Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(357)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_openssl.cc

Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: remove chrome/browser changes + fix linux_redux build Created 7 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/data/ssl/certificates/client_2_root.pem ('K') | « net/net.gyp ('k') | net/socket/ssl_client_socket_openssl_unittest.cc » ('j') | net/socket/ssl_client_socket_openssl_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index e14527cfb8d56d69219a7ebd1520ba736e46df8c..75b614c78be660c0fa2deecc05b1c4c339ba6e02 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -585,15 +585,18 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
// Second pass: a client certificate should have been selected.
if (ssl_config_.client_cert) {
- EVP_PKEY* privkey = OpenSSLPrivateKeyStore::GetInstance()->FetchPrivateKey(
- X509_PUBKEY_get(X509_get_X509_PUBKEY(
- ssl_config_.client_cert->os_cert_handle())));
- if (privkey) {
+ // A note about ownership: FetchClientCertPrivateKey() increments
+ // the reference count of the returned EVP_PKEY, which is later
+ // passed directly to OpenSSL. The library will later call
+ // EVP_PKEY_free() on it when the SSL object is destroyed.
+ OpenSSLPrivateKeyStore::ScopedEVP_PKEY privkey;
+ if (OpenSSLPrivateKeyStore::GetInstance()->FetchClientCertPrivateKey(
+ ssl_config_.client_cert.get(), &privkey)) {
// TODO(joth): (copied from NSS) We should wait for server certificate
// verification before sending our credentials. See http://crbug.com/13934
*x509 = X509Certificate::DupOSCertHandle(
ssl_config_.client_cert->os_cert_handle());
- *pkey = privkey;
+ *pkey = privkey.release();
return 1;
}
LOG(WARNING) << "Client cert found without private key";
@@ -607,6 +610,10 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
ssl_info->Reset();
+
+ ssl_info->client_cert_sent =
+ ssl_config_.send_client_cert && ssl_config_.client_cert;
+
if (!server_cert_)
return false;
@@ -616,8 +623,6 @@ bool SSLClientSocketOpenSSL::GetSSLInfo(SSLInfo* ssl_info) {
server_cert_verify_result_.is_issued_by_known_root;
ssl_info->public_key_hashes =
server_cert_verify_result_.public_key_hashes;
- ssl_info->client_cert_sent =
- ssl_config_.send_client_cert && ssl_config_.client_cert;
ssl_info->channel_id_sent = WasChannelIDSent();
const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl_);
« net/data/ssl/certificates/client_2_root.pem ('K') | « net/net.gyp ('k') | net/socket/ssl_client_socket_openssl_unittest.cc » ('j') | net/socket/ssl_client_socket_openssl_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698