // NOTES:
|
| + // 1. If no CertificateVerifier is provided, then a client certificate may
|
| + // still be allowed (if ssl_config.send_client_cert is true), but in that case
|
| + // verification must be done after the handshake has completed, by which time
|
| + // the session will have been cached, and may be subject to resumption.
|
| + // 2. The |client_cert_verifier| must provide its response synchronously, and
|
| + // blocks the IO thread while it runs. This results from a limitation of NSS.
|
| + // If ERR_IO_PENDING is returned, this is considered a verification failure.
|
| + // 3. For verifying a client certificate, the CertVerifier::Verify method
|
| + // will be called with input parameters as follows:
|
| + // - cert: the cert to be verified
|
| + // - hostname: empty string
|
| + // - flags: 0
|
| + // - crl_set: NULL
|
| + virtual void SetClientCertVerifier(CertVerifier* client_cert_verifier) = 0;
|
| };
|
|
|
| // Configures the underlying SSL library for the use of SSL server sockets.
|
|
|
Chromium Code Reviews
Issue 994743003:
Support for client certs in ssl_server_socket.
Base URL: https://chromium.googlesource.com/chromium/src.git@master