| Index: webrtc/base/opensslstreamadapter.h
|
| diff --git a/webrtc/base/opensslstreamadapter.h b/webrtc/base/opensslstreamadapter.h
|
| index 76d9e8a11438f44eede5974982928030b8378e91..76dbad24a092ec8d730485d149eaad982a0f9508 100644
|
| --- a/webrtc/base/opensslstreamadapter.h
|
| +++ b/webrtc/base/opensslstreamadapter.h
|
| @@ -63,10 +63,9 @@
|
|
|
| // Default argument is for compatibility
|
| void SetServerRole(SSLRole role = SSL_SERVER) override;
|
| - SSLPeerCertificateDigestError SetPeerCertificateDigest(
|
| - const std::string& digest_alg,
|
| - const unsigned char* digest_val,
|
| - size_t digest_len) override;
|
| + bool SetPeerCertificateDigest(const std::string& digest_alg,
|
| + const unsigned char* digest_val,
|
| + size_t digest_len) override;
|
|
|
| std::unique_ptr<SSLCertificate> GetPeerCertificate() const override;
|
|
|
| @@ -105,8 +104,6 @@
|
| // DTLS-SRTP interface
|
| bool SetDtlsSrtpCryptoSuites(const std::vector<int>& crypto_suites) override;
|
| bool GetDtlsSrtpCryptoSuite(int* crypto_suite) override;
|
| -
|
| - bool IsTlsConnected() override;
|
|
|
| // Capabilities interfaces
|
| static bool HaveDtls();
|
| @@ -150,11 +147,8 @@
|
| // raised on the stream with the specified error.
|
| // A 0 error means a graceful close, otherwise there is not really enough
|
| // context to interpret the error code.
|
| - // |alert| indicates an alert description (one of the SSL_AD constants) to
|
| - // send to the remote endpoint when closing the association. If 0, a normal
|
| - // shutdown will be performed.
|
| - void Error(const char* context, int err, uint8_t alert, bool signal);
|
| - void Cleanup(uint8_t alert);
|
| + void Error(const char* context, int err, bool signal);
|
| + void Cleanup();
|
|
|
| // Override MessageHandler
|
| void OnMessage(Message* msg) override;
|
| @@ -164,22 +158,15 @@
|
|
|
| // SSL library configuration
|
| SSL_CTX* SetupSSLContext();
|
| - // Verify the peer certificate matches the signaled digest.
|
| - bool VerifyPeerCertificate();
|
| + // SSL verification check
|
| + bool SSLPostConnectionCheck(SSL* ssl,
|
| + const X509* peer_cert,
|
| + const std::string& peer_digest);
|
| // SSL certification verification error handler, called back from
|
| // the openssl library. Returns an int interpreted as a boolean in
|
| // the C style: zero means verification failure, non-zero means
|
| // passed.
|
| static int SSLVerifyCallback(int ok, X509_STORE_CTX* store);
|
| -
|
| - bool waiting_to_verify_peer_certificate_cert() const {
|
| - return client_auth_enabled() && !peer_certificate_verified_;
|
| - }
|
| -
|
| - bool has_peer_certificate_digest() const {
|
| - return !peer_certificate_digest_algorithm_.empty() &&
|
| - !peer_certificate_digest_value_.empty();
|
| - }
|
|
|
| SSLState state_;
|
| SSLRole role_;
|
| @@ -197,7 +184,6 @@
|
| // The certificate that the peer presented. Initially null, until the
|
| // connection is established.
|
| std::unique_ptr<OpenSSLCertificate> peer_certificate_;
|
| - bool peer_certificate_verified_ = false;
|
| // The digest of the certificate that the peer must present.
|
| Buffer peer_certificate_digest_value_;
|
| std::string peer_certificate_digest_algorithm_;
|
|
|
Chromium Code Reviews
Issue 2352863003:
Revert of Allow the DTLS fingerprint verification to occur after the handshake. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master