From 69472e711c1162d6dfa31664cb98bee3f9247d97 Mon Sep 17 00:00:00 2001 From: "pthatcher@webrtc.org" Date: Wed, 7 Jan 2015 18:01:07 +0000 Subject: [PATCH] Add a dummy implemenation of SChannelAdapter::SetMode that makes sure that StartSSL fails if the mode is set to DTLS. Also, update SslSocketFactory to fail if StartSSL fails. R=juberti@webrtc.org Review URL: https://webrtc-codereview.appspot.com/33739004 git-svn-id: http://webrtc.googlecode.com/svn/trunk@8014 4adac7df-926f-26a2-2b94-8c16560cd09d --- webrtc/base/schanneladapter.cc | 14 ++++++++++++-- webrtc/base/schanneladapter.h | 4 +++- webrtc/base/sslsocketfactory.cc | 17 ++++++++++++----- 3 files changed, 27 insertions(+), 8 deletions(-) diff --git a/webrtc/base/schanneladapter.cc b/webrtc/base/schanneladapter.cc index 9af15a728..c013b8ae3 100644 --- a/webrtc/base/schanneladapter.cc +++ b/webrtc/base/schanneladapter.cc @@ -89,7 +89,7 @@ struct SChannelAdapter::SSLImpl { }; SChannelAdapter::SChannelAdapter(AsyncSocket* socket) - : SSLAdapter(socket), state_(SSL_NONE), + : SSLAdapter(socket), state_(SSL_NONE), mode_(SSL_MODE_TLS), restartable_(false), signal_close_(false), message_pending_(false), impl_(new SSLImpl) { } @@ -98,10 +98,20 @@ SChannelAdapter::~SChannelAdapter() { Cleanup(); } +void +SChannelAdapter::SetMode(SSLMode mode) { + // SSL_MODE_DTLS isn't supported. + ASSERT(mode == SSL_MODE_TLS); + mode_ = mode; +} + int SChannelAdapter::StartSSL(const char* hostname, bool restartable) { if (state_ != SSL_NONE) - return ERROR_ALREADY_INITIALIZED; + return -1; + + if (mode_ != SSL_MODE_TLS) + return -1; ssl_host_name_ = hostname; restartable_ = restartable; diff --git a/webrtc/base/schanneladapter.h b/webrtc/base/schanneladapter.h index d174b593f..f6f73ad27 100644 --- a/webrtc/base/schanneladapter.h +++ b/webrtc/base/schanneladapter.h @@ -25,6 +25,7 @@ public: SChannelAdapter(AsyncSocket* socket); virtual ~SChannelAdapter(); + virtual void SetMode(SSLMode mode); virtual int StartSSL(const char* hostname, bool restartable); virtual int Send(const void* pv, size_t cb); virtual int Recv(void* pv, size_t cb); @@ -60,9 +61,10 @@ protected: private: SSLState state_; + SSLMode mode_; std::string ssl_host_name_; // If true, socket will retain SSL configuration after Close. - bool restartable_; + bool restartable_; // If true, we are delaying signalling close until all data is read. bool signal_close_; // If true, we are waiting to be woken up to signal readability or closure. diff --git a/webrtc/base/sslsocketfactory.cc b/webrtc/base/sslsocketfactory.cc index 0e37ab84e..84dae0e53 100644 --- a/webrtc/base/sslsocketfactory.cc +++ b/webrtc/base/sslsocketfactory.cc @@ -11,6 +11,7 @@ #include "webrtc/base/autodetectproxy.h" #include "webrtc/base/httpcommon.h" #include "webrtc/base/httpcommon-inl.h" +#include "webrtc/base/scoped_ptr.h" #include "webrtc/base/socketadapters.h" #include "webrtc/base/ssladapter.h" #include "webrtc/base/sslsocketfactory.h" @@ -153,13 +154,19 @@ AsyncSocket* SslSocketFactory::CreateProxySocket(const ProxyInfo& proxy, } if (!hostname_.empty()) { - if (SSLAdapter* ssl_adapter = SSLAdapter::Create(socket)) { - ssl_adapter->set_ignore_bad_cert(ignore_bad_cert_); - ssl_adapter->StartSSL(hostname_.c_str(), true); - socket = ssl_adapter; - } else { + rtc::scoped_ptr ssl_adapter(SSLAdapter::Create(socket)); + if (!ssl_adapter) { LOG_F(LS_ERROR) << "SSL unavailable"; + delete socket; + return NULL; } + + ssl_adapter->set_ignore_bad_cert(ignore_bad_cert_); + if (ssl_adapter->StartSSL(hostname_.c_str(), true) != 0) { + LOG_F(LS_ERROR) << "SSL failed to start."; + return NULL; + } + socket = ssl_adapter.release(); } // Regular logging occurs at the highest level