OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 468 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
479 rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, | 479 rv = SSL_GetClientAuthDataHook(ssl_fd_, GetClientAuthDataHook, |
480 this); | 480 this); |
481 if (rv != SECSuccess) { | 481 if (rv != SECSuccess) { |
482 Error("BeginSSL", -1, false); | 482 Error("BeginSSL", -1, false); |
483 return -1; | 483 return -1; |
484 } | 484 } |
485 } else { | 485 } else { |
486 LOG(LS_INFO) << "BeginSSL: as server"; | 486 LOG(LS_INFO) << "BeginSSL: as server"; |
487 NSSIdentity *identity; | 487 NSSIdentity *identity; |
488 | 488 |
489 if (identity_.get()) { | 489 if (dtlscertificate_.get()) { |
490 identity = static_cast<NSSIdentity *>(identity_.get()); | 490 identity = static_cast<NSSIdentity *>(dtlscertificate_->identity()); |
491 } else { | 491 } else { |
492 LOG(LS_ERROR) << "Can't be an SSL server without an identity"; | 492 LOG(LS_ERROR) << "Can't be an SSL server without an identity"; |
493 Error("BeginSSL", -1, false); | 493 Error("BeginSSL", -1, false); |
494 return -1; | 494 return -1; |
495 } | 495 } |
496 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(), | 496 rv = SSL_ConfigSecureServer(ssl_fd_, identity->certificate().certificate(), |
497 identity->keypair()->privkey(), | 497 identity->keypair()->privkey(), |
498 kt_rsa); | 498 kt_rsa); |
499 if (rv != SECSuccess) { | 499 if (rv != SECSuccess) { |
500 Error("BeginSSL", -1, false); | 500 Error("BeginSSL", -1, false); |
(...skipping 150 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
651 void NSSStreamAdapter::Cleanup() { | 651 void NSSStreamAdapter::Cleanup() { |
652 if (state_ != SSL_ERROR) { | 652 if (state_ != SSL_ERROR) { |
653 state_ = SSL_CLOSED; | 653 state_ = SSL_CLOSED; |
654 } | 654 } |
655 | 655 |
656 if (ssl_fd_) { | 656 if (ssl_fd_) { |
657 PR_Close(ssl_fd_); | 657 PR_Close(ssl_fd_); |
658 ssl_fd_ = NULL; | 658 ssl_fd_ = NULL; |
659 } | 659 } |
660 | 660 |
661 identity_.reset(); | 661 dtlscertificate_ = nullptr; |
662 peer_certificate_.reset(); | 662 peer_certificate_.reset(); |
663 | 663 |
664 Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT); | 664 Thread::Current()->Clear(this, MSG_DTLS_TIMEOUT); |
665 } | 665 } |
666 | 666 |
667 bool NSSStreamAdapter::GetDigestLength(const std::string& algorithm, | 667 bool NSSStreamAdapter::GetDigestLength(const std::string& algorithm, |
668 size_t* length) { | 668 size_t* length) { |
669 return NSSCertificate::GetDigestLength(algorithm, length); | 669 return NSSCertificate::GetDigestLength(algorithm, length); |
670 } | 670 } |
671 | 671 |
(...skipping 233 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
905 } | 905 } |
906 | 906 |
907 | 907 |
908 SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd, | 908 SECStatus NSSStreamAdapter::GetClientAuthDataHook(void *arg, PRFileDesc *fd, |
909 CERTDistNames *caNames, | 909 CERTDistNames *caNames, |
910 CERTCertificate **pRetCert, | 910 CERTCertificate **pRetCert, |
911 SECKEYPrivateKey **pRetKey) { | 911 SECKEYPrivateKey **pRetKey) { |
912 LOG(LS_INFO) << "Client cert requested"; | 912 LOG(LS_INFO) << "Client cert requested"; |
913 NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg); | 913 NSSStreamAdapter *stream = reinterpret_cast<NSSStreamAdapter *>(arg); |
914 | 914 |
915 if (!stream->identity_.get()) { | 915 if (!stream->dtlscertificate_.get()) { |
916 LOG(LS_ERROR) << "No identity available"; | 916 LOG(LS_ERROR) << "No identity available"; |
917 return SECFailure; | 917 return SECFailure; |
918 } | 918 } |
919 | 919 |
920 NSSIdentity *identity = static_cast<NSSIdentity *>(stream->identity_.get()); | 920 NSSIdentity *identity = static_cast<NSSIdentity *>( |
| 921 stream->dtlscertificate_->identity()); |
921 // Destroyed internally by NSS | 922 // Destroyed internally by NSS |
922 *pRetCert = CERT_DupCertificate(identity->certificate().certificate()); | 923 *pRetCert = CERT_DupCertificate(identity->certificate().certificate()); |
923 *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey()); | 924 *pRetKey = SECKEY_CopyPrivateKey(identity->keypair()->privkey()); |
924 | 925 |
925 return SECSuccess; | 926 return SECSuccess; |
926 } | 927 } |
927 | 928 |
928 bool NSSStreamAdapter::GetSslCipher(std::string* cipher) { | 929 bool NSSStreamAdapter::GetSslCipher(std::string* cipher) { |
929 ASSERT(state_ == SSL_CONNECTED); | 930 ASSERT(state_ == SSL_CONNECTED); |
930 if (state_ != SSL_CONNECTED) | 931 if (state_ != SSL_CONNECTED) |
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1100 return kDefaultSslCipher10; | 1101 return kDefaultSslCipher10; |
1101 case SSL_PROTOCOL_TLS_12: | 1102 case SSL_PROTOCOL_TLS_12: |
1102 default: | 1103 default: |
1103 return kDefaultSslCipher12; | 1104 return kDefaultSslCipher12; |
1104 } | 1105 } |
1105 } | 1106 } |
1106 | 1107 |
1107 } // namespace rtc | 1108 } // namespace rtc |
1108 | 1109 |
1109 #endif // HAVE_NSS_SSL_H | 1110 #endif // HAVE_NSS_SSL_H |
OLD | NEW |