OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_server_socket_nss.h" | 5 #include "net/socket/ssl_server_socket_nss.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <winsock2.h> | 8 #include <winsock2.h> |
9 #endif | 9 #endif |
10 | 10 |
(...skipping 11 matching lines...) Expand all Loading... |
22 #include <nss.h> | 22 #include <nss.h> |
23 #include <pk11pub.h> | 23 #include <pk11pub.h> |
24 #include <secerr.h> | 24 #include <secerr.h> |
25 #include <sechash.h> | 25 #include <sechash.h> |
26 #include <ssl.h> | 26 #include <ssl.h> |
27 #include <sslerr.h> | 27 #include <sslerr.h> |
28 #include <sslproto.h> | 28 #include <sslproto.h> |
29 | 29 |
30 #include <limits> | 30 #include <limits> |
31 | 31 |
| 32 #include "base/lazy_instance.h" |
32 #include "base/memory/ref_counted.h" | 33 #include "base/memory/ref_counted.h" |
33 #include "crypto/rsa_private_key.h" | 34 #include "crypto/rsa_private_key.h" |
34 #include "crypto/nss_util_internal.h" | 35 #include "crypto/nss_util_internal.h" |
35 #include "net/base/io_buffer.h" | 36 #include "net/base/io_buffer.h" |
36 #include "net/base/net_errors.h" | 37 #include "net/base/net_errors.h" |
37 #include "net/base/net_log.h" | 38 #include "net/base/net_log.h" |
38 #include "net/ocsp/nss_ocsp.h" | 39 #include "net/ocsp/nss_ocsp.h" |
39 #include "net/socket/nss_ssl_util.h" | 40 #include "net/socket/nss_ssl_util.h" |
40 #include "net/socket/ssl_error_params.h" | 41 #include "net/socket/ssl_error_params.h" |
41 | 42 |
42 static const int kRecvBufferSize = 4096; | 43 static const int kRecvBufferSize = 4096; |
43 | 44 |
44 #define GotoState(s) next_handshake_state_ = s | 45 #define GotoState(s) next_handshake_state_ = s |
45 | 46 |
46 namespace net { | 47 namespace net { |
47 | 48 |
| 49 namespace { |
| 50 |
| 51 bool g_nss_server_sockets_init = false; |
| 52 |
| 53 class NSSSSLServerInitSingleton { |
| 54 public: |
| 55 NSSSSLServerInitSingleton() { |
| 56 EnsureNSSSSLInit(); |
| 57 |
| 58 SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL); |
| 59 g_nss_server_sockets_init = true; |
| 60 } |
| 61 |
| 62 ~NSSSSLServerInitSingleton() { |
| 63 SSL_ShutdownServerSessionIDCache(); |
| 64 g_nss_server_sockets_init = false; |
| 65 } |
| 66 }; |
| 67 |
| 68 static base::LazyInstance<NSSSSLServerInitSingleton> |
| 69 g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER; |
| 70 |
| 71 } // namespace |
| 72 |
| 73 void EnableSSLServerSockets() { |
| 74 g_nss_ssl_server_init_singleton.Get(); |
| 75 } |
| 76 |
48 SSLServerSocket* CreateSSLServerSocket( | 77 SSLServerSocket* CreateSSLServerSocket( |
49 StreamSocket* socket, | 78 StreamSocket* socket, |
50 X509Certificate* cert, | 79 X509Certificate* cert, |
51 crypto::RSAPrivateKey* key, | 80 crypto::RSAPrivateKey* key, |
52 const SSLConfig& ssl_config) { | 81 const SSLConfig& ssl_config) { |
| 82 DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been" |
| 83 << "called yet!"; |
| 84 |
53 return new SSLServerSocketNSS(socket, cert, key, ssl_config); | 85 return new SSLServerSocketNSS(socket, cert, key, ssl_config); |
54 } | 86 } |
55 | 87 |
56 SSLServerSocketNSS::SSLServerSocketNSS( | 88 SSLServerSocketNSS::SSLServerSocketNSS( |
57 StreamSocket* transport_socket, | 89 StreamSocket* transport_socket, |
58 scoped_refptr<X509Certificate> cert, | 90 scoped_refptr<X509Certificate> cert, |
59 crypto::RSAPrivateKey* key, | 91 crypto::RSAPrivateKey* key, |
60 const SSLConfig& ssl_config) | 92 const SSLConfig& ssl_config) |
61 : transport_send_busy_(false), | 93 : transport_send_busy_(false), |
62 transport_recv_busy_(false), | 94 transport_recv_busy_(false), |
(...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
328 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE"); | 360 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE"); |
329 return ERR_UNEXPECTED; | 361 return ERR_UNEXPECTED; |
330 } | 362 } |
331 | 363 |
332 rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE); | 364 rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE); |
333 if (rv != SECSuccess) { | 365 if (rv != SECSuccess) { |
334 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE"); | 366 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE"); |
335 return ERR_UNEXPECTED; | 367 return ERR_UNEXPECTED; |
336 } | 368 } |
337 | 369 |
338 rv = SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL); | |
339 if (rv != SECSuccess) { | |
340 LogFailedNSSFunction(net_log_, "SSL_ConfigureServerSessionIDCache", ""); | |
341 return ERR_UNEXPECTED; | |
342 } | |
343 | |
344 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); | 370 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); |
345 if (rv != SECSuccess) { | 371 if (rv != SECSuccess) { |
346 LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", ""); | 372 LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", ""); |
347 return ERR_UNEXPECTED; | 373 return ERR_UNEXPECTED; |
348 } | 374 } |
349 | 375 |
350 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | 376 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); |
351 if (rv != SECSuccess) { | 377 if (rv != SECSuccess) { |
352 LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", ""); | 378 LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", ""); |
353 return ERR_UNEXPECTED; | 379 return ERR_UNEXPECTED; |
(...skipping 410 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
764 // TODO(hclam): Implement. | 790 // TODO(hclam): Implement. |
765 } | 791 } |
766 | 792 |
767 int SSLServerSocketNSS::Init() { | 793 int SSLServerSocketNSS::Init() { |
768 // Initialize the NSS SSL library in a threadsafe way. This also | 794 // Initialize the NSS SSL library in a threadsafe way. This also |
769 // initializes the NSS base library. | 795 // initializes the NSS base library. |
770 EnsureNSSSSLInit(); | 796 EnsureNSSSSLInit(); |
771 if (!NSS_IsInitialized()) | 797 if (!NSS_IsInitialized()) |
772 return ERR_UNEXPECTED; | 798 return ERR_UNEXPECTED; |
773 | 799 |
| 800 EnableSSLServerSockets(); |
774 return OK; | 801 return OK; |
775 } | 802 } |
776 | 803 |
777 } // namespace net | 804 } // namespace net |
OLD | NEW |