zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
38f8893235f3b80ae9ca89db66d62ca819b51c01
platform-external-webrtc/webrtc/base/sslstreamadapter.cc
Joachim Bauch 831c5585c7 Allow setting maximum protocol version for SSL stream adapters. 
This CL adds an API to SSL stream adapters to set the maximum allowed
protocol version and with that implements support for DTLS 1.2.
With DTLS 1.2 the default cipher changes in the unittests as follows.

BoringSSL
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

NSS
TLS_RSA_WITH_AES_128_CBC_SHA -> TLS_RSA_WITH_AES_128_GCM_SHA256

BUG=chromium:428343
R=juberti@google.com

Review URL: https://webrtc-codereview.appspot.com/50989004

Cr-Commit-Position: refs/heads/master@{#9232}
2015-05-20 10:48:24 +00:00

109 lines
3.4 KiB
C++
Raw Blame History

/*
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#if HAVE_CONFIG_H
#include "config.h"
#endif // HAVE_CONFIG_H
#include "webrtc/base/sslstreamadapter.h"
#include "webrtc/base/sslconfig.h"
#if SSL_USE_SCHANNEL
// SChannel support for DTLS and peer-to-peer mode are not
// done.
#elif SSL_USE_OPENSSL // && !SSL_USE_SCHANNEL
#include "webrtc/base/opensslstreamadapter.h"
#elif SSL_USE_NSS // && !SSL_USE_SCHANNEL && !SSL_USE_OPENSSL
#include "webrtc/base/nssstreamadapter.h"
#endif // !SSL_USE_OPENSSL && !SSL_USE_SCHANNEL && !SSL_USE_NSS
///////////////////////////////////////////////////////////////////////////////
namespace rtc {
SSLStreamAdapter* SSLStreamAdapter::Create(StreamInterface* stream) {
#if SSL_USE_SCHANNEL
return NULL;
#elif SSL_USE_OPENSSL // !SSL_USE_SCHANNEL
return new OpenSSLStreamAdapter(stream);
#elif SSL_USE_NSS // !SSL_USE_SCHANNEL && !SSL_USE_OPENSSL
return new NSSStreamAdapter(stream);
#else // !SSL_USE_SCHANNEL && !SSL_USE_OPENSSL && !SSL_USE_NSS
return NULL;
#endif
}
bool SSLStreamAdapter::GetSslCipher(std::string* cipher) {
return false;
}
bool SSLStreamAdapter::ExportKeyingMaterial(const std::string& label,
const uint8* context,
size_t context_len,
bool use_context,
uint8* result,
size_t result_len) {
return false; // Default is unsupported
}
bool SSLStreamAdapter::SetDtlsSrtpCiphers(
const std::vector<std::string>& ciphers) {
return false;
}
bool SSLStreamAdapter::GetDtlsSrtpCipher(std::string* cipher) {
return false;
}
// Note: this matches the logic above with SCHANNEL dominating
#if SSL_USE_SCHANNEL
bool SSLStreamAdapter::HaveDtls() { return false; }
bool SSLStreamAdapter::HaveDtlsSrtp() { return false; }
bool SSLStreamAdapter::HaveExporter() { return false; }
std::string SSLStreamAdapter::GetDefaultSslCipher(SSLProtocolVersion version) {
return std::string();
}
#elif SSL_USE_OPENSSL
bool SSLStreamAdapter::HaveDtls() {
return OpenSSLStreamAdapter::HaveDtls();
}
bool SSLStreamAdapter::HaveDtlsSrtp() {
return OpenSSLStreamAdapter::HaveDtlsSrtp();
}
bool SSLStreamAdapter::HaveExporter() {
return OpenSSLStreamAdapter::HaveExporter();
}
std::string SSLStreamAdapter::GetDefaultSslCipher(SSLProtocolVersion version) {
return OpenSSLStreamAdapter::GetDefaultSslCipher(version);
}
#elif SSL_USE_NSS
bool SSLStreamAdapter::HaveDtls() {
return NSSStreamAdapter::HaveDtls();
}
bool SSLStreamAdapter::HaveDtlsSrtp() {
return NSSStreamAdapter::HaveDtlsSrtp();
}
bool SSLStreamAdapter::HaveExporter() {
return NSSStreamAdapter::HaveExporter();
}
std::string SSLStreamAdapter::GetDefaultSslCipher(SSLProtocolVersion version) {
return NSSStreamAdapter::GetDefaultSslCipher(version);
}
#endif // !SSL_USE_SCHANNEL && !SSL_USE_OPENSSL && !SSL_USE_NSS
///////////////////////////////////////////////////////////////////////////////
} // namespace rtc
Reference in New Issue View Git Blame Copy Permalink