diff options
Diffstat (limited to 'chromium/net/socket/ssl_client_socket_openssl.h')
-rw-r--r-- | chromium/net/socket/ssl_client_socket_openssl.h | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/chromium/net/socket/ssl_client_socket_openssl.h b/chromium/net/socket/ssl_client_socket_openssl.h index 5f4800a08de..5d70c0523fa 100644 --- a/chromium/net/socket/ssl_client_socket_openssl.h +++ b/chromium/net/socket/ssl_client_socket_openssl.h @@ -16,6 +16,7 @@ #include "net/socket/client_socket_handle.h" #include "net/socket/ssl_client_socket.h" #include "net/ssl/server_bound_cert_service.h" +#include "net/ssl/ssl_client_cert_type.h" #include "net/ssl/ssl_config_service.h" // Avoid including misc OpenSSL headers, i.e.: @@ -27,6 +28,8 @@ typedef struct evp_pkey_st EVP_PKEY; typedef struct ssl_st SSL; // <openssl/x509.h> typedef struct x509_st X509; +// <openssl/ossl_type.h> +typedef struct x509_store_ctx_st X509_STORE_CTX; namespace net { @@ -87,15 +90,21 @@ class SSLClientSocketOpenSSL : public SSLClientSocket { const CompletionCallback& callback) OVERRIDE; virtual int Write(IOBuffer* buf, int buf_len, const CompletionCallback& callback) OVERRIDE; - virtual bool SetReceiveBufferSize(int32 size) OVERRIDE; - virtual bool SetSendBufferSize(int32 size) OVERRIDE; + virtual int SetReceiveBufferSize(int32 size) OVERRIDE; + virtual int SetSendBufferSize(int32 size) OVERRIDE; + + protected: + // SSLClientSocket implementation. + virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain() + const OVERRIDE; private: + class PeerCertificateChain; class SSLContext; friend class SSLClientSocket; friend class SSLContext; - bool Init(); + int Init(); void DoReadCallback(int result); void DoWriteCallback(int result); @@ -131,6 +140,11 @@ class SSLClientSocketOpenSSL : public SSLClientSocket { // Channel IDs. void ChannelIDRequestCallback(SSL* ssl, EVP_PKEY** pkey); + // CertVerifyCallback is called to verify the server's certificates. We do + // verification after the handshake so this function only enforces that the + // certificates don't change during renegotiation. + int CertVerifyCallback(X509_STORE_CTX *store_ctx); + // Callback from the SSL layer to check which NPN protocol we are supporting int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen); @@ -169,16 +183,24 @@ class SSLClientSocketOpenSSL : public SSLClientSocket { int transport_write_error_; // Set when handshake finishes. + scoped_ptr<PeerCertificateChain> server_cert_chain_; scoped_refptr<X509Certificate> server_cert_; CertVerifyResult server_cert_verify_result_; bool completed_handshake_; + // Set when Read() or Write() successfully reads or writes data to or from the + // network. + bool was_ever_used_; + // Stores client authentication information between ClientAuthHandler and // GetSSLCertRequestInfo calls. bool client_auth_cert_needed_; // List of DER-encoded X.509 DistinguishedName of certificate authorities // allowed by the server. std::vector<std::string> cert_authorities_; + // List of SSLClientCertType values for client certificates allowed by the + // server. + std::vector<SSLClientCertType> cert_key_types_; CertVerifier* const cert_verifier_; scoped_ptr<SingleRequestCertVerifier> verifier_; |