| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_server_socket_nss.h" | 5 #include "net/socket/ssl_server_socket_nss.h" |
| 6 | 6 |
| 7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
| 8 #include <winsock2.h> | 8 #include <winsock2.h> |
| 9 #endif | 9 #endif |
| 10 | 10 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 22 #include <nss.h> | 22 #include <nss.h> |
| 23 #include <pk11pub.h> | 23 #include <pk11pub.h> |
| 24 #include <secerr.h> | 24 #include <secerr.h> |
| 25 #include <sechash.h> | 25 #include <sechash.h> |
| 26 #include <ssl.h> | 26 #include <ssl.h> |
| 27 #include <sslerr.h> | 27 #include <sslerr.h> |
| 28 #include <sslproto.h> | 28 #include <sslproto.h> |
| 29 | 29 |
| 30 #include <limits> | 30 #include <limits> |
| 31 | 31 |
| 32 #include "base/lazy_instance.h" |
| 32 #include "base/memory/ref_counted.h" | 33 #include "base/memory/ref_counted.h" |
| 33 #include "crypto/rsa_private_key.h" | 34 #include "crypto/rsa_private_key.h" |
| 34 #include "crypto/nss_util_internal.h" | 35 #include "crypto/nss_util_internal.h" |
| 35 #include "net/base/io_buffer.h" | 36 #include "net/base/io_buffer.h" |
| 36 #include "net/base/net_errors.h" | 37 #include "net/base/net_errors.h" |
| 37 #include "net/base/net_log.h" | 38 #include "net/base/net_log.h" |
| 38 #include "net/ocsp/nss_ocsp.h" | 39 #include "net/ocsp/nss_ocsp.h" |
| 39 #include "net/socket/nss_ssl_util.h" | 40 #include "net/socket/nss_ssl_util.h" |
| 40 #include "net/socket/ssl_error_params.h" | 41 #include "net/socket/ssl_error_params.h" |
| 41 | 42 |
| 42 static const int kRecvBufferSize = 4096; | 43 static const int kRecvBufferSize = 4096; |
| 43 | 44 |
| 44 #define GotoState(s) next_handshake_state_ = s | 45 #define GotoState(s) next_handshake_state_ = s |
| 45 | 46 |
| 46 namespace net { | 47 namespace net { |
| 47 | 48 |
| 49 namespace { |
| 50 |
| 51 bool g_nss_server_sockets_init = false; |
| 52 |
| 53 class NSSSSLServerInitSingleton { |
| 54 public: |
| 55 NSSSSLServerInitSingleton() { |
| 56 EnsureNSSSSLInit(); |
| 57 |
| 58 SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL); |
| 59 g_nss_server_sockets_init = true; |
| 60 } |
| 61 |
| 62 ~NSSSSLServerInitSingleton() { |
| 63 SSL_ShutdownServerSessionIDCache(); |
| 64 g_nss_server_sockets_init = false; |
| 65 } |
| 66 }; |
| 67 |
| 68 static base::LazyInstance<NSSSSLServerInitSingleton> |
| 69 g_nss_ssl_server_init_singleton = LAZY_INSTANCE_INITIALIZER; |
| 70 |
| 71 } // namespace |
| 72 |
| 73 void EnableSSLServerSockets() { |
| 74 g_nss_ssl_server_init_singleton.Get(); |
| 75 } |
| 76 |
| 48 SSLServerSocket* CreateSSLServerSocket( | 77 SSLServerSocket* CreateSSLServerSocket( |
| 49 StreamSocket* socket, | 78 StreamSocket* socket, |
| 50 X509Certificate* cert, | 79 X509Certificate* cert, |
| 51 crypto::RSAPrivateKey* key, | 80 crypto::RSAPrivateKey* key, |
| 52 const SSLConfig& ssl_config) { | 81 const SSLConfig& ssl_config) { |
| 82 DCHECK(g_nss_server_sockets_init) << "EnableSSLServerSockets() has not been" |
| 83 << "called yet!"; |
| 84 |
| 53 return new SSLServerSocketNSS(socket, cert, key, ssl_config); | 85 return new SSLServerSocketNSS(socket, cert, key, ssl_config); |
| 54 } | 86 } |
| 55 | 87 |
| 56 SSLServerSocketNSS::SSLServerSocketNSS( | 88 SSLServerSocketNSS::SSLServerSocketNSS( |
