Relanding: Allow the DTLS fingerprint verification to occur after the handshake.

webrtc/base/opensslstreamadapter.cc

 /*
  *  Copyright 2004 The WebRTC Project Authors. All rights reserved.
  *
  *  Use of this source code is governed by a BSD-style license
  *  that can be found in the LICENSE file in the root of the source
  *  tree. An additional intellectual property rights grant can be found
  *  in the file PATENTS.  All contributing project authors may
  *  be found in the AUTHORS file in the root of the source tree.
  */
 
 #if HAVE_OPENSSL_SSL_H
 
 #include "webrtc/base/opensslstreamadapter.h"
 
 #include <openssl/bio.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
 #include <openssl/tls1.h>
 #include <openssl/x509v3.h>
 #ifndef OPENSSL_IS_BORINGSSL
 #include <openssl/dtls1.h>
 #endif
 
 #include <memory>
 #include <vector>
 
+#include "webrtc/base/checks.h"
 #include "webrtc/base/common.h"
 #include "webrtc/base/logging.h"
 #include "webrtc/base/safe_conversions.h"
 #include "webrtc/base/stream.h"
 #include "webrtc/base/openssl.h"
 #include "webrtc/base/openssladapter.h"
 #include "webrtc/base/openssldigest.h"
 #include "webrtc/base/opensslidentity.h"
 #include "webrtc/base/stringutils.h"
 #include "webrtc/base/timeutils.h"
@@ skipping 248 matching lines @@
       ssl_ctx_(NULL),
       custom_verification_succeeded_(false),
       ssl_mode_(SSL_MODE_TLS),
       ssl_max_version_(SSL_PROTOCOL_TLS_12) {}
 
 OpenSSLStreamAdapter::~OpenSSLStreamAdapter() {
   Cleanup();
 }
 
 void OpenSSLStreamAdapter::SetIdentity(SSLIdentity* identity) {
-  ASSERT(!identity_);
+  RTC_DCHECK(!identity_);
   identity_.reset(static_cast<OpenSSLIdentity*>(identity));
 }
 
 void OpenSSLStreamAdapter::SetServerRole(SSLRole role) {
   role_ = role;
 }
 
 std::unique_ptr<SSLCertificate> OpenSSLStreamAdapter::GetPeerCertificate()
     const {
   return peer_certificate_ ? std::unique_ptr<SSLCertificate>(
                                  peer_certificate_->GetReference())
                            : nullptr;
 }
 
 bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string
                                                     &digest_alg,
                                                     const unsigned char*
                                                     digest_val,
                                                     size_t digest_len) {
-  ASSERT(!peer_certificate_);
-  ASSERT(peer_certificate_digest_algorithm_.size() == 0);
-  ASSERT(ssl_server_name_.empty());
+  RTC_DCHECK(!peer_certificate_verified_);
+  RTC_DCHECK(!have_peer_certificate_digest());
+  RTC_DCHECK(!verify_certificate_using_server_name());
   size_t expected_len;
 
   if (!OpenSSLDigest::GetDigestSize(digest_alg, &expected_len)) {
     LOG(LS_WARNING) << "Unknown digest algorithm: " << digest_alg;
     return false;
   }
-  if (expected_len != digest_len)
+  if (expected_len != digest_len) {
     return false;
+  }
 
   peer_certificate_digest_value_.SetData(digest_val, digest_len);
   peer_certificate_digest_algorithm_ = digest_alg;
 
+  if (!peer_certificate_) {
+    // Normal case, where the digest is set before we obtain the certificate
+    // from the handshake.
+    return true;
+  }
+
+  if (!VerifyPeerCertificate()) {
+    Error("SetPeerCertificateDigest", -1, false);
+    return false;

[pthatcher1, 2016/07/27 19:32:35]

This would cause SetRemoteDescription to fail based upon whether or not the
handshake has completed.  That seems like a problem.  Wouldn't instead we want
SetRemoteDescription to succeed, but have the transport go into a failed state?

[Taylor Brandstetter, 2016/08/13 00:09:53]

I think you meant for this comment to be in DtlsTransportChannel? But yes I
agree that having variable results from SetRemoteDescription depending on timing
is something applications won't expect (and isn't mentioned by JSEP). I'll fix
this and update the test.

