zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
38f8893235f3b80ae9ca89db66d62ca819b51c01
platform-external-webrtc/webrtc/base/sslstreamadapterhelper.h
Joachim Bauch 831c5585c7 Allow setting maximum protocol version for SSL stream adapters. 
This CL adds an API to SSL stream adapters to set the maximum allowed
protocol version and with that implements support for DTLS 1.2.
With DTLS 1.2 the default cipher changes in the unittests as follows.

BoringSSL
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA -> TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

NSS
TLS_RSA_WITH_AES_128_CBC_SHA -> TLS_RSA_WITH_AES_128_GCM_SHA256

BUG=chromium:428343
R=juberti@google.com

Review URL: https://webrtc-codereview.appspot.com/50989004

Cr-Commit-Position: refs/heads/master@{#9232}
2015-05-20 10:48:24 +00:00

118 lines
4.1 KiB
C++
Raw Blame History

/*
* Copyright 2004 The WebRTC Project Authors. All rights reserved.
*
* Use of this source code is governed by a BSD-style license
* that can be found in the LICENSE file in the root of the source
* tree. An additional intellectual property rights grant can be found
* in the file PATENTS. All contributing project authors may
* be found in the AUTHORS file in the root of the source tree.
*/
#ifndef WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
#define WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
#include <string>
#include <vector>
#include "webrtc/base/buffer.h"
#include "webrtc/base/stream.h"
#include "webrtc/base/sslidentity.h"
#include "webrtc/base/sslstreamadapter.h"
namespace rtc {
// SSLStreamAdapterHelper : A stream adapter which implements much
// of the logic that is common between the known implementations
// (NSS and OpenSSL)
class SSLStreamAdapterHelper : public SSLStreamAdapter {
public:
explicit SSLStreamAdapterHelper(StreamInterface* stream);
~SSLStreamAdapterHelper() override;
// Overrides of SSLStreamAdapter
void SetIdentity(SSLIdentity* identity) override;
void SetServerRole(SSLRole role = SSL_SERVER) override;
void SetMode(SSLMode mode) override;
void SetMaxProtocolVersion(SSLProtocolVersion version) override;
int StartSSLWithServer(const char* server_name) override;
int StartSSLWithPeer() override;
bool SetPeerCertificateDigest(const std::string& digest_alg,
const unsigned char* digest_val,
size_t digest_len) override;
bool GetPeerCertificate(SSLCertificate** cert) const override;
StreamState GetState() const override;
void Close() override;
protected:
// Internal helper methods
// The following method returns 0 on success and a negative
// error code on failure. The error code may be either -1 or
// from the impl on some other error cases, so it can't really be
// interpreted unfortunately.
// Perform SSL negotiation steps.
int ContinueSSL();
// Error handler helper. signal is given as true for errors in
// asynchronous contexts (when an error code was not returned
// through some other method), and in that case an SE_CLOSE event is
// raised on the stream with the specified error.
// A 0 error means a graceful close, otherwise there is not really enough
// context to interpret the error code.
virtual void Error(const char* context, int err, bool signal);
// Must be implemented by descendents
virtual int BeginSSL() = 0;
virtual void Cleanup() = 0;
virtual bool GetDigestLength(const std::string& algorithm,
size_t* length) = 0;
enum SSLState {
// Before calling one of the StartSSL methods, data flows
// in clear text.
SSL_NONE,
SSL_WAIT, // waiting for the stream to open to start SSL negotiation
SSL_CONNECTING, // SSL negotiation in progress
SSL_CONNECTED, // SSL stream successfully established
SSL_ERROR, // some SSL error occurred, stream is closed
SSL_CLOSED // Clean close
};
// MSG_MAX is the maximum generic stream message number.
enum { MSG_DTLS_TIMEOUT = MSG_MAX + 1 };
SSLState state_;
SSLRole role_;
int ssl_error_code_; // valid when state_ == SSL_ERROR
// Our key and certificate, mostly useful in peer-to-peer mode.
scoped_ptr<SSLIdentity> identity_;
// in traditional mode, the server name that the server's certificate
// must specify. Empty in peer-to-peer mode.
std::string ssl_server_name_;
// The peer's certificate. Only used for GetPeerCertificate.
scoped_ptr<SSLCertificate> peer_certificate_;
// The digest of the certificate that the peer must present.
Buffer peer_certificate_digest_value_;
std::string peer_certificate_digest_algorithm_;
// Do DTLS or not
SSLMode ssl_mode_;
// Maximum allowed protocol version.
SSLProtocolVersion ssl_max_version_;
private:
// Go from state SSL_NONE to either SSL_CONNECTING or SSL_WAIT,
// depending on whether the underlying stream is already open or
// not. Returns 0 on success and a negative value on error.
int StartSSL();
};
} // namespace rtc
#endif // WEBRTC_BASE_SSLSTREAMADAPTERHELPER_H_
Reference in New Issue View Git Blame Copy Permalink