diff options
| author | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-19 01:24:05 +0000 |
|---|---|---|
| committer | sergeyu@chromium.org <sergeyu@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-03-19 01:24:05 +0000 |
| commit | 474b343920007333ae952dc7e654b9ad190653d6 (patch) | |
| tree | 941703154f191c864613294bf0b81472a6118f48 /remoting/jingle_glue/ssl_socket_adapter.cc | |
| parent | 8cb04a6c7743b7062939971bbb29502f2f0cbde5 (diff) | |
| download | chromium_src-474b343920007333ae952dc7e654b9ad190653d6.zip chromium_src-474b343920007333ae952dc7e654b9ad190653d6.tar.gz chromium_src-474b343920007333ae952dc7e654b9ad190653d6.tar.bz2 | |
Hardcode gmail cert for chromoting.
NSS doesn't load root certs in the renderer process, so cert verification fails for XMPP connection. Hardcode gmail.com certificate, to workaround this issue.
TEST=remoting client can connect.
BUG=None
Review URL: http://codereview.chromium.org/6688043
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@78791 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'remoting/jingle_glue/ssl_socket_adapter.cc')
| -rw-r--r-- | remoting/jingle_glue/ssl_socket_adapter.cc | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/remoting/jingle_glue/ssl_socket_adapter.cc b/remoting/jingle_glue/ssl_socket_adapter.cc index 95d129b..ffde85e 100644 --- a/remoting/jingle_glue/ssl_socket_adapter.cc +++ b/remoting/jingle_glue/ssl_socket_adapter.cc @@ -4,6 +4,7 @@ #include "remoting/jingle_glue/ssl_socket_adapter.h" +#include "base/base64.h" #include "base/compiler_specific.h" #include "base/message_loop.h" #include "net/base/address_list.h" @@ -18,6 +19,33 @@ namespace remoting { +namespace { + +// NSS doesn't load root certificates when running in sandbox, so we +// need to have gmail's cert hardcoded. +// +// TODO(sergeyu): Remove this when we don't make XMPP connection from +// inside of sandbox. +const char kGmailCertBase64[] = + "MIIC2TCCAkKgAwIBAgIDBz+SMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT" + "MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0" + "aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDcwNDExMTcxNzM4WhcNMTIwNDEwMTcxNzM4" + "WjBkMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMN" + "TW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xlIEluYy4xEjAQBgNVBAMTCWdt" + "YWlsLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA1Hds2jWwXAVGef06" + "7PeSJF/h9BnoYlTdykx0lBTDc92/JLvuq0lJkytqll1UR4kHmF4vwqQkwcqOK03w" + "k8qDK8fh6M13PYhvPEXP02ozsuL3vqE8hcCva2B9HVnOPY17Qok37rYQ+yexswN5" + "eh0+93nddEa1PyHgEQ8CDKCJaWUCAwEAAaOBrjCBqzAOBgNVHQ8BAf8EBAMCBPAw" + "HQYDVR0OBBYEFJcjzXEevMEDIEvuQiT7puEJY737MDoGA1UdHwQzMDEwL6AtoCuG" + "KWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsMB8GA1Ud" + "IwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdJQQWMBQGCCsGAQUFBwMB" + "BggrBgEFBQcDAjANBgkqhkiG9w0BAQUFAAOBgQB74cGpjdENf9U+WEd29dfzY3Tz" + "JehnlY5cH5as8bOTe7PNPzj967OJ7TPWEycMwlS7CsqIsmfRGOFFfoHxo+iPugZ8" + "uO2Kd++QHCXL+MumGjkW4FcTFmceV/Q12Wdh3WApcqIZZciQ79MAeFh7bzteAYqf" + "wC98YQwylC9wVhf1yw=="; + +} // namespace + SSLSocketAdapter* SSLSocketAdapter::Create(AsyncSocket* socket) { return new SSLSocketAdapter(socket); } @@ -67,6 +95,18 @@ int SSLSocketAdapter::BeginSSL() { // are correct for us, so we don't use the config service to initialize this // object. net::SSLConfig ssl_config; + + std::string gmail_cert_binary; + base::Base64Decode(kGmailCertBase64, &gmail_cert_binary); + scoped_refptr<net::X509Certificate> gmail_cert = + net::X509Certificate::CreateFromBytes(gmail_cert_binary.data(), + gmail_cert_binary.size()); + DCHECK(gmail_cert); + net::SSLConfig::CertAndStatus gmail_cert_status; + gmail_cert_status.cert = gmail_cert; + gmail_cert_status.cert_status = 0; + ssl_config.allowed_bad_certs.push_back(gmail_cert_status); + transport_socket_->set_addr(talk_base::SocketAddress(hostname_, 0)); ssl_socket_.reset( net::ClientSocketFactory::GetDefaultFactory()->CreateSSLClientSocket( |