+  }
+
+  if (state_ == SSL_CONNECTED) {
+    // Post event to unwind stack. Caller may not be expecting this event
+    // to occur synchronously.
+    PostEvent(SE_OPEN | SE_READ | SE_WRITE, 0);

[pthatcher1, 2016/07/27 19:32:35]

It's not very clear what's going on here.  It appears that ContinueSSL(), which
sets the state_ = SSL_CONNECTED sets the state of the adapter to
open/read/write, but synchronously, but that would be bad for some callers of
SetPeerCertificateDigest, so we post an even that amounts to "call ContinueSSL()
later".   Is that accurate?  If so, can you make that a little more clear?

[Taylor Brandstetter, 2016/08/13 00:09:53]

ContinueSSL should have been posting the event asynchronously as well. It's just
a bug no one noticed (until you did, thanks) and happened to not have any
consequences. Fixed now.

+  }
+
   return true;
 }
 
 std::string OpenSSLStreamAdapter::SslCipherSuiteToName(int cipher_suite) {
 #ifdef OPENSSL_IS_BORINGSSL
   const SSL_CIPHER* ssl_cipher = SSL_get_cipher_by_value(cipher_suite);
   if (!ssl_cipher) {
     return std::string();
   }
   char* cipher_name = SSL_CIPHER_get_rfc_name(ssl_cipher);
@@ skipping 102 matching lines @@
 
   srtp_ciphers_ = internal_ciphers;
   return true;
 #else
   return false;
 #endif
 }
 
 bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
 #ifdef HAVE_DTLS_SRTP
-  ASSERT(state_ == SSL_CONNECTED);
+  RTC_DCHECK(state_ == SSL_CONNECTED);
   if (state_ != SSL_CONNECTED)
     return false;
 
   const SRTP_PROTECTION_PROFILE *srtp_profile =
       SSL_get_selected_srtp_profile(ssl_);
 
   if (!srtp_profile)
     return false;
 
   *crypto_suite = srtp_profile->id;
-  ASSERT(!SrtpCryptoSuiteToName(*crypto_suite).empty());
+  RTC_DCHECK(!SrtpCryptoSuiteToName(*crypto_suite).empty());
   return true;
 #else
   return false;
 #endif
 }
 
 int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) {
-  ASSERT(server_name != NULL && server_name[0] != '\0');
+  if (state_ != SSL_NONE) {
+    // Don't allow StartSSL to be called twice.
+    return -1;
+  }
+  RTC_DCHECK(server_name != NULL && server_name[0] != '\0');
   ssl_server_name_ = server_name;
   return StartSSL();
 }
 
 int OpenSSLStreamAdapter::StartSSLWithPeer() {
-  ASSERT(ssl_server_name_.empty());
+  if (state_ != SSL_NONE) {
+    // Don't allow StartSSL to be called twice.
+    return -1;
+  }
+  RTC_DCHECK(ssl_server_name_.empty());
   // It is permitted to specify peer_certificate_ only later.
   return StartSSL();
 }
 
 void OpenSSLStreamAdapter::SetMode(SSLMode mode) {
-  ASSERT(state_ == SSL_NONE);
+  RTC_DCHECK(state_ == SSL_NONE);
   ssl_mode_ = mode;
 }
 
 void OpenSSLStreamAdapter::SetMaxProtocolVersion(SSLProtocolVersion version) {
-  ASSERT(ssl_ctx_ == NULL);
+  RTC_DCHECK(ssl_ctx_ == NULL);
   ssl_max_version_ = version;
 }
 
 //
 // StreamInterface Implementation
 //
 
 StreamResult OpenSSLStreamAdapter::Write(const void* data, size_t data_len,
                                          size_t* written, int* error) {
   LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::Write(" << data_len << ")";
 
   switch (state_) {
   case SSL_NONE:
     // pass-through in clear text
     return StreamAdapterInterface::Write(data, data_len, written, error);
 
   case SSL_WAIT:
   case SSL_CONNECTING:
     return SR_BLOCK;
 
   case SSL_CONNECTED:
+    if (waiting_to_verify_client_cert()) {
+      return SR_BLOCK;
+    }
     break;
 
   case SSL_ERROR:
   case SSL_CLOSED:
   default:
     if (error)
       *error = ssl_error_code_;
     return SR_ERROR;
   }
 
