OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
(...skipping 620 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
631 << " compression = " | 631 << " compression = " |
632 << SSLConnectionStatusToCompression(ssl_info->connection_status) | 632 << SSLConnectionStatusToCompression(ssl_info->connection_status) |
633 << " version = " | 633 << " version = " |
634 << SSLConnectionStatusToVersion(ssl_info->connection_status); | 634 << SSLConnectionStatusToVersion(ssl_info->connection_status); |
635 return true; | 635 return true; |
636 } | 636 } |
637 | 637 |
638 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( | 638 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( |
639 SSLCertRequestInfo* cert_request_info) { | 639 SSLCertRequestInfo* cert_request_info) { |
640 cert_request_info->host_and_port = host_and_port_.ToString(); | 640 cert_request_info->host_and_port = host_and_port_.ToString(); |
641 cert_request_info->client_certs = client_certs_; | 641 cert_request_info->no_client_certs = true; |
| 642 cert_request_info->client_certs.clear(); |
| 643 cert_request_info->valid_cas.clear(); |
| 644 cert_request_info->valid_key_types.clear(); |
| 645 |
| 646 // Convert the list of CA Principals to encoded form. |
| 647 // Note that SSL_get_client_CA_list() doesn't increment the |
| 648 // reference count of the returned list items, there is no |
| 649 // need to used a scoped type here. |
| 650 STACK_OF(X509_NAME)* client_cas = SSL_get_client_CA_list(ssl_); |
| 651 if (client_cas != NULL) { |
| 652 int count = 0; |
| 653 for (int n = 0; n < sk_X509_NAME_num(client_cas); ++n) { |
| 654 X509_NAME* ca_name = sk_X509_NAME_value(client_cas, n); |
| 655 if (ca_name == NULL) |
| 656 continue; |
| 657 |
| 658 unsigned char* encoded_name = NULL; |
| 659 int encoded_len = i2d_X509_NAME(ca_name, &encoded_name); |
| 660 if (encoded_len > 0) { |
| 661 // push an empty string in the vector, then assign it the |
| 662 // encoded content, this avoids an extra copy. |
| 663 cert_request_info->valid_cas.push_back(std::string()); |
| 664 cert_request_info->valid_cas[count].assign( |
| 665 reinterpret_cast<const char*>(encoded_name), |
| 666 static_cast<size_t>(encoded_len)); |
| 667 count++; |
| 668 OPENSSL_free(encoded_name); |
| 669 } |
| 670 } |
| 671 } |
| 672 |
| 673 // There is no OpenSSL API to retrieve the list of certificate key |
| 674 // types from the "CertificateRequest" message for now, so hard-code |
| 675 // RSA, which is by far the most common one. crbug.com/165446 |
| 676 cert_request_info->valid_key_types.push_back(CLIENT_CERT_RSA_SIGN); |
642 } | 677 } |
643 | 678 |
644 int SSLClientSocketOpenSSL::ExportKeyingMaterial( | 679 int SSLClientSocketOpenSSL::ExportKeyingMaterial( |
645 const base::StringPiece& label, | 680 const base::StringPiece& label, |
646 bool has_context, const base::StringPiece& context, | 681 bool has_context, const base::StringPiece& context, |
647 unsigned char* out, unsigned int outlen) { | 682 unsigned char* out, unsigned int outlen) { |
648 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 683 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
649 | 684 |
650 int rv = SSL_export_keying_material( | 685 int rv = SSL_export_keying_material( |
651 ssl_, out, outlen, const_cast<char*>(label.data()), | 686 ssl_, out, outlen, const_cast<char*>(label.data()), |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
753 user_read_callback_.Reset(); | 788 user_read_callback_.Reset(); |
754 user_write_callback_.Reset(); | 789 user_write_callback_.Reset(); |
755 user_read_buf_ = NULL; | 790 user_read_buf_ = NULL; |
756 user_read_buf_len_ = 0; | 791 user_read_buf_len_ = 0; |
757 user_write_buf_ = NULL; | 792 user_write_buf_ = NULL; |
758 user_write_buf_len_ = 0; | 793 user_write_buf_len_ = 0; |
759 | 794 |
760 server_cert_verify_result_.Reset(); | 795 server_cert_verify_result_.Reset(); |
761 completed_handshake_ = false; | 796 completed_handshake_ = false; |
762 | 797 |
763 client_certs_.clear(); | |
764 client_auth_cert_needed_ = false; | 798 client_auth_cert_needed_ = false; |
765 } | 799 } |
766 | 800 |
767 int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) { | 801 int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) { |
768 int rv = last_io_result; | 802 int rv = last_io_result; |
769 do { | 803 do { |
770 // Default to STATE_NONE for next state. | 804 // Default to STATE_NONE for next state. |
771 // (This is a quirk carried over from the windows | 805 // (This is a quirk carried over from the windows |
772 // implementation. It makes reading the logs a bit harder.) | 806 // implementation. It makes reading the logs a bit harder.) |
773 // State handlers can and often do call GotoState just | 807 // State handlers can and often do call GotoState just |
(...skipping 548 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1322 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 1356 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
1323 user_write_buf_->data()); | 1357 user_write_buf_->data()); |
1324 return rv; | 1358 return rv; |
1325 } | 1359 } |
1326 | 1360 |
1327 int err = SSL_get_error(ssl_, rv); | 1361 int err = SSL_get_error(ssl_, rv); |
1328 return MapOpenSSLError(err, err_tracer); | 1362 return MapOpenSSLError(err, err_tracer); |
1329 } | 1363 } |
1330 | 1364 |
1331 } // namespace net | 1365 } // namespace net |
OLD | NEW |