15821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Copyright (c) 2012 The Chromium Authors. All rights reserved. 25821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 35821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// found in the LICENSE file. 45821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 55821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#ifndef NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 65821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#define NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 75821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 85821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include <string> 95821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/compiler_specific.h" 115821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "base/memory/scoped_ptr.h" 12a93a17c8d99d686bd4a1511e5504e5e6cc9fcadfTorne (Richard Coles)#include "base/memory/weak_ptr.h" 135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/completion_callback.h" 145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/base/io_buffer.h" 15c2e0dbddbe15c98d52c4786dac06cb8952a8ae6dTorne (Richard Coles)#include "net/cert/cert_verify_result.h" 161320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci#include "net/cert/ct_verify_result.h" 175821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#include "net/socket/client_socket_handle.h" 182a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/socket/ssl_client_socket.h" 195f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles)#include "net/ssl/channel_id_service.h" 20cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles)#include "net/ssl/ssl_client_cert_type.h" 212a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)#include "net/ssl/ssl_config_service.h" 225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 232a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// Avoid including misc OpenSSL headers, i.e.: 242a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// <openssl/bio.h> 255821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct bio_st BIO; 262a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// <openssl/evp.h> 275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct evp_pkey_st EVP_PKEY; 282a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// <openssl/ssl.h> 295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct ssl_st SSL; 302a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles)// <openssl/x509.h> 315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)typedef struct x509_st X509; 32a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// <openssl/ossl_type.h> 33a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)typedef struct x509_store_ctx_st X509_STORE_CTX; 345821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)namespace net { 365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class CertVerifier; 381320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucciclass CTVerifier; 395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class SingleRequestCertVerifier; 405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class SSLCertRequestInfo; 415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class SSLInfo; 425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 435821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)// An SSL client socket implemented with OpenSSL. 445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)class SSLClientSocketOpenSSL : public SSLClientSocket { 455821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) public: 465821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Takes ownership of the transport_socket, which may already be connected. 475821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // The given hostname will be compared with the name(s) in the server's 485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // certificate during the SSL handshake. ssl_config specifies the SSL 495821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // settings. 503551c9c881056c480085172ff9840cab31610854Torne (Richard Coles) SSLClientSocketOpenSSL(scoped_ptr<ClientSocketHandle> transport_socket, 515821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const HostPortPair& host_and_port, 525821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSLConfig& ssl_config, 535821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const SSLClientSocketContext& context); 545821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual ~SSLClientSocketOpenSSL(); 555821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 565821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const HostPortPair& host_and_port() const { return host_and_port_; } 575821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string& ssl_session_cache_shard() const { 585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) return ssl_session_cache_shard_; 595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) } 605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // SSLClientSocket implementation. 6203b57e008b61dfcb1fbad3aea950ae0e001748b0Torne (Richard Coles) virtual std::string GetSessionCacheKey() const OVERRIDE; 635f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual bool InSessionCache() const OVERRIDE; 645f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual void SetHandshakeCompletionCallback( 655f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) const base::Closure& callback) OVERRIDE; 665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void GetSSLCertRequestInfo( 675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLCertRequestInfo* cert_request_info) OVERRIDE; 685f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual NextProtoStatus GetNextProto(std::string* proto) OVERRIDE; 695f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) virtual ChannelIDService* GetChannelIDService() const OVERRIDE; 705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // SSLSocket implementation. 725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int ExportKeyingMaterial(const base::StringPiece& label, 735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool has_context, 745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const base::StringPiece& context, 755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned char* out, 765821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) unsigned int outlen) OVERRIDE; 775821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int GetTLSUniqueChannelBinding(std::string* out) OVERRIDE; 785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // StreamSocket implementation. 