Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1320)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/nssstreamadapter.cc

Issue 1269843005: Added DtlsCertificate, a ref counted object owning an SSLIdentity (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Trying to get iOS to compile Created 5 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« webrtc/base/base.gyp ('K') | « webrtc/base/base.gyp ('k') | webrtc/base/opensslstreamadapter.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 468 matching lines...) Expand 10 before | Expand all | Expand 10 after
479 rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, 479 rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook,
480 this); 480 this);
481 if (rv != SECSuccess) { 481 if (rv != SECSuccess) {
482 Error("BeginSSL", -1, false); 482 Error("BeginSSL", -1, false);
483 return -1; 483 return -1;
484 } 484 }
485 } else { 485 } else {
486 LOG(LS_INFO) << "BeginSSL: as server"; 486 LOG(LS_INFO) << "BeginSSL: as server";
487 NSSIdentity *identity; 487 NSSIdentity *identity;
488 488
489 if (identity_.get()) { 489 if (dtlscertificate_.get()) {
490 identity = static_cast<NSSIdentity *>(identity_.get()); 490 identity = static_cast<NSSIdentity *>(dtlscertificate_->identity());
491 } else { 491 } else {
492 LOG(LS_ERROR) << "Can't be an SSL server without an identity"; 492 LOG(LS_ERROR) << "Can't be an SSL server without an identity";
493 Error("BeginSSL", -1, false); 493 Error("BeginSSL", -1, false);
494 return -1; 494 return -1;
495 } 495 }
496 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(), 496 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(),
497 identity->keypair()->privkey(), 497 identity->keypair()->privkey(),
498 kt_rsa); 498 kt_rsa);
499 if (rv != SECSuccess) { 499 if (rv != SECSuccess) {
500 Error("BeginSSL", -1, false); 500 Error("BeginSSL", -1, false);
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after
651 void NSSStreamAdapter::Cleanup() { 651 void NSSStreamAdapter::Cleanup() {
652 if (state_ != SSL_ERROR) { 652 if (state_ != SSL_ERROR) {
653 state_ = SSL_CLOSED; 653 state_ = SSL_CLOSED;
654 } 654 }
655 655
656 if (ssl_fd_) { 656 if (ssl_fd_) {
657 PR_Close(ssl_fd_); 657 PR_Close(ssl_fd_);
658 ssl_fd_ = NULL; 658 ssl_fd_ = NULL;
659 } 659 }
660 660
661 identity_.reset(); 661 dtlscertificate_ = nullptr;
662 peer_certificate_.reset(); 662 peer_certificate_.reset();
663 663
664 Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT); 664 Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT);
665 } 665 }
666 666
667 bool NSSStreamAdapter::GetDigestLength(const std::string& algorithm, 667 bool NSSStreamAdapter::GetDigestLength(const std::string& algorithm,
668 size_t* length) { 668 size_t* length) {
669 return NSSCertificate::GetDigestLength(algorithm, length); 669 return NSSCertificate::GetDigestLength(algorithm, length);
670 } 670 }
671 671
(...skipping 233 matching lines...) Expand 10 before | Expand all | Expand 10 after
905 } 905 }
906 906
907 907
908 SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd, 908 SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd,
909 CERTDistNames *caNames, 909 CERTDistNames *caNames,
910 CERTCertificate **pRetCert, 910 CERTCertificate **pRetCert,
911 SECKEYPrivateKey **pRetKey) { 911 SECKEYPrivateKey **pRetKey) {
912 LOG(LS_INFO) << "Client cert requested"; 912 LOG(LS_INFO) << "Client cert requested";
913 NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg); 913 NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg);
914 914
915 if (!stream->identity_.get()) { 915 if (!stream->dtlscertificate_.get()) {
916 LOG(LS_ERROR) << "No identity available"; 916 LOG(LS_ERROR) << "No identity available";
917 return SECFailure; 917 return SECFailure;
918 } 918 }
919 919
920 NSSIdentity *identity = static_cast<NSSIdentity *>(stream->identity_.get()); 920 NSSIdentity *identity = static_cast<NSSIdentity *>(
921 stream->dtlscertificate_->identity());
921 // Destroyed internally by NSS 922 // Destroyed internally by NSS
922 *pRetCert = CERT_DupCertificate(identity->certificate().certificate()); 923 *pRetCert = CERT_DupCertificate(identity->certificate().certificate());
923 *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey()); 924 *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey());
924 925
925 return SECSuccess; 926 return SECSuccess;
926 } 927 }
927 928
928 bool NSSStreamAdapter::GetSslCipher(std::string* cipher) { 929 bool NSSStreamAdapter::GetSslCipher(std::string* cipher) {
929 ASSERT(state_ == SSL_CONNECTED); 930 ASSERT(state_ == SSL_CONNECTED);
930 if (state_ != SSL_CONNECTED) 931 if (state_ != SSL_CONNECTED)
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after
1100 return kDefaultSslCipher10; 1101 return kDefaultSslCipher10;
1101 case SSL_PROTOCOL_TLS_12: 1102 case SSL_PROTOCOL_TLS_12:
1102 default: 1103 default:
1103 return kDefaultSslCipher12; 1104 return kDefaultSslCipher12;
1104 } 1105 }
1105 } 1106 }
1106 1107
1107 } // namespace rtc 1108 } // namespace rtc
1108 1109
1109 #endif // HAVE_NSS_SSL_H 1110 #endif // HAVE_NSS_SSL_H
OLDNEW
« webrtc/base/base.gyp ('K') | « webrtc/base/base.gyp ('k') | webrtc/base/opensslstreamadapter.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698