| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <openssl/ssl.h> | 10 #include <openssl/ssl.h> |
| (...skipping 567 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 578 reinterpret_cast<const char*>(str), | 578 reinterpret_cast<const char*>(str), |
| 579 static_cast<size_t>(length))); | 579 static_cast<size_t>(length))); |
| 580 OPENSSL_free(str); | 580 OPENSSL_free(str); |
| 581 } | 581 } |
| 582 | 582 |
| 583 return -1; // Suspends handshake. | 583 return -1; // Suspends handshake. |
| 584 } | 584 } |
| 585 | 585 |
| 586 // Second pass: a client certificate should have been selected. | 586 // Second pass: a client certificate should have been selected. |
| 587 if (ssl_config_.client_cert) { | 587 if (ssl_config_.client_cert) { |
| 588 EVP_PKEY* privkey = OpenSSLPrivateKeyStore::GetInstance()->FetchPrivateKey( | 588 // A note about ownership: FetchClientCertPrivateKey() increments |
| 589 X509_PUBKEY_get(X509_get_X509_PUBKEY( | 589 // the reference count of the returned EVP_PKEY, which is later |
| 590 ssl_config_.client_cert->os_cert_handle()))); | 590 // passed directly to OpenSSL. The library will later call |
| 591 // EVP_PKEY_free() on it when the SSL object is destroyed. |
| 592 EVP_PKEY* privkey = |
| 593 OpenSSLPrivateKeyStore::GetInstance()->FetchClientCertPrivateKey( |
| 594 *ssl_config_.client_cert.get()); |
| 591 if (privkey) { | 595 if (privkey) { |
| 592 // TODO(joth): (copied from NSS) We should wait for server certificate | 596 // TODO(joth): (copied from NSS) We should wait for server certificate |
| 593 // verification before sending our credentials. See http://crbug.com/13934 | 597 // verification before sending our credentials. See http://crbug.com/13934 |
| 594 *x509 = X509Certificate::DupOSCertHandle( | 598 *x509 = X509Certificate::DupOSCertHandle( |
| 595 ssl_config_.client_cert->os_cert_handle()); | 599 ssl_config_.client_cert->os_cert_handle()); |
| 596 *pkey = privkey; | 600 *pkey = privkey; |
| 597 return 1; | 601 return 1; |
| 598 } | 602 } |
| 599 LOG(WARNING) << "Client cert found without private key"; | 603 LOG(WARNING) << "Client cert found without private key"; |
| 600 } | 604 } |
| (...skipping 763 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1364 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, | 1368 net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv, |
| 1365 user_write_buf_->data()); | 1369 user_write_buf_->data()); |
| 1366 return rv; | 1370 return rv; |
| 1367 } | 1371 } |
| 1368 | 1372 |
| 1369 int err = SSL_get_error(ssl_, rv); | 1373 int err = SSL_get_error(ssl_, rv); |
| 1370 return MapOpenSSLError(err, err_tracer); | 1374 return MapOpenSSLError(err, err_tracer); |
| 1371 } | 1375 } |
| 1372 | 1376 |
| 1373 } // namespace net | 1377 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 12220104:
Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed)
Base URL: http://git.chromium.org/chromium/src.git@master