   // OpenSSL will return an error if we try to write zero bytes
   if (data_len == 0) {
     if (written)
       *written = 0;
     return SR_SUCCESS;
   }
 
   ssl_write_needs_read_ = false;
 
   int code = SSL_write(ssl_, data, checked_cast<int>(data_len));
   int ssl_error = SSL_get_error(ssl_, code);
   switch (ssl_error) {
   case SSL_ERROR_NONE:
     LOG(LS_VERBOSE) << " -- success";
-    ASSERT(0 < code && static_cast<unsigned>(code) <= data_len);
+    RTC_DCHECK(0 < code && static_cast<unsigned>(code) <= data_len);
     if (written)
       *written = code;
     return SR_SUCCESS;
   case SSL_ERROR_WANT_READ:
     LOG(LS_VERBOSE) << " -- error want read";
     ssl_write_needs_read_ = true;
     return SR_BLOCK;
   case SSL_ERROR_WANT_WRITE:
     LOG(LS_VERBOSE) << " -- error want write";
     return SR_BLOCK;
@@ skipping 14 matching lines @@
   switch (state_) {
     case SSL_NONE:
       // pass-through in clear text
       return StreamAdapterInterface::Read(data, data_len, read, error);
 
     case SSL_WAIT:
     case SSL_CONNECTING:
       return SR_BLOCK;
 
     case SSL_CONNECTED:
+      if (waiting_to_verify_client_cert()) {
+        return SR_BLOCK;
+      }
       break;
 
     case SSL_CLOSED:
       return SR_EOS;
 
     case SSL_ERROR:
     default:
       if (error)
         *error = ssl_error_code_;
       return SR_ERROR;
   }
 
   // Don't trust OpenSSL with zero byte reads
   if (data_len == 0) {
     if (read)
       *read = 0;
     return SR_SUCCESS;
   }
 
   ssl_read_needs_write_ = false;
 
   int code = SSL_read(ssl_, data, checked_cast<int>(data_len));
   int ssl_error = SSL_get_error(ssl_, code);
   switch (ssl_error) {
     case SSL_ERROR_NONE:
       LOG(LS_VERBOSE) << " -- success";
-      ASSERT(0 < code && static_cast<unsigned>(code) <= data_len);
+      RTC_DCHECK(0 < code && static_cast<unsigned>(code) <= data_len);
       if (read)
         *read = code;
 
       if (ssl_mode_ == SSL_MODE_DTLS) {
         // Enforce atomic reads -- this is a short read
         unsigned int pending = SSL_pending(ssl_);
 
         if (pending) {
           LOG(LS_INFO) << " -- short DTLS read. flushing";
           FlushInput(pending);
@@ skipping 30 matching lines @@
 
 void OpenSSLStreamAdapter::FlushInput(unsigned int left) {
   unsigned char buf[2048];
 
   while (left) {
     // This should always succeed
     int toread = (sizeof(buf) < left) ? sizeof(buf) : left;
     int code = SSL_read(ssl_, buf, toread);
 
     int ssl_error = SSL_get_error(ssl_, code);
-    ASSERT(ssl_error == SSL_ERROR_NONE);
+    RTC_DCHECK(ssl_error == SSL_ERROR_NONE);
 
     if (ssl_error != SSL_ERROR_NONE) {
       LOG(LS_VERBOSE) << " -- error " << code;
       Error("SSL_read", (ssl_error ? ssl_error : -1), false);
       return;
     }
 
     LOG(LS_VERBOSE) << " -- flushed " << code << " bytes";
     left -= code;
   }
 }
 
 void OpenSSLStreamAdapter::Close() {
   Cleanup();
-  ASSERT(state_ == SSL_CLOSED || state_ == SSL_ERROR);
+  RTC_DCHECK(state_ == SSL_CLOSED || state_ == SSL_ERROR);
   StreamAdapterInterface::Close();
 }
 
