OLD | NEW |
1 /* | 1 /* |
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
3 * | 3 * |
4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
9 */ | 9 */ |
10 | 10 |
11 #ifndef WEBRTC_BASE_OPENSSLADAPTER_H__ | 11 #ifndef WEBRTC_BASE_OPENSSLADAPTER_H_ |
12 #define WEBRTC_BASE_OPENSSLADAPTER_H__ | 12 #define WEBRTC_BASE_OPENSSLADAPTER_H_ |
13 | 13 |
14 #include <string> | |
15 #include "webrtc/base/buffer.h" | |
16 #include "webrtc/base/messagehandler.h" | |
17 #include "webrtc/base/messagequeue.h" | |
18 #include "webrtc/base/ssladapter.h" | |
19 | 14 |
20 typedef struct ssl_st SSL; | 15 // This header is deprecated and is just left here temporarily during |
21 typedef struct ssl_ctx_st SSL_CTX; | 16 // refactoring. See https://bugs.webrtc.org/7634 for more details. |
22 typedef struct x509_store_ctx_st X509_STORE_CTX; | 17 #include "webrtc/rtc_base/openssladapter.h" |
23 | 18 |
24 namespace rtc { | 19 #endif // WEBRTC_BASE_OPENSSLADAPTER_H_ |
25 | |
26 /////////////////////////////////////////////////////////////////////////////// | |
27 | |
28 class OpenSSLAdapter : public SSLAdapter, public MessageHandler { | |
29 public: | |
30 static bool InitializeSSL(VerificationCallback callback); | |
31 static bool InitializeSSLThread(); | |
32 static bool CleanupSSL(); | |
33 | |
34 OpenSSLAdapter(AsyncSocket* socket); | |
35 ~OpenSSLAdapter() override; | |
36 | |
37 void SetMode(SSLMode mode) override; | |
38 int StartSSL(const char* hostname, bool restartable) override; | |
39 int Send(const void* pv, size_t cb) override; | |
40 int SendTo(const void* pv, size_t cb, const SocketAddress& addr) override; | |
41 int Recv(void* pv, size_t cb, int64_t* timestamp) override; | |
42 int RecvFrom(void* pv, | |
43 size_t cb, | |
44 SocketAddress* paddr, | |
45 int64_t* timestamp) override; | |
46 int Close() override; | |
47 | |
48 // Note that the socket returns ST_CONNECTING while SSL is being negotiated. | |
49 ConnState GetState() const override; | |
50 | |
51 protected: | |
52 void OnConnectEvent(AsyncSocket* socket) override; | |
53 void OnReadEvent(AsyncSocket* socket) override; | |
54 void OnWriteEvent(AsyncSocket* socket) override; | |
55 void OnCloseEvent(AsyncSocket* socket, int err) override; | |
56 | |
57 private: | |
58 enum SSLState { | |
59 SSL_NONE, SSL_WAIT, SSL_CONNECTING, SSL_CONNECTED, SSL_ERROR | |
60 }; | |
61 | |
62 enum { MSG_TIMEOUT }; | |
63 | |
64 int BeginSSL(); | |
65 int ContinueSSL(); | |
66 void Error(const char* context, int err, bool signal = true); | |
67 void Cleanup(); | |
68 | |
69 // Return value and arguments have the same meanings as for Send; |error| is | |
70 // an output parameter filled with the result of SSL_get_error. | |
71 int DoSslWrite(const void* pv, size_t cb, int* error); | |
72 | |
73 void OnMessage(Message* msg) override; | |
74 | |
75 static bool VerifyServerName(SSL* ssl, const char* host, | |
76 bool ignore_bad_cert); | |
77 bool SSLPostConnectionCheck(SSL* ssl, const char* host); | |
78 #if !defined(NDEBUG) | |
79 static void SSLInfoCallback(const SSL* s, int where, int ret); | |
80 #endif | |
81 static int SSLVerifyCallback(int ok, X509_STORE_CTX* store); | |
82 static VerificationCallback custom_verify_callback_; | |
83 friend class OpenSSLStreamAdapter; // for custom_verify_callback_; | |
84 | |
85 static bool ConfigureTrustedRootCertificates(SSL_CTX* ctx); | |
86 SSL_CTX* SetupSSLContext(); | |
87 | |
88 SSLState state_; | |
89 bool ssl_read_needs_write_; | |
90 bool ssl_write_needs_read_; | |
91 // If true, socket will retain SSL configuration after Close. | |
92 bool restartable_; | |
93 | |
94 // This buffer is used if SSL_write fails with SSL_ERROR_WANT_WRITE, which | |
95 // means we need to keep retrying with *the same exact data* until it | |
96 // succeeds. Afterwards it will be cleared. | |
97 Buffer pending_data_; | |
98 | |
99 SSL* ssl_; | |
100 SSL_CTX* ssl_ctx_; | |
101 std::string ssl_host_name_; | |
102 // Do DTLS or not | |
103 SSLMode ssl_mode_; | |
104 | |
105 bool custom_verification_succeeded_; | |
106 }; | |
107 | |
108 ///////////////////////////////////////////////////////////////////////////// | |
109 | |
110 } // namespace rtc | |
111 | |
112 #endif // WEBRTC_BASE_OPENSSLADAPTER_H__ | |
OLD | NEW |