Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1001)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: webrtc/base/opensslstreamadapter.cc

Issue 2204883004: Remove StartSSLWithServer from SSLStreamAdapter. (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Removing unused variable. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « webrtc/base/opensslstreamadapter.h ('k') | webrtc/base/ssladapter_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/base/opensslstreamadapter.cc
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index e04eb04d67c8d05eee38938f406484ccbe5d5247..ddf03c084f779faf3874c995981c58f55603adbd 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -284,7 +284,6 @@ OpenSSLStreamAdapter::OpenSSLStreamAdapter(StreamInterface* stream)
ssl_write_needs_read_(false),
ssl_(NULL),
ssl_ctx_(NULL),
- custom_verification_succeeded_(false),
ssl_mode_(SSL_MODE_TLS),
ssl_max_version_(SSL_PROTOCOL_TLS_12) {}
@@ -315,7 +314,6 @@ bool OpenSSLStreamAdapter::SetPeerCertificateDigest(const std::string
size_t digest_len) {
ASSERT(!peer_certificate_);
ASSERT(peer_certificate_digest_algorithm_.size() == 0);
- ASSERT(ssl_server_name_.empty());
size_t expected_len;
if (!OpenSSLDigest::GetDigestSize(digest_alg, &expected_len)) {
@@ -468,16 +466,21 @@ bool OpenSSLStreamAdapter::GetDtlsSrtpCryptoSuite(int* crypto_suite) {
#endif
}
-int OpenSSLStreamAdapter::StartSSLWithServer(const char* server_name) {
- ASSERT(server_name != NULL && server_name[0] != '\0');
- ssl_server_name_ = server_name;
- return StartSSL();
-}
+int OpenSSLStreamAdapter::StartSSL() {
+ ASSERT(state_ == SSL_NONE);
+
+ if (StreamAdapterInterface::GetState() != SS_OPEN) {
+ state_ = SSL_WAIT;
+ return 0;
+ }
-int OpenSSLStreamAdapter::StartSSLWithPeer() {
- ASSERT(ssl_server_name_.empty());
- // It is permitted to specify peer_certificate_ only later.
- return StartSSL();
+ state_ = SSL_CONNECTING;
+ if (int err = BeginSSL()) {
+ Error("BeginSSL", err, false);
+ return err;
+ }
+
+ return 0;
}
void OpenSSLStreamAdapter::SetMode(SSLMode mode) {
@@ -730,36 +733,16 @@ void OpenSSLStreamAdapter::OnEvent(StreamInterface* stream, int events,
StreamAdapterInterface::OnEvent(stream, events_to_signal, signal_error);
}
-int OpenSSLStreamAdapter::StartSSL() {
- ASSERT(state_ == SSL_NONE);
-
- if (StreamAdapterInterface::GetState() != SS_OPEN) {
- state_ = SSL_WAIT;
- return 0;
- }
-
- state_ = SSL_CONNECTING;
- if (int err = BeginSSL()) {
- Error("BeginSSL", err, false);
- return err;
- }
-
- return 0;
-}
-
int OpenSSLStreamAdapter::BeginSSL() {
ASSERT(state_ == SSL_CONNECTING);
- // The underlying stream has open. If we are in peer-to-peer mode
- // then a peer certificate must have been specified by now.
- ASSERT(!ssl_server_name_.empty() ||
- !peer_certificate_digest_algorithm_.empty());
- LOG(LS_INFO) << "BeginSSL: "
- << (!ssl_server_name_.empty() ? ssl_server_name_ :
- "with peer");
+ // The underlying stream has opened.
+ // A peer certificate digest must have been specified by now.
+ ASSERT(!peer_certificate_digest_algorithm_.empty());
+ LOG(LS_INFO) << "BeginSSL with peer.";
BIO* bio = NULL;
- // First set up the context
+ // First set up the context.
ASSERT(ssl_ctx_ == NULL);
ssl_ctx_ = SetupSSLContext();
if (!ssl_ctx_)
@@ -825,7 +808,7 @@ int OpenSSLStreamAdapter::ContinueSSL() {
case SSL_ERROR_NONE:
LOG(LS_VERBOSE) << " -- success";
- if (!SSLPostConnectionCheck(ssl_, ssl_server_name_.c_str(), NULL,
+ if (!SSLPostConnectionCheck(ssl_, NULL,
peer_certificate_digest_algorithm_)) {
LOG(LS_ERROR) << "TLS post connection check failed";
return -1;
@@ -1092,36 +1075,12 @@ int OpenSSLStreamAdapter::SSLVerifyCallback(int ok, X509_STORE_CTX* store) {
return 1;
}
-// This code is taken from the "Network Security with OpenSSL"
-// sample in chapter 5
bool OpenSSLStreamAdapter::SSLPostConnectionCheck(SSL* ssl,
- const char* server_name,
const X509* peer_cert,
const std::string
&peer_digest) {
- ASSERT(server_name != NULL);
- bool ok;
- if (server_name[0] != '\0') { // traditional mode
- ok = OpenSSLAdapter::VerifyServerName(ssl, server_name, ignore_bad_cert());
-
- if (ok) {
- ok = (SSL_get_verify_result(ssl) == X509_V_OK ||
- custom_verification_succeeded_);
- }
- } else { // peer-to-peer mode
- ASSERT((peer_cert != NULL) || (!peer_digest.empty()));
- // no server name validation
- ok = true;
- }
-
- if (!ok && ignore_bad_cert()) {
- LOG(LS_ERROR) << "SSL_get_verify_result(ssl) = "
- << SSL_get_verify_result(ssl);
- LOG(LS_INFO) << "Other TLS post connection checks failed.";
- ok = true;
- }
-
- return ok;
+ ASSERT((peer_cert != NULL) || (!peer_digest.empty()));
+ return true;
}
bool OpenSSLStreamAdapter::HaveDtls() {
« no previous file with comments | « webrtc/base/opensslstreamadapter.h ('k') | webrtc/base/ssladapter_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698