805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int Connect(const CompletionCallback& callback) OVERRIDE; 815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void Disconnect() OVERRIDE; 825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool IsConnected() const OVERRIDE; 835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool IsConnectedAndIdle() const OVERRIDE; 845821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int GetPeerAddress(IPEndPoint* address) const OVERRIDE; 855821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int GetLocalAddress(IPEndPoint* address) const OVERRIDE; 865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual const BoundNetLog& NetLog() const OVERRIDE; 875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void SetSubresourceSpeculation() OVERRIDE; 885821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual void SetOmniboxSpeculation() OVERRIDE; 895821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool WasEverUsed() const OVERRIDE; 905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool UsingTCPFastOpen() const OVERRIDE; 915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual bool GetSSLInfo(SSLInfo* ssl_info) OVERRIDE; 925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Socket implementation. 945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int Read(IOBuffer* buf, int buf_len, 955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const CompletionCallback& callback) OVERRIDE; 965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) virtual int Write(IOBuffer* buf, int buf_len, 975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const CompletionCallback& callback) OVERRIDE; 98c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch virtual int SetReceiveBufferSize(int32 size) OVERRIDE; 99c5cede9ae108bb15f6b7a8aea21c7e1fefa2834cBen Murdoch virtual int SetSendBufferSize(int32 size) OVERRIDE; 1005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 101a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) protected: 102a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // SSLClientSocket implementation. 103a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual scoped_refptr<X509Certificate> GetUnverifiedServerCertificateChain() 104a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const OVERRIDE; 105a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 1065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) private: 107a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) class PeerCertificateChain; 108f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) class SSLContext; 109f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) friend class SSLClientSocket; 110f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) friend class SSLContext; 111f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 112cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) int Init(); 1135821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void DoReadCallback(int result); 1145821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void DoWriteCallback(int result); 1155821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1165f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void OnHandshakeCompletion(); 1175f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1185821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool DoTransportIO(); 1195821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoHandshake(); 120116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch int DoChannelIDLookup(); 121116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch int DoChannelIDLookupComplete(int result); 1225821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoVerifyCert(int result); 1235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoVerifyCertComplete(int result); 1245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void DoConnectCallback(int result); 1251320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci void UpdateServerCert(); 1261320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci void VerifyCT(); 1275821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1285821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void OnHandshakeIOComplete(int result); 1295821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void OnSendComplete(int result); 1305821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void OnRecvComplete(int result); 1315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoHandshakeLoop(int last_io_result); 133ab8f6f0bd665d3c1ff476eb06c58c42630e462d4Ben Murdoch int DoReadLoop(); 134ab8f6f0bd665d3c1ff476eb06c58c42630e462d4Ben Murdoch int DoWriteLoop(); 1355821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoPayloadRead(); 1365821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int DoPayloadWrite(); 1375821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1385821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int BufferSend(); 1395821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int BufferRecv(); 1405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void BufferSendComplete(int result); 1415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void BufferRecvComplete(int result); 1425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) void TransportWriteComplete(int result); 1435d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) int TransportReadComplete(int result); 1445821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 145f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Callback from the SSL layer that indicates the remote server is requesting 146f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // a certificate for this client. 1476e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) int ClientCertRequestCallback(SSL* ssl); 148f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 149a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // CertVerifyCallback is called to verify the server's certificates. We do 150a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // verification after the handshake so this function only enforces that the 151a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // certificates don't change during renegotiation. 152a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) int CertVerifyCallback(X509_STORE_CTX *store_ctx); 153a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 154f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) // Callback from the SSL layer to check which NPN protocol we are supporting 155f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) int SelectNextProtoCallback(unsigned char** out, unsigned char* outlen, 156f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) const unsigned char* in, unsigned int inlen); 157f2477e01787aa58f445919b809d89e252beef54fTorne (Richard Coles) 158116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Called during an operation on |transport_bio_|'s peer. Checks saved 159116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // transport error state and, if appropriate, returns an error through 160116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // OpenSSL's error system. 