Chromium Code Reviews Chromium Code Reviews
Issue 2167363002:
Log how often DTLS negotiation failed because of incompatible ciphersuites. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 76 // Errors for Read -- in the high range so no conflict with OpenSSL. | 76 // Errors for Read -- in the high range so no conflict with OpenSSL. |
| 77 enum { SSE_MSG_TRUNC = 0xff0001 }; | 77 enum { SSE_MSG_TRUNC = 0xff0001 }; |
| 78 | 78 |
| 79 class SSLStreamAdapter : public StreamAdapterInterface { | 79 class SSLStreamAdapter : public StreamAdapterInterface { |
| 80 public: | 80 public: |
| 81 // Instantiate an SSLStreamAdapter wrapping the given stream, | 81 // Instantiate an SSLStreamAdapter wrapping the given stream, |
| 82 // (using the selected implementation for the platform). | 82 // (using the selected implementation for the platform). |
| 83 // Caller is responsible for freeing the returned object. | 83 // Caller is responsible for freeing the returned object. |
| 84 static SSLStreamAdapter* Create(StreamInterface* stream); | 84 static SSLStreamAdapter* Create(StreamInterface* stream); |
| 85 | 85 |
| 86 explicit SSLStreamAdapter(StreamInterface* stream) | 86 explicit SSLStreamAdapter(StreamInterface* stream); |
| 87 : StreamAdapterInterface(stream), ignore_bad_cert_(false), | 87 ~SSLStreamAdapter() override; |
| 88 client_auth_enabled_(true) { } | |
| 89 | 88 |
| 90 void set_ignore_bad_cert(bool ignore) { ignore_bad_cert_ = ignore; } | 89 void set_ignore_bad_cert(bool ignore) { ignore_bad_cert_ = ignore; } |
| 91 bool ignore_bad_cert() const { return ignore_bad_cert_; } | 90 bool ignore_bad_cert() const { return ignore_bad_cert_; } |
| 92 | 91 |
| 93 void set_client_auth_enabled(bool enabled) { client_auth_enabled_ = enabled; } | 92 void set_client_auth_enabled(bool enabled) { client_auth_enabled_ = enabled; } |
| 94 bool client_auth_enabled() const { return client_auth_enabled_; } | 93 bool client_auth_enabled() const { return client_auth_enabled_; } |
| 95 | 94 |
| 96 // Specify our SSL identity: key and certificate. Mostly this is | 95 // Specify our SSL identity: key and certificate. Mostly this is |
| 97 // only used in the peer-to-peer mode (unless we actually want to | 96 // only used in the peer-to-peer mode (unless we actually want to |
| 98 // provide a client certificate to a server). | 97 // provide a client certificate to a server). |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 200 // Returns true iff the supplied cipher is deemed to be strong. | 199 // Returns true iff the supplied cipher is deemed to be strong. |
| 201 // TODO(torbjorng): Consider removing the KeyType argument. | 200 // TODO(torbjorng): Consider removing the KeyType argument. |
| 202 static bool IsAcceptableCipher(int cipher, KeyType key_type); | 201 static bool IsAcceptableCipher(int cipher, KeyType key_type); |
| 203 static bool IsAcceptableCipher(const std::string& cipher, KeyType key_type); | 202 static bool IsAcceptableCipher(const std::string& cipher, KeyType key_type); |
| 204 | 203 |
| 205 // TODO(guoweis): Move this away from a static class method. Currently this is | 204 // TODO(guoweis): Move this away from a static class method. Currently this is |
| 206 // introduced such that any caller could depend on sslstreamadapter.h without | 205 // introduced such that any caller could depend on sslstreamadapter.h without |
| 207 // depending on specific SSL implementation. | 206 // depending on specific SSL implementation. |
| 208 static std::string SslCipherSuiteToName(int cipher_suite); | 207 static std::string SslCipherSuiteToName(int cipher_suite); |
| 209 | 208 |
| 209 sigslot::signal1<int> SignalSSLHandshakeError; | |
|
pthatcher1
2016/08/03 22:40:46
We should document what values will be in here. I
| |
| 210 | |
| 210 private: | 211 private: |
| 211 // If true, the server certificate need not match the configured | 212 // If true, the server certificate need not match the configured |
| 212 // server_name, and in fact missing certificate authority and other | 213 // server_name, and in fact missing certificate authority and other |
| 213 // verification errors are ignored. | 214 // verification errors are ignored. |
| 214 bool ignore_bad_cert_; | 215 bool ignore_bad_cert_; |
| 215 | 216 |
| 216 // If true (default), the client is required to provide a certificate during | 217 // If true (default), the client is required to provide a certificate during |
| 217 // handshake. If no certificate is given, handshake fails. This applies to | 218 // handshake. If no certificate is given, handshake fails. This applies to |
| 218 // server mode only. | 219 // server mode only. |
| 219 bool client_auth_enabled_; | 220 bool client_auth_enabled_; |
| 220 }; | 221 }; |
| 221 | 222 |
| 222 } // namespace rtc | 223 } // namespace rtc |
| 223 | 224 |
| 224 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 225 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
| OLD | NEW |
