OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2008 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2008 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
(...skipping 817 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
828 } | 828 } |
829 | 829 |
830 if (!ok && ignore_bad_cert()) { | 830 if (!ok && ignore_bad_cert()) { |
831 LOG(LS_INFO) << "Other TLS post connection checks failed."; | 831 LOG(LS_INFO) << "Other TLS post connection checks failed."; |
832 ok = true; | 832 ok = true; |
833 } | 833 } |
834 | 834 |
835 return ok; | 835 return ok; |
836 } | 836 } |
837 | 837 |
838 #if _DEBUG | 838 #if !defined(NDEBUG) |
839 | 839 |
840 // We only use this for tracing and so it is only needed in debug mode | 840 // We only use this for tracing and so it is only needed in debug mode |
841 | 841 |
842 void | 842 void |
843 OpenSSLAdapter::SSLInfoCallback(const SSL* s, int where, int ret) { | 843 OpenSSLAdapter::SSLInfoCallback(const SSL* s, int where, int ret) { |
844 const char* str = "undefined"; | 844 const char* str = "undefined"; |
845 int w = where & ~SSL_ST_MASK; | 845 int w = where & ~SSL_ST_MASK; |
846 if (w & SSL_ST_CONNECT) { | 846 if (w & SSL_ST_CONNECT) { |
847 str = "SSL_connect"; | 847 str = "SSL_connect"; |
848 } else if (w & SSL_ST_ACCEPT) { | 848 } else if (w & SSL_ST_ACCEPT) { |
849 str = "SSL_accept"; | 849 str = "SSL_accept"; |
850 } | 850 } |
851 if (where & SSL_CB_LOOP) { | 851 if (where & SSL_CB_LOOP) { |
852 LOG(LS_INFO) << str << ":" << SSL_state_string_long(s); | 852 LOG(LS_INFO) << str << ":" << SSL_state_string_long(s); |
853 } else if (where & SSL_CB_ALERT) { | 853 } else if (where & SSL_CB_ALERT) { |
854 str = (where & SSL_CB_READ) ? "read" : "write"; | 854 str = (where & SSL_CB_READ) ? "read" : "write"; |
855 LOG(LS_INFO) << "SSL3 alert " << str | 855 LOG(LS_INFO) << "SSL3 alert " << str |
856 << ":" << SSL_alert_type_string_long(ret) | 856 << ":" << SSL_alert_type_string_long(ret) |
857 << ":" << SSL_alert_desc_string_long(ret); | 857 << ":" << SSL_alert_desc_string_long(ret); |
858 } else if (where & SSL_CB_EXIT) { | 858 } else if (where & SSL_CB_EXIT) { |
859 if (ret == 0) { | 859 if (ret == 0) { |
860 LOG(LS_INFO) << str << ":failed in " << SSL_state_string_long(s); | 860 LOG(LS_INFO) << str << ":failed in " << SSL_state_string_long(s); |
861 } else if (ret < 0) { | 861 } else if (ret < 0) { |
862 LOG(LS_INFO) << str << ":error in " << SSL_state_string_long(s); | 862 LOG(LS_INFO) << str << ":error in " << SSL_state_string_long(s); |
863 } | 863 } |
864 } | 864 } |
865 } | 865 } |
866 | 866 |
867 #endif // _DEBUG | 867 #endif |
868 | 868 |
869 int | 869 int |
870 OpenSSLAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) { | 870 OpenSSLAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) { |
871 #if _DEBUG | 871 #if !defined(NDEBUG) |
872 if (!ok) { | 872 if (!ok) { |
873 char data[256]; | 873 char data[256]; |
874 X509* cert = X509_STORE_CTX_get_current_cert(store); | 874 X509* cert = X509_STORE_CTX_get_current_cert(store); |
875 int depth = X509_STORE_CTX_get_error_depth(store); | 875 int depth = X509_STORE_CTX_get_error_depth(store); |
876 int err = X509_STORE_CTX_get_error(store); | 876 int err = X509_STORE_CTX_get_error(store); |
877 | 877 |
878 LOG(LS_INFO) << "Error with certificate at depth: " << depth; | 878 LOG(LS_INFO) << "Error with certificate at depth: " << depth; |
879 X509_NAME_oneline(X509_get_issuer_name(cert), data, sizeof(data)); | 879 X509_NAME_oneline(X509_get_issuer_name(cert), data, sizeof(data)); |
880 LOG(LS_INFO) << " issuer = " << data; | 880 LOG(LS_INFO) << " issuer = " << data; |
881 X509_NAME_oneline(X509_get_subject_name(cert), data, sizeof(data)); | 881 X509_NAME_oneline(X509_get_subject_name(cert), data, sizeof(data)); |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
942 LOG(LS_WARNING) << "SSL_CTX creation failed: " | 942 LOG(LS_WARNING) << "SSL_CTX creation failed: " |
943 << '"' << ERR_reason_error_string(error) << "\" " | 943 << '"' << ERR_reason_error_string(error) << "\" " |
944 << "(error=" << error << ')'; | 944 << "(error=" << error << ')'; |
945 return NULL; | 945 return NULL; |
946 } | 946 } |
947 if (!ConfigureTrustedRootCertificates(ctx)) { | 947 if (!ConfigureTrustedRootCertificates(ctx)) { |
948 SSL_CTX_free(ctx); | 948 SSL_CTX_free(ctx); |
949 return NULL; | 949 return NULL; |
950 } | 950 } |
951 | 951 |
952 #ifdef _DEBUG | 952 #if !defined(NDEBUG) |
953 SSL_CTX_set_info_callback(ctx, SSLInfoCallback); | 953 SSL_CTX_set_info_callback(ctx, SSLInfoCallback); |
954 #endif | 954 #endif |
955 | 955 |
956 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback); | 956 SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, SSLVerifyCallback); |
957 SSL_CTX_set_verify_depth(ctx, 4); | 957 SSL_CTX_set_verify_depth(ctx, 4); |
958 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); | 958 SSL_CTX_set_cipher_list(ctx, "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"); |
959 | 959 |
960 if (ssl_mode_ == SSL_MODE_DTLS) { | 960 if (ssl_mode_ == SSL_MODE_DTLS) { |
961 SSL_CTX_set_read_ahead(ctx, 1); | 961 SSL_CTX_set_read_ahead(ctx, 1); |
962 } | 962 } |
963 | 963 |
964 return ctx; | 964 return ctx; |
965 } | 965 } |
966 | 966 |
967 } // namespace rtc | 967 } // namespace rtc |
968 | 968 |
969 #endif // HAVE_OPENSSL_SSL_H | 969 #endif // HAVE_OPENSSL_SSL_H |
OLD | NEW |