161116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch long MaybeReplayTransportError(BIO *bio, 162116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch int cmd, 163116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const char *argp, int argi, long argl, 164116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch long retvalue); 165116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 166116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Callback from the SSL layer when an operation is performed on 167116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // |transport_bio_|'s peer. 168116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch static long BIOCallback(BIO *bio, 169116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch int cmd, 170116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch const char *argp, int argi, long argl, 171116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch long retvalue); 172116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 1736e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) // Callback that is used to obtain information about the state of the SSL 1746e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) // handshake. 1756e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) static void InfoCallback(const SSL* ssl, int type, int val); 1766e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 1775f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) void CheckIfHandshakeFinished(); 1785f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 1791320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Adds the SignedCertificateTimestamps from ct_verify_result_ to |ssl_info|. 1801320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // SCTs are held in three separate vectors in ct_verify_result, each 1811320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // vetor representing a particular verification state, this method associates 1821320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // each of the SCTs with the corresponding SCTVerifyStatus as it adds it to 1831320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // the |ssl_info|.signed_certificate_timestamps list. 1841320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci void AddSCTInfoToSSLInfo(SSLInfo* ssl_info) const; 1851320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 1865821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool transport_send_busy_; 1875821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool transport_recv_busy_; 1882a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 1892a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) scoped_refptr<DrainableIOBuffer> send_buffer_; 1905821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<IOBuffer> recv_buffer_; 1915821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1925821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CompletionCallback user_connect_callback_; 1935821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CompletionCallback user_read_callback_; 1945821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CompletionCallback user_write_callback_; 1955821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 1965821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Used by Read function. 1975821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<IOBuffer> user_read_buf_; 1985821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int user_read_buf_len_; 1995821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2005821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Used by Write function. 2015821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<IOBuffer> user_write_buf_; 2025821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) int user_write_buf_len_; 2035821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2042a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // Used by DoPayloadRead() when attempting to fill the caller's buffer with 2052a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // as much data as possible without blocking. 2062a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // If DoPayloadRead() encounters an error after having read some data, stores 2072a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // the result to return on the *next* call to DoPayloadRead(). A value > 0 2082a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // indicates there is no pending result, otherwise 0 indicates EOF and < 0 2092a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // indicates an error. 2102a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) int pending_read_error_; 2112a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) 212116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // Used by TransportReadComplete() to signify an error reading from the 213116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // transport socket. A value of OK indicates the socket is still 214116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch // readable. EOFs are mapped to ERR_CONNECTION_CLOSED. 215116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch int transport_read_error_; 216116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch 2175d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // Used by TransportWriteComplete() and TransportReadComplete() to signify an 2185d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) // error writing to the transport socket. A value of OK indicates no error. 2195d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) int transport_write_error_; 2205d1f7b1de12d16ceb2c938c56701a3e8bfa558f7Torne (Richard Coles) 2216e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) // Set when Connect finishes. 222a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) scoped_ptr<PeerCertificateChain> server_cert_chain_; 2235821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_refptr<X509Certificate> server_cert_; 2245821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CertVerifyResult server_cert_verify_result_; 2256e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) bool completed_connect_; 2265821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 227effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // Set when Read() or Write() successfully reads or writes data to or from the 228effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch // network. 229effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch bool was_ever_used_; 230effb81e5f8246d0db0270817048dc992db66e9fbBen Murdoch 2315821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Stores client authentication information between ClientAuthHandler and 2325821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // GetSSLCertRequestInfo calls. 2335821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool client_auth_cert_needed_; 2342a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // List of DER-encoded X.509 DistinguishedName of certificate authorities 2352a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) // allowed by the server. 