quic/core/crypto/tls_client_connection.cc - quiche - Git at Google

 // Copyright (c) 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "quic/core/crypto/tls_client_connection.h"

 namespace quic {

 TlsClientConnection::TlsClientConnection(SSL_CTX* ssl_ctx,
                                          Delegate* delegate,
                                          QuicSSLConfig ssl_config)
     : TlsConnection(ssl_ctx,
                     delegate->ConnectionDelegate(),
                     std::move(ssl_config)),
       delegate_(delegate) {}

 // static
 bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx(
     bool enable_early_data) {
   bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx();
   // Configure certificate verification.
   SSL_CTX_set_custom_verify(ssl_ctx.get(), SSL_VERIFY_PEER, &VerifyCallback);
   int reverify_on_resume_enabled = 1;
   SSL_CTX_set_reverify_on_resume(ssl_ctx.get(), reverify_on_resume_enabled);

   // Configure session caching.
   SSL_CTX_set_session_cache_mode(
       ssl_ctx.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
   SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);

   // TODO(wub): Always enable early data on the SSL_CTX, but allow it to be
   // overridden on the SSL object, via QuicSSLConfig.
   SSL_CTX_set_early_data_enabled(ssl_ctx.get(), enable_early_data);
   return ssl_ctx;
 }

 void TlsClientConnection::SetCertChain(
     const std::vector<CRYPTO_BUFFER*>& cert_chain, EVP_PKEY* privkey) {
   SSL_set_chain_and_key(ssl(), cert_chain.data(), cert_chain.size(), privkey,
                         /*privkey_method=*/nullptr);
 }

 // static
 int TlsClientConnection::NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
   static_cast<TlsClientConnection*>(ConnectionFromSsl(ssl))
       ->delegate_->InsertSession(bssl::UniquePtr<SSL_SESSION>(session));
   return 1;
 }

 }  // namespace quic
	// Copyright (c) 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "quic/core/crypto/tls_client_connection.h"

	namespace quic {

	TlsClientConnection::TlsClientConnection(SSL_CTX* ssl_ctx,
	Delegate* delegate,
	QuicSSLConfig ssl_config)
	: TlsConnection(ssl_ctx,
	delegate->ConnectionDelegate(),
	std::move(ssl_config)),
	delegate_(delegate) {}

	// static
	bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx(
	bool enable_early_data) {
	bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx();
	// Configure certificate verification.
	SSL_CTX_set_custom_verify(ssl_ctx.get(), SSL_VERIFY_PEER, &VerifyCallback);
	int reverify_on_resume_enabled = 1;
	SSL_CTX_set_reverify_on_resume(ssl_ctx.get(), reverify_on_resume_enabled);

	// Configure session caching.
	SSL_CTX_set_session_cache_mode(
	ssl_ctx.get(), SSL_SESS_CACHE_CLIENT \| SSL_SESS_CACHE_NO_INTERNAL);
	SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);

	// TODO(wub): Always enable early data on the SSL_CTX, but allow it to be
	// overridden on the SSL object, via QuicSSLConfig.
	SSL_CTX_set_early_data_enabled(ssl_ctx.get(), enable_early_data);
	return ssl_ctx;
	}

	void TlsClientConnection::SetCertChain(
	const std::vector<CRYPTO_BUFFER>& cert_chain, EVP_PKEY privkey) {
	SSL_set_chain_and_key(ssl(), cert_chain.data(), cert_chain.size(), privkey,
	/privkey_method=/nullptr);
	}

	// static
	int TlsClientConnection::NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
	static_cast<TlsClientConnection*>(ConnectionFromSsl(ssl))
	->delegate_->InsertSession(bssl::UniquePtr<SSL_SESSION>(session));
	return 1;
	}

	} // namespace quic