Chromium Code Reviews| Index: content/browser/renderer_host/pepper_tcp_socket.cc |
| diff --git a/content/browser/renderer_host/pepper_tcp_socket.cc b/content/browser/renderer_host/pepper_tcp_socket.cc |
| index e80e8e65f7772ee5b12c7c96a79f9061bee324d4..b960e5b7d43b8963d3ffca8323a9763b08d99aa9 100644 |
| --- a/content/browser/renderer_host/pepper_tcp_socket.cc |
| +++ b/content/browser/renderer_host/pepper_tcp_socket.cc |
| @@ -104,8 +104,11 @@ void PepperTCPSocket::ConnectWithNetAddress( |
| StartConnect(address_list_); |
| } |
| -void PepperTCPSocket::SSLHandshake(const std::string& server_name, |
| - uint16_t server_port) { |
| +void PepperTCPSocket::SSLHandshake( |
| + const std::string& server_name, |
| + uint16_t server_port, |
| + const std::vector<std::vector<char> >& trusted_certs, |
| + const std::vector<std::vector<char> >& untrusted_certs) { |
| DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); |
| // Allow to do SSL handshake only if currently the socket has been connected |
| @@ -119,6 +122,8 @@ void PepperTCPSocket::SSLHandshake(const std::string& server_name, |
| } |
| connection_state_ = SSL_HANDSHAKE_IN_PROGRESS; |
| + // TODO(raymes,rsleevi): Use trusted/untrusted certificates when connecting. |
| + |
| net::ClientSocketHandle* handle = new net::ClientSocketHandle(); |
| handle->set_socket(socket_.release()); |
| net::ClientSocketFactory* factory = |
| @@ -275,8 +280,25 @@ void PepperTCPSocket::SendWriteACKError() { |
| } |
| void PepperTCPSocket::SendSSLHandshakeACK(bool succeeded) { |
| + ppapi::PPB_X509Certificate_Fields certificate_fields; |
| + if (succeeded) { |
| + CHECK(socket_.get()); |
|
yzshen1
2012/04/06 19:24:33
You don't need this CHECK, it will die below if it
raymes
2012/04/06 23:22:47
Done.
|
| + // Our socket is guaranteed to be an SSL socket if we get here. |
| + net::SSLClientSocket* ssl_socket = |
| + static_cast<net::SSLClientSocket*>(socket_.get()); |
| + net::SSLInfo ssl_info; |
| + ssl_socket->GetSSLInfo(&ssl_info); |
| + CHECK(ssl_info.cert.get()); |
|
Ryan Sleevi
2012/04/06 00:37:49
Note that this can fail for a variety of reasons.
raymes
2012/04/06 23:22:47
Done.
|
| + bool success = GetCertificateFields(*ssl_info.cert, |
| + &certificate_fields); |
| + CHECK(success); |
|
yzshen1
2012/04/06 19:24:33
If it failed, do we have to crash the whole browse
raymes
2012/04/06 23:22:47
Probably not. If we can't correctly parse the cert
|
| + } |
| manager_->Send(new PpapiMsg_PPBTCPSocket_SSLHandshakeACK( |
| - routing_id_, plugin_dispatcher_id_, socket_id_, succeeded)); |
| + routing_id_, |
| + plugin_dispatcher_id_, |
| + socket_id_, |
| + succeeded, |
| + certificate_fields)); |
| } |
| void PepperTCPSocket::OnResolveCompleted(int result) { |