2362a99a7e74a7f215066514fe81d2bfa6639d9edddTorne (Richard Coles) std::vector<std::string> cert_authorities_; 237cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // List of SSLClientCertType values for client certificates allowed by the 238cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) // server. 239cedac228d2dd51db4b79ea1e72c7f249408ee061Torne (Richard Coles) std::vector<SSLClientCertType> cert_key_types_; 2405821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2415821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) CertVerifier* const cert_verifier_; 2425821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<SingleRequestCertVerifier> verifier_; 2431320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci base::TimeTicks start_cert_verification_time_; 2441320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci 2451320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci // Certificate Transparency: Verifier and result holder. 2461320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci ct::CTVerifyResult ct_verify_result_; 2471320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci CTVerifier* cert_transparency_verifier_; 2485821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2491e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) // The service for retrieving Channel ID keys. May be NULL. 2505f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ChannelIDService* channel_id_service_; 2515f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) 2525f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Callback that is invoked when the connection finishes. 2535f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // 2545f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Note: this callback will be run in Disconnect(). It will not alter 2555f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // any member variables of the SSLClientSocketOpenSSL. 2565f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) base::Closure handshake_completion_callback_; 2571e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) 2585821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // OpenSSL stuff 2595821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSL* ssl_; 2605821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) BIO* transport_bio_; 2615821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2625821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) scoped_ptr<ClientSocketHandle> transport_; 2635821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const HostPortPair host_and_port_; 2645821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) SSLConfig ssl_config_; 2655821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // ssl_session_cache_shard_ is an opaque string that partitions the SSL 2665821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // session cache. i.e. sessions created with one value will not attempt to 2675821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // resume on the socket with a different value. 2685821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) const std::string ssl_session_cache_shard_; 2695821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2705821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) // Used for session cache diagnostics. 2715821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) bool trying_cached_session_; 2725821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 2735821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) enum State { 2745821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_NONE, 2755821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_HANDSHAKE, 276116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch STATE_CHANNEL_ID_LOOKUP, 277116680a4aac90f2aa7413d9095a592090648e557Ben Murdoch STATE_CHANNEL_ID_LOOKUP_COMPLETE, 2785821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_VERIFY_CERT, 2795821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) STATE_VERIFY_CERT_COMPLETE, 2805821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) }; 2815821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) State next_handshake_state_; 2825821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) NextProtoStatus npn_status_; 2835821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) std::string npn_proto_; 2845f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // Written by the |channel_id_service_|. 2851e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) std::string channel_id_private_key_; 2861e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) std::string channel_id_cert_; 2871e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) // True if channel ID extension was negotiated. 2881e9bf3e0803691d0a228da41fc608347b6db4340Torne (Richard Coles) bool channel_id_xtn_negotiated_; 2895f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // True if InfoCallback has been run with result = SSL_CB_HANDSHAKE_DONE. 2906e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) bool handshake_succeeded_; 2915f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // True if MarkSSLSessionAsGood has been called for this socket's 2926e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) // SSL session. 2935f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) bool marked_session_as_good_; 2945f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) // The request handle for |channel_id_service_|. 2955f1c94371a64b3196d4be9466099bb892df9b88eTorne (Richard Coles) ChannelIDService::RequestHandle channel_id_request_handle_; 2966e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 2976e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) TransportSecurityState* transport_security_state_; 2986e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 2996e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) // pinning_failure_log contains a message produced by 3006e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) // TransportSecurityState::CheckPublicKeyPins in the event of a 3016e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) // pinning failure. It is a (somewhat) human-readable string. 3026e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) std::string pinning_failure_log_; 3036e8cce623b6e4fe0c9e4af605d675dd9d0338c38Torne (Richard Coles) 3045821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) BoundNetLog net_log_; 3051320f92c476a1ad9d19dba2a48c72b75566198e9Primiano Tucci base::WeakPtrFactory<SSLClientSocketOpenSSL> weak_factory_; 3065821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)}; 3075821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3085821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)} // namespace net 3095821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles) 3105821806d5e7f356e8fa4b058a389a808ea183019Torne (Richard Coles)#endif // NET_SOCKET_SSL_CLIENT_SOCKET_OPENSSL_H_ 311