| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 86 explicit SSLStreamAdapter(StreamInterface* stream) | 86 explicit SSLStreamAdapter(StreamInterface* stream) |
| 87 : StreamAdapterInterface(stream), ignore_bad_cert_(false), | 87 : StreamAdapterInterface(stream), ignore_bad_cert_(false), |
| 88 client_auth_enabled_(true) { } | 88 client_auth_enabled_(true) { } |
| 89 | 89 |
| 90 void set_ignore_bad_cert(bool ignore) { ignore_bad_cert_ = ignore; } | 90 void set_ignore_bad_cert(bool ignore) { ignore_bad_cert_ = ignore; } |
| 91 bool ignore_bad_cert() const { return ignore_bad_cert_; } | 91 bool ignore_bad_cert() const { return ignore_bad_cert_; } |
| 92 | 92 |
| 93 void set_client_auth_enabled(bool enabled) { client_auth_enabled_ = enabled; } | 93 void set_client_auth_enabled(bool enabled) { client_auth_enabled_ = enabled; } |
| 94 bool client_auth_enabled() const { return client_auth_enabled_; } | 94 bool client_auth_enabled() const { return client_auth_enabled_; } |
| 95 | 95 |
| 96 // Specify our SSL identity: key and certificate. Mostly this is | 96 // Specify our SSL identity: key and certificate. SSLStream takes ownership |
| 97 // only used in the peer-to-peer mode (unless we actually want to | 97 // of the SSLIdentity object and will free it when appropriate. Should be |
| 98 // provide a client certificate to a server). | 98 // called no more than once on a given SSLStream instance. |
| 99 // SSLStream takes ownership of the SSLIdentity object and will | |
| 100 // free it when appropriate. Should be called no more than once on a | |
| 101 // given SSLStream instance. | |
| 102 virtual void SetIdentity(SSLIdentity* identity) = 0; | 99 virtual void SetIdentity(SSLIdentity* identity) = 0; |
| 103 | 100 |
| 104 // Call this to indicate that we are to play the server's role in | 101 // Call this to indicate that we are to play the server role (or client role, |
| 105 // the peer-to-peer mode. | 102 // if the default argument is replaced by SSL_CLIENT). |
| 106 // The default argument is for backward compatibility | 103 // The default argument is for backward compatibility. |
| 107 // TODO(ekr@rtfm.com): rename this SetRole to reflect its new function | 104 // TODO(ekr@rtfm.com): rename this SetRole to reflect its new function |
| 108 virtual void SetServerRole(SSLRole role = SSL_SERVER) = 0; | 105 virtual void SetServerRole(SSLRole role = SSL_SERVER) = 0; |
| 109 | 106 |
| 110 // Do DTLS or TLS | 107 // Do DTLS or TLS. |
| 111 virtual void SetMode(SSLMode mode) = 0; | 108 virtual void SetMode(SSLMode mode) = 0; |
| 112 | 109 |
| 113 // Set maximum supported protocol version. The highest version supported by | 110 // Set maximum supported protocol version. The highest version supported by |
| 114 // both ends will be used for the connection, i.e. if one party supports | 111 // both ends will be used for the connection, i.e. if one party supports |
| 115 // DTLS 1.0 and the other DTLS 1.2, DTLS 1.0 will be used. | 112 // DTLS 1.0 and the other DTLS 1.2, DTLS 1.0 will be used. |
| 116 // If requested version is not supported by underlying crypto library, the | 113 // If requested version is not supported by underlying crypto library, the |
| 117 // next lower will be used. | 114 // next lower will be used. |
| 118 virtual void SetMaxProtocolVersion(SSLProtocolVersion version) = 0; | 115 virtual void SetMaxProtocolVersion(SSLProtocolVersion version) = 0; |
| 119 | 116 |
| 120 // The mode of operation is selected by calling either | 117 // StartSSL starts negotiation with a peer, whose certificate is verified |
| 121 // StartSSLWithServer or StartSSLWithPeer. | 118 // using the certificate digest. Generally, SetIdentity() and possibly |
| 122 // Use of the stream prior to calling either of these functions will | 119 // SetServerRole() should have been called before this. |
| 123 // pass data in clear text. | 120 // SetPeerCertificateDigest() must also be called. It may be called after |
| 124 // Calling one of these functions causes SSL negotiation to begin as | 121 // StartSSLWithPeer() but must be called before the underlying stream opens. |
| 125 // soon as possible: right away if the underlying wrapped stream is | |
| 126 // already opened, or else as soon as it opens. | |
| 127 // | 122 // |
| 128 // These functions return a negative error code on failure. | 123 // Use of the stream prior to calling StartSSL will pass data in clear text. |
