diff options
author | Iain Merrick <husky@google.com> | 2010-11-01 12:19:54 +0000 |
---|---|---|
committer | Iain Merrick <husky@google.com> | 2010-11-03 10:21:10 +0000 |
commit | 731df977c0511bca2206b5f333555b1205ff1f43 (patch) | |
tree | 0e750b949b3f00a1ac11fda25d3c2de512f2b465 /net/base/openssl_util.cc | |
parent | 5add15e10e7bb80512f2c597ca57221314abe577 (diff) | |
download | external_chromium-731df977c0511bca2206b5f333555b1205ff1f43.zip external_chromium-731df977c0511bca2206b5f333555b1205ff1f43.tar.gz external_chromium-731df977c0511bca2206b5f333555b1205ff1f43.tar.bz2 |
Merge Chromium at r63472 : Initial merge by git.
Change-Id: Ifb9ee821af006a5f2211e81471be93ae440a1f5a
Diffstat (limited to 'net/base/openssl_util.cc')
-rw-r--r-- | net/base/openssl_util.cc | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/net/base/openssl_util.cc b/net/base/openssl_util.cc new file mode 100644 index 0000000..fcdc3a1 --- /dev/null +++ b/net/base/openssl_util.cc @@ -0,0 +1,82 @@ +// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "net/base/openssl_util.h" + +#include <openssl/err.h> + +#include "base/logging.h" +#include "base/platform_thread.h" + +namespace net { + +namespace { + +// We do certificate verification after handshake, so we disable the default +// by registering a no-op verify function. +int NoOpVerifyCallback(X509_STORE_CTX*, void *) { + DVLOG(3) << "skipping cert verify"; + return 1; +} + +unsigned long CurrentThreadId() { + return static_cast<unsigned long>(PlatformThread::CurrentId()); +} + +SSL_CTX* CreateSSL_CTX() { + SSL_load_error_strings(); + SSL_library_init(); + OpenSSL_add_all_algorithms(); + return SSL_CTX_new(SSLv23_client_method()); +} + +} // namespace + +OpenSSLInitSingleton::OpenSSLInitSingleton() + : ssl_ctx_(CreateSSL_CTX()), + store_(X509_STORE_new()) { + CHECK(ssl_ctx_.get()); + CHECK(store_.get()); + + SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), NoOpVerifyCallback, NULL); + X509_STORE_set_default_paths(store_.get()); + // TODO(bulach): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)). + int num_locks = CRYPTO_num_locks(); + for (int i = 0; i < num_locks; ++i) + locks_.push_back(new Lock()); + CRYPTO_set_locking_callback(LockingCallback); + CRYPTO_set_id_callback(CurrentThreadId); +} + +OpenSSLInitSingleton::~OpenSSLInitSingleton() { + CRYPTO_set_locking_callback(NULL); + EVP_cleanup(); + ERR_free_strings(); +} + +OpenSSLInitSingleton* GetOpenSSLInitSingleton() { + return Singleton<OpenSSLInitSingleton>::get(); +} + +// static +void OpenSSLInitSingleton::LockingCallback(int mode, + int n, + const char* file, + int line) { + GetOpenSSLInitSingleton()->OnLockingCallback(mode, n, file, line); +} + +void OpenSSLInitSingleton::OnLockingCallback(int mode, + int n, + const char* file, + int line) { + CHECK_LT(static_cast<size_t>(n), locks_.size()); + if (mode & CRYPTO_LOCK) + locks_[n]->Acquire(); + else + locks_[n]->Release(); +} + +} // namespace net + |