1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
6 #define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_
10 #include "base/compiler_specific.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/memory/weak_ptr.h"
13 #include "net/base/completion_callback.h"
14 #include "net/base/io_buffer.h"
15 #include "net/cert/cert_verify_result.h"
16 #include "net/socket/client_socket_handle.h"
17 #include "net/socket/ssl_client_socket.h"
18 #include "net/ssl/ssl_config_service.h"
20 // Avoid including misc OpenSSL headers, i.e.:
22 typedef struct bio_st BIO
;
24 typedef struct evp_pkey_st EVP_PKEY
;
26 typedef struct ssl_st SSL
;
28 typedef struct x509_st X509
;
33 class SingleRequestCertVerifier
;
34 class SSLCertRequestInfo
;
37 // An SSL client socket implemented with OpenSSL.
38 class SSLClientSocketOpenSSL
: public SSLClientSocket
{
40 // Takes ownership of the transport_socket, which may already be connected.
41 // The given hostname will be compared with the name(s) in the server's
42 // certificate during the SSL handshake. ssl_config specifies the SSL
44 SSLClientSocketOpenSSL(scoped_ptr
<ClientSocketHandle
> transport_socket
,
45 const HostPortPair
& host_and_port
,
46 const SSLConfig
& ssl_config
,
47 const SSLClientSocketContext
& context
);
48 virtual ~SSLClientSocketOpenSSL();
50 const HostPortPair
& host_and_port() const { return host_and_port_
; }
51 const std::string
& ssl_session_cache_shard() const {
52 return ssl_session_cache_shard_
;
55 // Callback from the SSL layer that indicates the remote server is requesting
56 // a certificate for this client.
57 int ClientCertRequestCallback(SSL
* ssl
, X509
** x509
, EVP_PKEY
** pkey
);
59 // Callback from the SSL layer to check which NPN protocol we are supporting
60 int SelectNextProtoCallback(unsigned char** out
, unsigned char* outlen
,
61 const unsigned char* in
, unsigned int inlen
);
63 // SSLClientSocket implementation.
64 virtual void GetSSLCertRequestInfo(
65 SSLCertRequestInfo
* cert_request_info
) OVERRIDE
;
66 virtual NextProtoStatus
GetNextProto(std::string
* proto
,
67 std::string
* server_protos
) OVERRIDE
;
68 virtual ServerBoundCertService
* GetServerBoundCertService() const OVERRIDE
;
70 // SSLSocket implementation.
71 virtual int ExportKeyingMaterial(const base::StringPiece
& label
,
73 const base::StringPiece
& context
,
75 unsigned int outlen
) OVERRIDE
;
76 virtual int GetTLSUniqueChannelBinding(std::string
* out
) OVERRIDE
;
78 // StreamSocket implementation.
79 virtual int Connect(const CompletionCallback
& callback
) OVERRIDE
;
80 virtual void Disconnect() OVERRIDE
;
81 virtual bool IsConnected() const OVERRIDE
;
82 virtual bool IsConnectedAndIdle() const OVERRIDE
;
83 virtual int GetPeerAddress(IPEndPoint
* address
) const OVERRIDE
;
84 virtual int GetLocalAddress(IPEndPoint
* address
) const OVERRIDE
;
85 virtual const BoundNetLog
& NetLog() const OVERRIDE
;
86 virtual void SetSubresourceSpeculation() OVERRIDE
;
87 virtual void SetOmniboxSpeculation() OVERRIDE
;
88 virtual bool WasEverUsed() const OVERRIDE
;
89 virtual bool UsingTCPFastOpen() const OVERRIDE
;
90 virtual bool GetSSLInfo(SSLInfo
* ssl_info
) OVERRIDE
;
92 // Socket implementation.
93 virtual int Read(IOBuffer
* buf
, int buf_len
,
94 const CompletionCallback
& callback
) OVERRIDE
;
95 virtual int Write(IOBuffer
* buf
, int buf_len
,
96 const CompletionCallback
& callback
) OVERRIDE
;
97 virtual bool SetReceiveBufferSize(int32 size
) OVERRIDE
;
98 virtual bool SetSendBufferSize(int32 size
) OVERRIDE
;
102 void DoReadCallback(int result
);
103 void DoWriteCallback(int result
);
105 bool DoTransportIO();
107 int DoVerifyCert(int result
);
108 int DoVerifyCertComplete(int result
);
109 void DoConnectCallback(int result
);
110 X509Certificate
* UpdateServerCert();
112 void OnHandshakeIOComplete(int result
);
113 void OnSendComplete(int result
);
114 void OnRecvComplete(int result
);
116 int DoHandshakeLoop(int last_io_result
);
117 int DoReadLoop(int result
);
118 int DoWriteLoop(int result
);
120 int DoPayloadWrite();
124 void BufferSendComplete(int result
);
125 void BufferRecvComplete(int result
);
126 void TransportWriteComplete(int result
);
127 void TransportReadComplete(int result
);
129 bool transport_send_busy_
;
130 bool transport_recv_busy_
;
131 bool transport_recv_eof_
;
133 scoped_refptr
<DrainableIOBuffer
> send_buffer_
;
134 scoped_refptr
<IOBuffer
> recv_buffer_
;
136 CompletionCallback user_connect_callback_
;
137 CompletionCallback user_read_callback_
;
138 CompletionCallback user_write_callback_
;
140 base::WeakPtrFactory
<SSLClientSocketOpenSSL
> weak_factory_
;
142 // Used by Read function.
143 scoped_refptr
<IOBuffer
> user_read_buf_
;
144 int user_read_buf_len_
;
146 // Used by Write function.
147 scoped_refptr
<IOBuffer
> user_write_buf_
;
148 int user_write_buf_len_
;
150 // Used by DoPayloadRead() when attempting to fill the caller's buffer with
151 // as much data as possible without blocking.
152 // If DoPayloadRead() encounters an error after having read some data, stores
153 // the result to return on the *next* call to DoPayloadRead(). A value > 0
154 // indicates there is no pending result, otherwise 0 indicates EOF and < 0
155 // indicates an error.
156 int pending_read_error_
;
158 // Set when handshake finishes.
159 scoped_refptr
<X509Certificate
> server_cert_
;
160 CertVerifyResult server_cert_verify_result_
;
161 bool completed_handshake_
;
163 // Stores client authentication information between ClientAuthHandler and
164 // GetSSLCertRequestInfo calls.
165 bool client_auth_cert_needed_
;
166 // List of DER-encoded X.509 DistinguishedName of certificate authorities
167 // allowed by the server.
168 std::vector
<std::string
> cert_authorities_
;
170 CertVerifier
* const cert_verifier_
;
171 scoped_ptr
<SingleRequestCertVerifier
> verifier_
;
177 scoped_ptr
<ClientSocketHandle
> transport_
;
178 const HostPortPair host_and_port_
;
179 SSLConfig ssl_config_
;
180 // ssl_session_cache_shard_ is an opaque string that partitions the SSL
181 // session cache. i.e. sessions created with one value will not attempt to
182 // resume on the socket with a different value.
183 const std::string ssl_session_cache_shard_
;
185 // Used for session cache diagnostics.
186 bool trying_cached_session_
;
192 STATE_VERIFY_CERT_COMPLETE
,
194 State next_handshake_state_
;
195 NextProtoStatus npn_status_
;
196 std::string npn_proto_
;
197 std::string server_protos_
;
198 BoundNetLog net_log_
;
203 #endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_