 StreamState OpenSSLStreamAdapter::GetState() const {
   switch (state_) {
     case SSL_WAIT:
     case SSL_CONNECTING:
       return SS_OPENING;
     case SSL_CONNECTED:
+      if (waiting_to_verify_client_cert()) {
+        return SS_OPENING;
+      }
       return SS_OPEN;
     default:
       return SS_CLOSED;
   };
   // not reached
 }
 
 void OpenSSLStreamAdapter::OnEvent(StreamInterface* stream, int events,
                                    int err) {
   int events_to_signal = 0;
   int signal_error = 0;
-  ASSERT(stream == this->stream());
+  RTC_DCHECK(stream == this->stream());
   if ((events & SE_OPEN)) {
     LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent SE_OPEN";
     if (state_ != SSL_WAIT) {
-      ASSERT(state_ == SSL_NONE);
+      RTC_DCHECK(state_ == SSL_NONE);
       events_to_signal |= SE_OPEN;
     } else {
       state_ = SSL_CONNECTING;
       if (int err = BeginSSL()) {
         Error("BeginSSL", err, true);
         return;
       }
     }
   }
   if ((events & (SE_READ|SE_WRITE))) {
@@ skipping 18 matching lines @@
         LOG(LS_VERBOSE) << " -- onStreamReadable";
         events_to_signal |= SE_READ;
       }
     }
   }
   if ((events & SE_CLOSE)) {
     LOG(LS_VERBOSE) << "OpenSSLStreamAdapter::OnEvent(SE_CLOSE, " << err << ")";
     Cleanup();
     events_to_signal |= SE_CLOSE;
     // SE_CLOSE is the only event that uses the final parameter to OnEvent().
-    ASSERT(signal_error == 0);
+    RTC_DCHECK(signal_error == 0);
     signal_error = err;
   }
   if (events_to_signal)
     StreamAdapterInterface::OnEvent(stream, events_to_signal, signal_error);
 }
 
 int OpenSSLStreamAdapter::StartSSL() {
-  ASSERT(state_ == SSL_NONE);
+  RTC_DCHECK(state_ == SSL_NONE);
 
   if (StreamAdapterInterface::GetState() != SS_OPEN) {
     state_ = SSL_WAIT;
     return 0;
   }
 
   state_ = SSL_CONNECTING;
   if (int err = BeginSSL()) {
     Error("BeginSSL", err, false);
     return err;
   }
 
   return 0;
 }
 
 int OpenSSLStreamAdapter::BeginSSL() {
-  ASSERT(state_ == SSL_CONNECTING);
-  // The underlying stream has open. If we are in peer-to-peer mode
-  // then a peer certificate must have been specified by now.
-  ASSERT(!ssl_server_name_.empty() ||
-         !peer_certificate_digest_algorithm_.empty());
+  RTC_DCHECK(state_ == SSL_CONNECTING);
+  // At this point, we should have selected one (and only one) way of
+  // validating the peer's certificate.
+  RTC_DCHECK(verify_certificate_using_server_name() !=
+             verify_certificate_using_peer_digest());

[pthatcher1, 2016/07/27 19:32:35]

Doesn't this equate to the following?

RTC_DCHECK(!ssl_server_name_.empty() != ssl_server_name_.empty());


That doesn't seem like a useful DCHECK.  Or am I missing something?

[Taylor Brandstetter, 2016/08/13 00:09:53]

This checks that one and only one "mode" has been determined. Of course, right
now the DCHECK will always pass. The point of DCHECKS isn't to validate the
external inputs of a class, but to enforce and document implicit assumptions,
both now and into the future. If we later changed the implementation of
"verify_certificate_using_*", and this assumption no longer held, this DCHECK
would catch the problem early.

Of course, this is invalidated now that StartSSLWithServer is gone. But I
thought I'd explain the reasoning.

   LOG(LS_INFO) << "BeginSSL: "
-               << (!ssl_server_name_.empty() ? ssl_server_name_ :
-                                               "with peer");
+               << (verify_certificate_using_server_name() ? ssl_server_name_

[pthatcher1, 2016/07/27 19:32:35]

We already verified the state_, so why not just use "in_peer_mode" here?

[Taylor Brandstetter, 2016/08/13 00:09:53]

I don't know what you mean. I'm using "verify_certificate_using_server_name()"
which is equivalent to "!in_peer_mode()".