| 57 StreamSocket* transport_socket, | 89 StreamSocket* transport_socket, |
| 58 scoped_refptr<X509Certificate> cert, | 90 scoped_refptr<X509Certificate> cert, |
| 59 crypto::RSAPrivateKey* key, | 91 crypto::RSAPrivateKey* key, |
| 60 const SSLConfig& ssl_config) | 92 const SSLConfig& ssl_config) |
| 61 : transport_send_busy_(false), | 93 : transport_send_busy_(false), |
| 62 transport_recv_busy_(false), | 94 transport_recv_busy_(false), |
| (...skipping 265 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 328 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE"); | 360 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUEST_CERTIFICATE"); |
| 329 return ERR_UNEXPECTED; | 361 return ERR_UNEXPECTED; |
| 330 } | 362 } |
| 331 | 363 |
| 332 rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE); | 364 rv = SSL_OptionSet(nss_fd_, SSL_REQUIRE_CERTIFICATE, PR_FALSE); |
| 333 if (rv != SECSuccess) { | 365 if (rv != SECSuccess) { |
| 334 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE"); | 366 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_REQUIRE_CERTIFICATE"); |
| 335 return ERR_UNEXPECTED; | 367 return ERR_UNEXPECTED; |
| 336 } | 368 } |
| 337 | 369 |
| 338 rv = SSL_ConfigServerSessionIDCache(1024, 5, 5, NULL); | |
| 339 if (rv != SECSuccess) { | |
| 340 LogFailedNSSFunction(net_log_, "SSL_ConfigureServerSessionIDCache", ""); | |
| 341 return ERR_UNEXPECTED; | |
| 342 } | |
| 343 | |
| 344 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); | 370 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); |
| 345 if (rv != SECSuccess) { | 371 if (rv != SECSuccess) { |
| 346 LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", ""); | 372 LogFailedNSSFunction(net_log_, "SSL_AuthCertificateHook", ""); |
| 347 return ERR_UNEXPECTED; | 373 return ERR_UNEXPECTED; |
| 348 } | 374 } |
| 349 | 375 |
| 350 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); | 376 rv = SSL_HandshakeCallback(nss_fd_, HandshakeCallback, this); |
| 351 if (rv != SECSuccess) { | 377 if (rv != SECSuccess) { |
| 352 LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", ""); | 378 LogFailedNSSFunction(net_log_, "SSL_HandshakeCallback", ""); |
| 353 return ERR_UNEXPECTED; | 379 return ERR_UNEXPECTED; |
| (...skipping 410 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 764 // TODO(hclam): Implement. | 790 // TODO(hclam): Implement. |
| 765 } | 791 } |
| 766 | 792 |
| 767 int SSLServerSocketNSS::Init() { | 793 int SSLServerSocketNSS::Init() { |
| 768 // Initialize the NSS SSL library in a threadsafe way. This also | 794 // Initialize the NSS SSL library in a threadsafe way. This also |
| 769 // initializes the NSS base library. | 795 // initializes the NSS base library. |
| 770 EnsureNSSSSLInit(); | 796 EnsureNSSSSLInit(); |
| 771 if (!NSS_IsInitialized()) | 797 if (!NSS_IsInitialized()) |
| 772 return ERR_UNEXPECTED; | 798 return ERR_UNEXPECTED; |
| 773 | 799 |
| 800 EnableSSLServerSockets(); |
| 774 return OK; | 801 return OK; |
| 775 } | 802 } |
| 776 | 803 |
| 777 } // namespace net | 804 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10543106:
Add an explicit function to init NSS for SSL server sockets (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src