| 129 // Returning 0 means success so far, but negotiation is probably not | 124 // Calling StartSSL causes SSL negotiation to begin as soon as possible: right |
| 130 // complete and will continue asynchronously. In that case, the | 125 // away if the underlying wrapped stream is already opened, or else as soon as |
| 131 // exposed stream will open after successful negotiation and | 126 // it opens. |
| 132 // verification, or an SE_CLOSE event will be raised if negotiation | 127 // |
| 133 // fails. | 128 // StartSSL returns a negative error code on failure. Returning 0 means |
| 129 // success so far, but negotiation is probably not complete and will continue |
| 130 // asynchronously. In that case, the exposed stream will open after |
| 131 // successful negotiation and verification, or an SE_CLOSE event will be |
| 132 // raised if negotiation fails. |
| 133 virtual int StartSSL() = 0; |
| 134 | 134 |
| 135 // StartSSLWithServer starts SSL negotiation with a server in | 135 // Specify the digest of the certificate that our peer is expected to use. |
| 136 // traditional mode. server_name specifies the expected server name | 136 // Only this certificate will be accepted during SSL verification. The |
| 137 // which the server's certificate needs to specify. | 137 // certificate is assumed to have been obtained through some other secure |
| 138 virtual int StartSSLWithServer(const char* server_name) = 0; | 138 // channel (such as the signaling channel). This must specify the terminal |
| 139 | 139 // certificate, not just a CA. SSLStream makes a copy of the digest value. |
| 140 // StartSSLWithPeer starts negotiation in the special peer-to-peer | |
| 141 // mode. | |
| 142 // Generally, SetIdentity() and possibly SetServerRole() should have | |
| 143 // been called before this. | |
| 144 // SetPeerCertificate() or SetPeerCertificateDigest() must also be called. | |
| 145 // It may be called after StartSSLWithPeer() but must be called before the | |
| 146 // underlying stream opens. | |
| 147 virtual int StartSSLWithPeer() = 0; | |
| 148 | |
| 149 // Specify the digest of the certificate that our peer is expected to use in | |
| 150 // peer-to-peer mode. Only this certificate will be accepted during | |
| 151 // SSL verification. The certificate is assumed to have been | |
| 152 // obtained through some other secure channel (such as the XMPP | |
| 153 // channel). Unlike SetPeerCertificate(), this must specify the | |
| 154 // terminal certificate, not just a CA. | |
| 155 // SSLStream makes a copy of the digest value. | |
| 156 virtual bool SetPeerCertificateDigest(const std::string& digest_alg, | 140 virtual bool SetPeerCertificateDigest(const std::string& digest_alg, |
| 157 const unsigned char* digest_val, | 141 const unsigned char* digest_val, |
| 158 size_t digest_len) = 0; | 142 size_t digest_len) = 0; |
| 159 | 143 |
| 160 // Retrieves the peer's X.509 certificate, if a connection has been | 144 // Retrieves the peer's X.509 certificate, if a connection has been |
| 161 // established. It returns the transmitted over SSL, including the entire | 145 // established. It returns the transmitted over SSL, including the entire |
| 162 // chain. | 146 // chain. |
| 163 virtual std::unique_ptr<SSLCertificate> GetPeerCertificate() const = 0; | 147 virtual std::unique_ptr<SSLCertificate> GetPeerCertificate() const = 0; |
| 164 | 148 |
| 165 // Retrieves the IANA registration id of the cipher suite used for the | 149 // Retrieves the IANA registration id of the cipher suite used for the |
| (...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 215 | 199 |
| 216 // If true (default), the client is required to provide a certificate during | 200 // If true (default), the client is required to provide a certificate during |
| 217 // handshake. If no certificate is given, handshake fails. This applies to | 201 // handshake. If no certificate is given, handshake fails. This applies to |
| 218 // server mode only. | 202 // server mode only. |
| 219 bool client_auth_enabled_; | 203 bool client_auth_enabled_; |
| 220 }; | 204 }; |
| 221 | 205 |
| 222 } // namespace rtc | 206 } // namespace rtc |
| 223 | 207 |
| 224 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ | 208 #endif // WEBRTC_BASE_SSLSTREAMADAPTER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2204883004:
Remove StartSSLWithServer from SSLStreamAdapter. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master