+                                                          : "with peer");
 
   BIO* bio = NULL;
 
   // First set up the context
-  ASSERT(ssl_ctx_ == NULL);
+  RTC_DCHECK(ssl_ctx_ == NULL);
   ssl_ctx_ = SetupSSLContext();
   if (!ssl_ctx_)
     return -1;
 
   bio = BIO_new_stream(static_cast<StreamInterface*>(stream()));
   if (!bio)
     return -1;
 
   ssl_ = SSL_new(ssl_ctx_);
   if (!ssl_) {
@@ skipping 33 matching lines @@
   SSL_set_tmp_ecdh(ssl_, ecdh);
   EC_KEY_free(ecdh);
 #endif
 
   // Do the connect
   return ContinueSSL();
 }
 
 int OpenSSLStreamAdapter::ContinueSSL() {
   LOG(LS_VERBOSE) << "ContinueSSL";
-  ASSERT(state_ == SSL_CONNECTING);
+  RTC_DCHECK(state_ == SSL_CONNECTING);
 
   // Clear the DTLS timer
   Thread::Current()->Clear(this, MSG_TIMEOUT);
 
   int code = (role_ == SSL_CLIENT) ? SSL_connect(ssl_) : SSL_accept(ssl_);
   int ssl_error;
   switch (ssl_error = SSL_get_error(ssl_, code)) {
     case SSL_ERROR_NONE:
       LOG(LS_VERBOSE) << " -- success";
 
-      if (!SSLPostConnectionCheck(ssl_, ssl_server_name_.c_str(), NULL,
-                                  peer_certificate_digest_algorithm_)) {
+      if (!SSLPostConnectionCheck()) {
         LOG(LS_ERROR) << "TLS post connection check failed";
         return -1;
       }
 
       state_ = SSL_CONNECTED;
-      StreamAdapterInterface::OnEvent(stream(), SE_OPEN|SE_READ|SE_WRITE, 0);
+      if (!waiting_to_verify_client_cert()) {
+        // We have everything we need to start the connection, so signal
+        // SE_OPEN. If we need a client certificate fingerprint and don't have
+        // it yet, we'll instead signal SE_OPEN in SetPeerCertificateDigest.
+        StreamAdapterInterface::OnEvent(stream(), SE_OPEN | SE_READ | SE_WRITE,
+                                        0);
+      }
       break;
 
     case SSL_ERROR_WANT_READ: {
         LOG(LS_VERBOSE) << " -- error want read";
         struct timeval timeout;
         if (DTLSv1_get_timeout(ssl_, &timeout)) {
           int delay = timeout.tv_sec * 1000 + timeout.tv_usec/1000;
 
           Thread::Current()->PostDelayed(RTC_FROM_HERE, delay, this,
                                          MSG_TIMEOUT, 0);
@@ skipping 189 matching lines @@
     if (SSL_CTX_set_tlsext_use_srtp(ctx, srtp_ciphers_.c_str())) {
       SSL_CTX_free(ctx);
       return NULL;
     }
   }
 #endif
 
   return ctx;
 }
 
-int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
-  // Get our SSL structure from the store
-  SSL* ssl = reinterpret_cast<SSL*>(X509_STORE_CTX_get_ex_data(
-                                        store,
-                                        SSL_get_ex_data_X509_STORE_CTX_idx()));
-  OpenSSLStreamAdapter* stream =
-    reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));
-
-  if (stream->peer_certificate_digest_algorithm_.empty()) {
-    return 0;
-  }
-  X509* cert = X509_STORE_CTX_get_current_cert(store);
-  int depth = X509_STORE_CTX_get_error_depth(store);
-
-  // For now We ignore the parent certificates and verify the leaf against
-  // the digest.
-  //
-  // TODO(jiayl): Verify the chain is a proper chain and report the chain to
-  // |stream->peer_certificate_|.
-  if (depth > 0) {
-    LOG(LS_INFO) << "Ignored chained certificate at depth " << depth;
-    return 1;
+bool OpenSSLStreamAdapter::VerifyPeerCertificate() {
+  if (!have_peer_certificate_digest() || !peer_certificate_) {
+    LOG(LS_WARNING) << "Missing digest or peer certificate.";
+    return false;
   }
 
   unsigned char digest[EVP_MAX_MD_SIZE];
   size_t digest_length;
   if (!OpenSSLCertificate::ComputeDigest(
-           cert,
-           stream->peer_certificate_digest_algorithm_,
-           digest, sizeof(digest),
-           &digest_length)) {
+          peer_certificate_->x509(), peer_certificate_digest_algorithm_, digest,
+          sizeof(digest), &digest_length)) {
     LOG(LS_WARNING) << "Failed to compute peer cert digest.";
-    return 0;
+    return false;
   }
 
