Chromium Code Reviews Chromium Code Reviews
Issue 2204883004:
Remove StartSSLWithServer from SSLStreamAdapter. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master| Index: webrtc/base/opensslstreamadapter.cc |
| diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc |
| index e04eb04d67c8d05eee38938f406484ccbe5d5247..146d3d50cb663f223c891e5bc873b9cb9466b754 100644 |
| --- a/webrtc/base/opensslstreamadapter.cc |
| +++ b/webrtc/base/opensslstreamadapter.cc |
| @@ -315,7 +315,6 @@ bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string |
| size_t digest_len) { |
| ASSERT(!peer_certificate_); |
| ASSERT(peer_certificate_digest_algorithm_.size() == 0); |
| - ASSERT(ssl_server_name_.empty()); |
| size_t expected_len; |
| if (!OpenSSLDigest::GetDigestSize(digest_alg, &expected_len)) { |
| @@ -468,16 +467,21 @@ bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) { |
| #endif |
| } |
| -int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) { |
| - ASSERT(server_name != NULL && server_name[0] != '\0'); |
| - ssl_server_name_ = server_name; |
| - return StartSSL(); |
| -} |
| +int OpenSSLStreamAdapter::StartSSL() { |
| + ASSERT(state_ == SSL_NONE); |
| + |
| + if (StreamAdapterInterface::GetState() != SS_OPEN) { |
| + state_ = SSL_WAIT; |
| + return 0; |
| + } |
| -int OpenSSLStreamAdapter::StartSSLWithPeer() { |
| - ASSERT(ssl_server_name_.empty()); |
| - // It is permitted to specify peer_certificate_ only later. |
| - return StartSSL(); |
| + state_ = SSL_CONNECTING; |
| + if (int err = BeginSSL()) { |
| + Error("BeginSSL", err, false); |
| + return err; |
| + } |
| + |
| + return 0; |
| } |
| void OpenSSLStreamAdapter::SetMode(SSLMode mode) { |
| @@ -730,36 +734,16 @@ void OpenSSLStreamAdapter::OnEvent(StreamInterface* stream, int events, |
| StreamAdapterInterface::OnEvent(stream, events_to_signal, signal_error); |
| } |
| -int OpenSSLStreamAdapter::StartSSL() { |
| - ASSERT(state_ == SSL_NONE); |
| - |
| - if (StreamAdapterInterface::GetState() != SS_OPEN) { |
| - state_ = SSL_WAIT; |
| - return 0; |
| - } |
| - |
| - state_ = SSL_CONNECTING; |
| - if (int err = BeginSSL()) { |
| - Error("BeginSSL", err, false); |
| - return err; |
| - } |
| - |
| - return 0; |
| -} |
| - |
| int OpenSSLStreamAdapter::BeginSSL() { |
| ASSERT(state_ == SSL_CONNECTING); |
| - // The underlying stream has open. If we are in peer-to-peer mode |
| - // then a peer certificate must have been specified by now. |
| - ASSERT(!ssl_server_name_.empty() || |
| - !peer_certificate_digest_algorithm_.empty()); |
| - LOG(LS_INFO) << "BeginSSL: " |
| - << (!ssl_server_name_.empty() ? ssl_server_name_ : |
| - "with peer"); |
| + // The underlying stream has opened. |
| + // A peer certificate digest must have been specified by now. |
| + ASSERT(!peer_certificate_digest_algorithm_.empty()); |
| + LOG(LS_INFO) << "BeginSSL with peer."; |
| BIO* bio = NULL; |
| - // First set up the context |
| + // First set up the context. |
| ASSERT(ssl_ctx_ == NULL); |
| ssl_ctx_ = SetupSSLContext(); |
| if (!ssl_ctx_) |
| @@ -825,7 +809,7 @@ int OpenSSLStreamAdapter::ContinueSSL() { |
| case SSL_ERROR_NONE: |
| LOG(LS_VERBOSE) << " -- success"; |
| - if (!SSLPostConnectionCheck(ssl_, ssl_server_name_.c_str(), NULL, |
| + if (!SSLPostConnectionCheck(ssl_, NULL, |
| peer_certificate_digest_algorithm_)) { |
| LOG(LS_ERROR) << "TLS post connection check failed"; |
| return -1; |
| @@ -1092,36 +1076,12 @@ int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) { |
| return 1; |
| } |
| -// This code is taken from the "Network Security with OpenSSL" |
| -// sample in chapter 5 |
| bool OpenSSLStreamAdapter::SSLPostConnectionCheck(SSL* ssl, |
| - const char* server_name, |
| const X509* peer_cert, |
| const std::string |
| &peer_digest) { |
| - ASSERT(server_name != NULL); |
| - bool ok; |
| - if (server_name[0] != '\0') { // traditional mode |
| - ok = OpenSSLAdapter::VerifyServerName(ssl, server_name, ignore_bad_cert()); |
| - |
| - if (ok) { |
| - ok = (SSL_get_verify_result(ssl) == X509_V_OK || |
| - custom_verification_succeeded_); |
| - } |
| - } else { // peer-to-peer mode |
| - ASSERT((peer_cert != NULL) || (!peer_digest.empty())); |
| - // no server name validation |
| - ok = true; |
| - } |
| - |
| - if (!ok && ignore_bad_cert()) { |
| - LOG(LS_ERROR) << "SSL_get_verify_result(ssl) = " |
| - << SSL_get_verify_result(ssl); |
| - LOG(LS_INFO) << "Other TLS post connection checks failed."; |
| - ok = true; |
| - } |
| - |
| - return ok; |
| + ASSERT((peer_cert != NULL) || (!peer_digest.empty())); |
| + return true; |
|
Taylor Brandstetter
2016/08/02 20:27:45
I'll modify the logic in this method in the other
|
| } |
| bool OpenSSLStreamAdapter::HaveDtls() { |
