Running clang-format with chromium's style guide.
The goal is n-fold:
* providing consistency and readability (that's what code guidelines are for)
* preventing noise with presubmit checks and git cl format
* building on the previous point: making it easier to automatically fix format issues
* you name it
Please consider using git-hyper-blame to ignore this commit.
Bug: webrtc:9340
Change-Id: I694567c4cdf8cee2860958cfe82bfaf25848bb87
Reviewed-on: https://webrtc-review.googlesource.com/81185
Reviewed-by: Patrik Höglund <phoglund@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#23660}
This changeset refactors the OpenSSLSessionCache out of the Factory. Instead of
directly injecting a pointer to the factory to each OpenSSLAdapter instead just
a pointer to the OpenSSLSessionCache is submitted which the Factory is the sole
owner of. This provides a cleaner dependency injection interface and allows the
OpenSSLSessionCache to be tested independently of the factory that uses it. It
also allows for the factories role to be more clearly defined allowing for
additional dependency injection in future updates.
This change also removes the habit of having OpenSSL typedefs around certain
functions and instead uses the standardised ossl_typ.h header which contains
these typedefs. This makes the headers more directly tied to just what they are
responsible for doing.
Bug: webrtc:9085
Change-Id: I7938178b70acc613856139d387a1b46928dca6ad
Reviewed-on: https://webrtc-review.googlesource.com/66941
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22758}
There was an implementation, but it relied on SSLCertificate::GetChain,
which was never implemented. Except in the fake certificate classes
used by the stats collector tests, hence the tests were passing.
Instead of implementing GetChain, we decided (in
https://webrtc-review.googlesource.com/c/src/+/6500) to add
methods that return a SSLCertChain directly, since it results in a
somewhat cleaner object model.
So this CL switches everything to use the "chain" methods, and gets
rid of the obsolete methods and member variables.
Bug: webrtc:8920
Change-Id: Ie9d7d53654ba859535462521b54c788adec7badf
Reviewed-on: https://webrtc-review.googlesource.com/56961
Commit-Queue: Taylor Brandstetter <deadbeef@webrtc.org>
Reviewed-by: Zhi Huang <zhihuang@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#22177}
WebRTC is currently using the SSL_CTX_set_verify callback. This
configures a callback for use with X509_STORE_CTX_set_verify_cb. See
https://www.openssl.org/docs/man1.0.2/crypto/X509_STORE_CTX_set_verify_cb.html
This callback does not override certificate verification. Rather, it
allows EACH failure in OpenSSL's built-in certificate verification, as
well as the final success, to be overridden (that's why there's an ok
parameter). It still runs the usual OpenSSL certificate verification
(which will never succeed).
The upshot is that the callback is called multiple times and
OpenSSLStreamAdapter does a ton of redundant work and checks the hash at
least twice, or more for certificates with other errors.
Instead, use SSL_CTX_set_cert_verify_callback. This short-circuits the
OpenSSL behavior entirely and uses a caller-supplied one.
https://commondatastorage.googleapis.com/chromium-boringssl-docs/ssl.h.html#SSL_CTX_set_cert_verify_callbackhttps://wiki.openssl.org/index.php/Manual:SSL_CTX_set_cert_verify_callback(3)
(This also removes the SSL_CTX_set_verify_depth call which is ignored
with SSL_CTX_set_cert_verify_callback. It didn't do anything before
either---it tells OpenSSL to reject chains that are too short, but the
rejection was overwritten by the callback anyway.)
(Later on, we'll need to switch this to the BoringSSL-only
SSL_CTX_set_custom_verify and CRYPTO_BUFFER APIs to fix WebRTC's
contribution to Chrome's binary size, but I've left that alone for the
time being.)
Bug: none
Change-Id: I9320a367d0961935836df63dc6f0868b069f0af0
Reviewed-on: https://webrtc-review.googlesource.com/4581
Commit-Queue: David Benjamin <davidben@webrtc.org>
Reviewed-by: Taylor Brandstetter <deadbeef@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#20053}
In order to eliminate the WebRTC Subtree mirror in Chromium,
WebRTC is moving the content of the src/webrtc directory up
to the src/ directory.
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
TBR=tommi@webrtc.org
Bug: chromium:611808
Change-Id: Iac59c5b51b950f174119565bac87955a7994bc38
Reviewed-on: https://webrtc-review.googlesource.com/1560
Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org>
Reviewed-by: Henrik Kjellander <kjellander@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#19845}