   Buffer computed_digest(digest, digest_length);
-  if (computed_digest != stream->peer_certificate_digest_value_) {
+  if (computed_digest != peer_certificate_digest_value_) {
     LOG(LS_WARNING) << "Rejected peer certificate due to mismatched digest.";
     return 0;
   }
   // Ignore any verification error if the digest matches, since there is no
   // value in checking the validity of a self-signed cert issued by untrusted
   // sources.
   LOG(LS_INFO) << "Accepted peer certificate.";
+  peer_certificate_verified_ = true;
+  return true;
+}
+
+int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
+  // Get our SSL structure from the store
+  SSL* ssl = reinterpret_cast<SSL*>(
+      X509_STORE_CTX_get_ex_data(store, SSL_get_ex_data_X509_STORE_CTX_idx()));
+  X509* cert = X509_STORE_CTX_get_current_cert(store);
+  int depth = X509_STORE_CTX_get_error_depth(store);
+
+  // For now we ignore the parent certificates and verify the leaf against
+  // the digest.
+  //
+  // TODO(jiayl): Verify the chain is a proper chain and report the chain to
+  // |stream->peer_certificate_|.
+  if (depth > 0) {
+    LOG(LS_INFO) << "Ignored chained certificate at depth " << depth;
+    return 1;
+  }
+
+  OpenSSLStreamAdapter* stream =
+      reinterpret_cast<OpenSSLStreamAdapter*>(SSL_get_app_data(ssl));
 
   // Record the peer's certificate.
   stream->peer_certificate_.reset(new OpenSSLCertificate(cert));
-  return 1;
+
+  // If the peer certificate digest isn't known yet, we'll wait to verify
+  // until it's known, and for now just return a success status.
+  if (stream->peer_certificate_digest_algorithm_.empty()) {
+    LOG(LS_INFO) << "Waiting to verify certificate until digest is known.";
+    return 1;
+  }
+
+  return stream->VerifyPeerCertificate();
 }
 
 // This code is taken from the "Network Security with OpenSSL"
 // sample in chapter 5
-bool OpenSSLStreamAdapter::SSLPostConnectionCheck(SSL* ssl,
-                                                  const char* server_name,
-                                                  const X509* peer_cert,
-                                                  const std::string
-                                                  &peer_digest) {
-  ASSERT(server_name != NULL);
+bool OpenSSLStreamAdapter::SSLPostConnectionCheck() {
   bool ok;
-  if (server_name[0] != '\0') {  // traditional mode
-    ok = OpenSSLAdapter::VerifyServerName(ssl, server_name, ignore_bad_cert());
+  if (verify_certificate_using_server_name()) {
+    RTC_DCHECK(!ssl_server_name_.empty());
+    ok = OpenSSLAdapter::VerifyServerName(ssl_, ssl_server_name_.c_str(),
+                                          ignore_bad_cert());
 
     if (ok) {
-      ok = (SSL_get_verify_result(ssl) == X509_V_OK ||
+      ok = (SSL_get_verify_result(ssl_) == X509_V_OK ||
             custom_verification_succeeded_);
     }
-  } else {  // peer-to-peer mode
-    ASSERT((peer_cert != NULL) || (!peer_digest.empty()));
+  } else {
+    RTC_DCHECK(verify_certificate_using_peer_digest());
     // no server name validation
-    ok = true;
+    ok = peer_certificate_ || !client_auth_enabled();
   }
 
   if (!ok && ignore_bad_cert()) {
-    LOG(LS_ERROR) << "SSL_get_verify_result(ssl) = "
-                  << SSL_get_verify_result(ssl);
+    LOG(LS_ERROR) << "SSL_get_verify_result(ssl_) = "
+                  << SSL_get_verify_result(ssl_);
     LOG(LS_INFO) << "Other TLS post connection checks failed.";
     ok = true;
   }
 
   return ok;
 }
 
 bool OpenSSLStreamAdapter::HaveDtls() {
   return true;
 }
@@ skipping 89 matching lines @@
         return true;
     }
   }
 
   return false;
 }
 
 }  // namespace rtc
 
 #endif  // HAVE_OPENSSL_SSL_H