diff options
| author | joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-17 09:57:18 +0000 |
|---|---|---|
| committer | joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-11-17 09:57:18 +0000 |
| commit | 313834720d46a68071afe305975f8b70e9bc5782 (patch) | |
| tree | 1d7b0dea339a8bcf3499cf29f27217cc985f35a1 /net/base/openssl_util.cc | |
| parent | 0d18ee21d5ddbfecf3951ac8fc0f5a30465e0ffe (diff) | |
| download | chromium_src-313834720d46a68071afe305975f8b70e9bc5782.zip chromium_src-313834720d46a68071afe305975f8b70e9bc5782.tar.gz chromium_src-313834720d46a68071afe305975f8b70e9bc5782.tar.bz2 | |
Refactor EnsureOpenSSLInit and openssl_util into base
This allows the base/crypto methods to call EnsureOpenSSLInit.
Also factors out the SSL_CTX and X509_STORE to be more closely associated with their consumers (ssl socket and X509Certificate resp.) rather than process wide globals.
BUG=None
TEST=None
Review URL: http://codereview.chromium.org/4963002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@66413 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/base/openssl_util.cc')
| -rw-r--r-- | net/base/openssl_util.cc | 86 |
1 files changed, 0 insertions, 86 deletions
diff --git a/net/base/openssl_util.cc b/net/base/openssl_util.cc deleted file mode 100644 index 51797ac..0000000 --- a/net/base/openssl_util.cc +++ /dev/null @@ -1,86 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "net/base/openssl_util.h" - -#include <openssl/err.h> - -#include "base/logging.h" -#include "base/platform_thread.h" - -namespace net { - -namespace { - -// We do certificate verification after handshake, so we disable the default -// by registering a no-op verify function. -int NoOpVerifyCallback(X509_STORE_CTX*, void *) { - DVLOG(3) << "skipping cert verify"; - return 1; -} - -unsigned long CurrentThreadId() { - return static_cast<unsigned long>(PlatformThread::CurrentId()); -} - -SSL_CTX* CreateSSL_CTX() { - SSL_load_error_strings(); - SSL_library_init(); - OpenSSL_add_all_algorithms(); - return SSL_CTX_new(SSLv23_client_method()); -} - -} // namespace - -OpenSSLInitSingleton::OpenSSLInitSingleton() - : ssl_ctx_(CreateSSL_CTX()), - store_(X509_STORE_new()) { - CHECK(ssl_ctx_.get()); - CHECK(store_.get()); - - SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), NoOpVerifyCallback, NULL); - X509_STORE_set_default_paths(store_.get()); - // TODO(bulach): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)). - int num_locks = CRYPTO_num_locks(); - for (int i = 0; i < num_locks; ++i) - locks_.push_back(new Lock()); - CRYPTO_set_locking_callback(LockingCallback); - CRYPTO_set_id_callback(CurrentThreadId); -} - -OpenSSLInitSingleton::~OpenSSLInitSingleton() { - CRYPTO_set_locking_callback(NULL); - EVP_cleanup(); - ERR_free_strings(); -} - -OpenSSLInitSingleton* GetOpenSSLInitSingleton() { - return Singleton<OpenSSLInitSingleton>::get(); -} - -void EnsureOpenSSLInit() { - Singleton<OpenSSLInitSingleton>::get(); -} - -// static -void OpenSSLInitSingleton::LockingCallback(int mode, - int n, - const char* file, - int line) { - GetOpenSSLInitSingleton()->OnLockingCallback(mode, n, file, line); -} - -void OpenSSLInitSingleton::OnLockingCallback(int mode, - int n, - const char* file, - int line) { - CHECK_LT(static_cast<size_t>(n), locks_.size()); - if (mode & CRYPTO_LOCK) - locks_[n]->Acquire(); - else - locks_[n]->Release(); -} - -} // namespace net - |