diff options
| author | raymes@chromium.org <raymes@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-12 03:38:22 +0000 |
|---|---|---|
| committer | raymes@chromium.org <raymes@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-12 03:38:22 +0000 |
| commit | 92a794994111f442e9c7ba1792a5418a77c2ca74 (patch) | |
| tree | 6ccf61412e2d7c33adab5611354db381c8367fc1 /content/browser/renderer_host/pepper_tcp_socket.cc | |
| parent | 8d813a832c341a54a8a8aff5702bd392e990cda7 (diff) | |
| download | chromium_src-92a794994111f442e9c7ba1792a5418a77c2ca74.zip chromium_src-92a794994111f442e9c7ba1792a5418a77c2ca74.tar.gz chromium_src-92a794994111f442e9c7ba1792a5418a77c2ca74.tar.bz2 | |
This adds the following to functions to the ppapi TCPSocket interface:
1) GetServer certificate, which returns the server X509Certificate if an SSL connection has been established.
2) AddChainBuilding certificate. This is currently unimplemented in Chrome but the interface and plumbing has been added so it can easily be hooked up. This should add a trusted/untrusted chain building certificate to be used by the client for a particular connection when performing the SSL handshake.
BUG=114626
TEST=out/Release/browser_tests --gtest_filter=*PPAPITest.*TCP*Trusted*
Review URL: http://codereview.chromium.org/9699100
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@131918 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/browser/renderer_host/pepper_tcp_socket.cc')
| -rw-r--r-- | content/browser/renderer_host/pepper_tcp_socket.cc | 25 |
1 files changed, 22 insertions, 3 deletions
diff --git a/content/browser/renderer_host/pepper_tcp_socket.cc b/content/browser/renderer_host/pepper_tcp_socket.cc index e80e8e6..d6007f5 100644 --- a/content/browser/renderer_host/pepper_tcp_socket.cc +++ b/content/browser/renderer_host/pepper_tcp_socket.cc @@ -104,8 +104,11 @@ void PepperTCPSocket::ConnectWithNetAddress( StartConnect(address_list_); } -void PepperTCPSocket::SSLHandshake(const std::string& server_name, - uint16_t server_port) { +void PepperTCPSocket::SSLHandshake( + const std::string& server_name, + uint16_t server_port, + const std::vector<std::vector<char> >& trusted_certs, + const std::vector<std::vector<char> >& untrusted_certs) { DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); // Allow to do SSL handshake only if currently the socket has been connected @@ -119,6 +122,8 @@ void PepperTCPSocket::SSLHandshake(const std::string& server_name, } connection_state_ = SSL_HANDSHAKE_IN_PROGRESS; + // TODO(raymes,rsleevi): Use trusted/untrusted certificates when connecting. + net::ClientSocketHandle* handle = new net::ClientSocketHandle(); handle->set_socket(socket_.release()); net::ClientSocketFactory* factory = @@ -275,8 +280,22 @@ void PepperTCPSocket::SendWriteACKError() { } void PepperTCPSocket::SendSSLHandshakeACK(bool succeeded) { + ppapi::PPB_X509Certificate_Fields certificate_fields; + if (succeeded) { + // Our socket is guaranteed to be an SSL socket if we get here. + net::SSLClientSocket* ssl_socket = + static_cast<net::SSLClientSocket*>(socket_.get()); + net::SSLInfo ssl_info; + ssl_socket->GetSSLInfo(&ssl_info); + if (ssl_info.cert.get()) + GetCertificateFields(*ssl_info.cert, &certificate_fields); + } manager_->Send(new PpapiMsg_PPBTCPSocket_SSLHandshakeACK( - routing_id_, plugin_dispatcher_id_, socket_id_, succeeded)); + routing_id_, + plugin_dispatcher_id_, + socket_id_, + succeeded, + certificate_fields)); } void PepperTCPSocket::OnResolveCompleted(int result) { |