| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
| (...skipping 547 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 558 | 558 |
| 559 int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, | 559 int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, |
| 560 X509** x509, | 560 X509** x509, |
| 561 EVP_PKEY** pkey) { | 561 EVP_PKEY** pkey) { |
| 562 DVLOG(3) << "OpenSSL ClientCertRequestCallback called"; | 562 DVLOG(3) << "OpenSSL ClientCertRequestCallback called"; |
| 563 DCHECK(ssl == ssl_); | 563 DCHECK(ssl == ssl_); |
| 564 DCHECK(*x509 == NULL); | 564 DCHECK(*x509 == NULL); |
| 565 DCHECK(*pkey == NULL); | 565 DCHECK(*pkey == NULL); |
| 566 | 566 |
| 567 if (!ssl_config_.send_client_cert) { | 567 if (!ssl_config_.send_client_cert) { |
| 568 // First pass: we know that a client certificate is needed, but we do not |
| 569 // have one at hand. |
| 568 client_auth_cert_needed_ = true; | 570 client_auth_cert_needed_ = true; |
| 571 STACK_OF(X509_NAME) *authorities = SSL_get_client_CA_list(ssl); |
| 572 for (int i = 0; i < sk_X509_NAME_num(authorities); i++) { |
| 573 X509_NAME *ca_name = (X509_NAME *)sk_X509_NAME_value(authorities, i); |
| 574 unsigned char* str = NULL; |
| 575 int length = i2d_X509_NAME(ca_name, &str); |
| 576 cert_authorities_.push_back(std::string( |
| 577 reinterpret_cast<const char*>(str), |
| 578 static_cast<size_t>(length))); |
| 579 OPENSSL_free(str); |
| 580 } |
| 581 |
| 569 return -1; // Suspends handshake. | 582 return -1; // Suspends handshake. |
| 570 } | 583 } |
| 571 | 584 |
| 572 // Second pass: a client certificate should have been selected. | 585 // Second pass: a client certificate should have been selected. |
| 573 if (ssl_config_.client_cert) { | 586 if (ssl_config_.client_cert) { |
| 574 EVP_PKEY* privkey = OpenSSLPrivateKeyStore::GetInstance()->FetchPrivateKey( | 587 EVP_PKEY* privkey = OpenSSLPrivateKeyStore::GetInstance()->FetchPrivateKey( |
| 575 X509_PUBKEY_get(X509_get_X509_PUBKEY( | 588 X509_PUBKEY_get(X509_get_X509_PUBKEY( |
| 576 ssl_config_.client_cert->os_cert_handle()))); | 589 ssl_config_.client_cert->os_cert_handle()))); |
| 577 if (privkey) { | 590 if (privkey) { |
| 578 // TODO(joth): (copied from NSS) We should wait for server certificate | 591 // TODO(joth): (copied from NSS) We should wait for server certificate |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 630 << " compression = " | 643 << " compression = " |
| 631 << SSLConnectionStatusToCompression(ssl_info->connection_status) | 644 << SSLConnectionStatusToCompression(ssl_info->connection_status) |
| 632 << " version = " | 645 << " version = " |
| 633 << SSLConnectionStatusToVersion(ssl_info->connection_status); | 646 << SSLConnectionStatusToVersion(ssl_info->connection_status); |
| 634 return true; | 647 return true; |
| 635 } | 648 } |
| 636 | 649 |
| 637 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( | 650 void SSLClientSocketOpenSSL::GetSSLCertRequestInfo( |
| 638 SSLCertRequestInfo* cert_request_info) { | 651 SSLCertRequestInfo* cert_request_info) { |
| 639 cert_request_info->host_and_port = host_and_port_.ToString(); | 652 cert_request_info->host_and_port = host_and_port_.ToString(); |
| 653 cert_request_info->cert_authorities = cert_authorities_; |
| 640 cert_request_info->client_certs = client_certs_; | 654 cert_request_info->client_certs = client_certs_; |
| 641 } | 655 } |
| 642 | 656 |
| 643 int SSLClientSocketOpenSSL::ExportKeyingMaterial( | 657 int SSLClientSocketOpenSSL::ExportKeyingMaterial( |
| 644 const base::StringPiece& label, | 658 const base::StringPiece& label, |
| 645 bool has_context, const base::StringPiece& context, | 659 bool has_context, const base::StringPiece& context, |
| 646 unsigned char* out, unsigned int outlen) { | 660 unsigned char* out, unsigned int outlen) { |
| 647 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 661 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 648 | 662 |
| 649 int rv = SSL_export_keying_material( | 663 int rv = SSL_export_keying_material( |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 752 user_read_callback_.Reset(); | 766 user_read_callback_.Reset(); |
| 753 user_write_callback_.Reset(); | 767 user_write_callback_.Reset(); |
| 754 user_read_buf_ = NULL; | 768 user_read_buf_ = NULL; |
| 755 user_read_buf_len_ = 0; | 769 user_read_buf_len_ = 0; |
| 756 user_write_buf_ = NULL; | 770 user_write_buf_ = NULL; |
| 757 user_write_buf_len_ = 0; | 771 user_write_buf_len_ = 0; |
| 758 | 772 |
| 759 server_cert_verify_result_.Reset(); | 773 server_cert_verify_result_.Reset(); |
| 760 completed_handshake_ = false; | 774 completed_handshake_ = false; |
| 761 | 775 |
| 776 cert_authorities_.clear(); |
| 762 client_certs_.clear(); | 777 client_certs_.clear(); |
| 763 client_auth_cert_needed_ = false; | 778 client_auth_cert_needed_ = false; |
| 764 } | 779 } |
| 765 | 780 |
| 766 int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) { | 781 int SSLClientSocketOpenSSL::DoHandshakeLoop(int last_io_result) { |
| 767 int rv = last_io_result; | 782 int rv = last_io_result; |
| 768 do { | 783 do { |
| 769 // Default to STATE_NONE for next state. | 784 // Default to STATE_NONE for next state. |
| 770 // (This is a quirk carried over from the windows | 785 // (This is a quirk carried over from the windows |
| 771 // implementation. It makes reading the logs a bit harder.) | 786 // implementation. It makes reading the logs a bit harder.) |
| (...skipping 564 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1336 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 1351 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
| 1337 user_write_buf_->data()); | 1352 user_write_buf_->data()); |
| 1338 return rv; | 1353 return rv; |
| 1339 } | 1354 } |
| 1340 | 1355 |
| 1341 int err = SSL_get_error(ssl_, rv); | 1356 int err = SSL_get_error(ssl_, rv); |
| 1342 return MapOpenSSLError(err, err_tracer); | 1357 return MapOpenSSLError(err, err_tracer); |
| 1343 } | 1358 } |
| 1344 | 1359 |
| 1345 } // namespace net | 1360 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11739004:
Add server certificate request parameters to be stored in SSLCertRequestInfo. (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master