Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(258)

Unified Diff: webrtc/p2p/base/basicpacketsocketfactory.cc

Issue 2594623002: Add disabled certificate check support to IceServer PeerConnection API. (Closed)
Patch Set: Support deprecated OPT_SSLTCP name to prevent API breakage. Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « webrtc/api/peerconnectioninterface.h ('k') | webrtc/p2p/base/packetsocketfactory.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: webrtc/p2p/base/basicpacketsocketfactory.cc
diff --git a/webrtc/p2p/base/basicpacketsocketfactory.cc b/webrtc/p2p/base/basicpacketsocketfactory.cc
index 51e9b07fc0c660c0b7e743ea0b8ab75ba5d514a5..b794904411fab6cb3ef6a7a01e2e004b785d2480 100644
--- a/webrtc/p2p/base/basicpacketsocketfactory.cc
+++ b/webrtc/p2p/base/basicpacketsocketfactory.cc
@@ -87,8 +87,8 @@ AsyncPacketSocket* BasicPacketSocketFactory::CreateServerTcpSocket(
return NULL;
}
- // If using SSLTCP, wrap the TCP socket in a pseudo-SSL socket.
- if (opts & PacketSocketFactory::OPT_SSLTCP) {
+ // If using fake TLS, wrap the TCP socket in a pseudo-SSL socket.
+ if (opts & PacketSocketFactory::OPT_TLS_FAKE) {
ASSERT(!(opts & PacketSocketFactory::OPT_TLS));
socket = new AsyncSSLSocket(socket);
}
@@ -129,15 +129,24 @@ AsyncPacketSocket* BasicPacketSocketFactory::CreateClientTcpSocket(
proxy_info.username, proxy_info.password);
}
- // If using TLS, wrap the socket in an SSL adapter.
- if (opts & PacketSocketFactory::OPT_TLS) {
- ASSERT(!(opts & PacketSocketFactory::OPT_SSLTCP));
+ // Assert that at most one TLS option is used.
+ int tlsOpts =
+ opts & (PacketSocketFactory::OPT_TLS | PacketSocketFactory::OPT_TLS_FAKE |
+ PacketSocketFactory::OPT_TLS_INSECURE);
+ ASSERT((tlsOpts & (tlsOpts - 1)) == 0);
+ if ((tlsOpts & PacketSocketFactory::OPT_TLS) ||
+ (tlsOpts & PacketSocketFactory::OPT_TLS_INSECURE)) {
+ // Using TLS, wrap the socket in an SSL adapter.
SSLAdapter* ssl_adapter = SSLAdapter::Create(socket);
if (!ssl_adapter) {
return NULL;
}
+ if (tlsOpts & PacketSocketFactory::OPT_TLS_INSECURE) {
+ ssl_adapter->set_ignore_bad_cert(true);
+ }
+
socket = ssl_adapter;
if (ssl_adapter->StartSSL(remote_address.hostname().c_str(), false) != 0) {
@@ -145,9 +154,8 @@ AsyncPacketSocket* BasicPacketSocketFactory::CreateClientTcpSocket(
return NULL;
}
- // If using SSLTCP, wrap the TCP socket in a pseudo-SSL socket.
- } else if (opts & PacketSocketFactory::OPT_SSLTCP) {
- ASSERT(!(opts & PacketSocketFactory::OPT_TLS));
+ } else if (tlsOpts & PacketSocketFactory::OPT_TLS_FAKE) {
+ // Using fake TLS, wrap the TCP socket in a pseudo-SSL socket.
socket = new AsyncSSLSocket(socket);
}
« no previous file with comments | « webrtc/api/peerconnectioninterface.h ('k') | webrtc/p2p/base/packetsocketfactory.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698