Index: webrtc/base/sslstreamadapter.h |
diff --git a/webrtc/base/sslstreamadapter.h b/webrtc/base/sslstreamadapter.h |
index ba60ce3da09b32ce28b832597784cdaa78e0866a..1ef06fd65555f7ad57ad6d9d8757ddc8b447f413 100644 |
--- a/webrtc/base/sslstreamadapter.h |
+++ b/webrtc/base/sslstreamadapter.h |
@@ -93,21 +93,18 @@ class SSLStreamAdapter : public StreamAdapterInterface { |
void set_client_auth_enabled(bool enabled) { client_auth_enabled_ = enabled; } |
bool client_auth_enabled() const { return client_auth_enabled_; } |
- // Specify our SSL identity: key and certificate. Mostly this is |
- // only used in the peer-to-peer mode (unless we actually want to |
- // provide a client certificate to a server). |
- // SSLStream takes ownership of the SSLIdentity object and will |
- // free it when appropriate. Should be called no more than once on a |
- // given SSLStream instance. |
+ // Specify our SSL identity: key and certificate. SSLStream takes ownership |
+ // of the SSLIdentity object and will free it when appropriate. Should be |
+ // called no more than once on a given SSLStream instance. |
virtual void SetIdentity(SSLIdentity* identity) = 0; |
- // Call this to indicate that we are to play the server's role in |
- // the peer-to-peer mode. |
- // The default argument is for backward compatibility |
+ // Call this to indicate that we are to play the server role (or client role, |
+ // if the default argument is replaced by SSL_CLIENT). |
+ // The default argument is for backward compatibility. |
// TODO(ekr@rtfm.com): rename this SetRole to reflect its new function |
virtual void SetServerRole(SSLRole role = SSL_SERVER) = 0; |
- // Do DTLS or TLS |
+ // Do DTLS or TLS. |
virtual void SetMode(SSLMode mode) = 0; |
// Set maximum supported protocol version. The highest version supported by |
@@ -117,42 +114,29 @@ class SSLStreamAdapter : public StreamAdapterInterface { |
// next lower will be used. |
virtual void SetMaxProtocolVersion(SSLProtocolVersion version) = 0; |
- // The mode of operation is selected by calling either |
- // StartSSLWithServer or StartSSLWithPeer. |
- // Use of the stream prior to calling either of these functions will |
- // pass data in clear text. |
- // Calling one of these functions causes SSL negotiation to begin as |
- // soon as possible: right away if the underlying wrapped stream is |
- // already opened, or else as soon as it opens. |
+ // StartSSL starts negotiation with a peer, whose certificate is verified |
+ // using the certificate digest. Generally, SetIdentity() and possibly |
+ // SetServerRole() should have been called before this. |
+ // SetPeerCertificateDigest() must also be called. It may be called after |
+ // StartSSLWithPeer() but must be called before the underlying stream opens. |
// |
- // These functions return a negative error code on failure. |
- // Returning 0 means success so far, but negotiation is probably not |
- // complete and will continue asynchronously. In that case, the |
- // exposed stream will open after successful negotiation and |
- // verification, or an SE_CLOSE event will be raised if negotiation |
- // fails. |
- |
- // StartSSLWithServer starts SSL negotiation with a server in |
- // traditional mode. server_name specifies the expected server name |
- // which the server's certificate needs to specify. |
- virtual int StartSSLWithServer(const char* server_name) = 0; |
- |
- // StartSSLWithPeer starts negotiation in the special peer-to-peer |
- // mode. |
- // Generally, SetIdentity() and possibly SetServerRole() should have |
- // been called before this. |
- // SetPeerCertificate() or SetPeerCertificateDigest() must also be called. |
- // It may be called after StartSSLWithPeer() but must be called before the |
- // underlying stream opens. |
- virtual int StartSSLWithPeer() = 0; |
- |
- // Specify the digest of the certificate that our peer is expected to use in |
- // peer-to-peer mode. Only this certificate will be accepted during |
- // SSL verification. The certificate is assumed to have been |
- // obtained through some other secure channel (such as the XMPP |
- // channel). Unlike SetPeerCertificate(), this must specify the |
- // terminal certificate, not just a CA. |
- // SSLStream makes a copy of the digest value. |
+ // Use of the stream prior to calling StartSSL will pass data in clear text. |
+ // Calling StartSSL causes SSL negotiation to begin as soon as possible: right |
+ // away if the underlying wrapped stream is already opened, or else as soon as |
+ // it opens. |
+ // |
+ // StartSSL returns a negative error code on failure. Returning 0 means |
+ // success so far, but negotiation is probably not complete and will continue |
+ // asynchronously. In that case, the exposed stream will open after |
+ // successful negotiation and verification, or an SE_CLOSE event will be |
+ // raised if negotiation fails. |
+ virtual int StartSSL() = 0; |
+ |
+ // Specify the digest of the certificate that our peer is expected to use. |
+ // Only this certificate will be accepted during SSL verification. The |
+ // certificate is assumed to have been obtained through some other secure |
+ // channel (such as the signaling channel). This must specify the terminal |
+ // certificate, not just a CA. SSLStream makes a copy of the digest value. |
virtual bool SetPeerCertificateDigest(const std::string& digest_alg, |
const unsigned char* digest_val, |
size_t digest_len) = 0; |