summaryrefslogtreecommitdiffstats
path: root/chromium/net/socket/ssl_client_socket_openssl.h
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/socket/ssl_client_socket_openssl.h')
-rw-r--r--chromium/net/socket/ssl_client_socket_openssl.h28
1 files changed, 25 insertions, 3 deletions
diff --git a/chromium/net/socket/ssl_client_socket_openssl.h b/chromium/net/socket/ssl_client_socket_openssl.h
index 5f4800a08de..5d70c0523fa 100644
--- a/chromium/net/socket/ssl_client_socket_openssl.h
+++ b/chromium/net/socket/ssl_client_socket_openssl.h
@@ -16,6 +16,7 @@
#include "net/socket/client_socket_handle.h"
#include "net/socket/ssl_client_socket.h"
#include "net/ssl/server_bound_cert_service.h"
+#include "net/ssl/ssl_client_cert_type.h"
#include "net/ssl/ssl_config_service.h"
// Avoid including misc OpenSSL headers, i.e.:
@@ -27,6 +28,8 @@ typedef struct evp_pkey_st EVP_PKEY;
typedef struct ssl_st SSL;
// <openssl/x509.h>
typedef struct x509_st X509;
+// <openssl/ossl_type.h>
+typedef struct x509_store_ctx_st X509_STORE_CTX;
namespace net {
@@ -87,15 +90,21 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
const CompletionCallback& callback) OVERRIDE;
virtual int Write(IOBuffer* buf, int buf_len,
const CompletionCallback& callback) OVERRIDE;
- virtual bool SetReceiveBufferSize(int32 size) OVERRIDE;
- virtual bool SetSendBufferSize(int32 size) OVERRIDE;
+ virtual int SetReceiveBufferSize(int32 size) OVERRIDE;
+ virtual int SetSendBufferSize(int32 size) OVERRIDE;
+
+ protected:
+ // SSLClientSocket implementation.
+ virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain()
+ const OVERRIDE;
private:
+ class PeerCertificateChain;
class SSLContext;
friend class SSLClientSocket;
friend class SSLContext;
- bool Init();
+ int Init();
void DoReadCallback(int result);
void DoWriteCallback(int result);
@@ -131,6 +140,11 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
// Channel IDs.
void ChannelIDRequestCallback(SSL* ssl, EVP_PKEY** pkey);
+ // CertVerifyCallback is called to verify the server's certificates. We do
+ // verification after the handshake so this function only enforces that the
+ // certificates don't change during renegotiation.
+ int CertVerifyCallback(X509_STORE_CTX *store_ctx);
+
// Callback from the SSL layer to check which NPN protocol we are supporting
int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen,
const unsigned char* in, unsigned int inlen);
@@ -169,16 +183,24 @@ class SSLClientSocketOpenSSL : public SSLClientSocket {
int transport_write_error_;
// Set when handshake finishes.
+ scoped_ptr<PeerCertificateChain> server_cert_chain_;
scoped_refptr<X509Certificate> server_cert_;
CertVerifyResult server_cert_verify_result_;
bool completed_handshake_;
+ // Set when Read() or Write() successfully reads or writes data to or from the
+ // network.
+ bool was_ever_used_;
+
// Stores client authentication information between ClientAuthHandler and
// GetSSLCertRequestInfo calls.
bool client_auth_cert_needed_;
// List of DER-encoded X.509 DistinguishedName of certificate authorities
// allowed by the server.
std::vector<std::string> cert_authorities_;
+ // List of SSLClientCertType values for client certificates allowed by the
+ // server.
+ std::vector<SSLClientCertType> cert_key_types_;
CertVerifier* const cert_verifier_;
scoped_ptr<SingleRequestCertVerifier> verifier_;
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 19:10:09 +0000