net/socket/ssl_client_socket_openssl.cc - Issue 11458012: SSLCertRequestInfo: Add |valid_cas| and |valid_key_types|

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_openssl.cc

Issue 11458012: SSLCertRequestInfo: Add |valid_cas| and |valid_key_types| (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: trivial fix for Linux build Created 8 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_openssl.cc

diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc

index 37b494a7a825bc6462c444314f38303aecda11ce..6901864346f61217120a2b7cee7b042655655cbd 100644

--- a/net/socket/ssl_client_socket_openssl.cc

+++ b/net/socket/ssl_client_socket_openssl.cc

@@ -638,7 +638,42 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {

void SSLClientSocketOpenSSL::GetSSLCertRequestInfo(

SSLCertRequestInfo* cert_request_info) {

cert_request_info->host_and_port = host_and_port_.ToString();

- cert_request_info->client_certs = client_certs_;

+ cert_request_info->no_client_certs = true;

+ cert_request_info->client_certs.clear();

+ cert_request_info->valid_cas.clear();

+ cert_request_info->valid_key_types.clear();

+ // Convert the list of CA Principals to encoded form.

+ // Note that SSL_get_client_CA_list() doesn't increment the

+ // reference count of the returned list items, there is no

+ // need to used a scoped type here.

+ STACK_OF(X509_NAME)* client_cas = SSL_get_client_CA_list(ssl_);

+ if (client_cas != NULL) {

+ int count = 0;

+ for (int n = 0; n < sk_X509_NAME_num(client_cas); ++n) {

+ X509_NAME* ca_name = sk_X509_NAME_value(client_cas, n);

+ if (ca_name == NULL)

+ continue;

+ unsigned char* encoded_name = NULL;

+ int encoded_len = i2d_X509_NAME(ca_name, &encoded_name);

+ if (encoded_len > 0) {

+ // push an empty string in the vector, then assign it the

+ // encoded content, this avoids an extra copy.

+ cert_request_info->valid_cas.push_back(std::string());

+ cert_request_info->valid_cas[count].assign(

+ reinterpret_cast<const char*>(encoded_name),

+ static_cast<size_t>(encoded_len));

+ count++;

+ OPENSSL_free(encoded_name);

+ }

+ // There is no OpenSSL API to retrieve the list of certificate key

+ // types from the "CertificateRequest" message for now, so hard-code

+ // RSA, which is by far the most common one. crbug.com/165446

+ cert_request_info->valid_key_types.push_back(CLIENT_CERT_RSA_SIGN);

}

int SSLClientSocketOpenSSL::ExportKeyingMaterial(

@@ -760,7 +795,6 @@ void SSLClientSocketOpenSSL::Disconnect() {

server_cert_verify_result_.Reset();

completed_handshake_ = false;

- client_certs_.clear();

client_auth_cert_needed_ = false;

}

« net/base/x509_certificate.h ('K') | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket_stream/socket_stream.cc » ('j') | no next file with comments »