blob: 8e31bba71a5519db80cbdc6e3c829cc0d2fe0cd4 [file] [log] [blame]
// Copyright (c) 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "quic/core/crypto/tls_client_connection.h"
namespace quic {
TlsClientConnection::TlsClientConnection(SSL_CTX* ssl_ctx,
Delegate* delegate,
QuicSSLConfig ssl_config)
: TlsConnection(ssl_ctx,
delegate->ConnectionDelegate(),
std::move(ssl_config)),
delegate_(delegate) {}
// static
bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx(
bool enable_early_data) {
bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx();
// Configure certificate verification.
SSL_CTX_set_custom_verify(ssl_ctx.get(), SSL_VERIFY_PEER, &VerifyCallback);
int reverify_on_resume_enabled = 1;
SSL_CTX_set_reverify_on_resume(ssl_ctx.get(), reverify_on_resume_enabled);
// Configure session caching.
SSL_CTX_set_session_cache_mode(
ssl_ctx.get(), SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL);
SSL_CTX_sess_set_new_cb(ssl_ctx.get(), NewSessionCallback);
// TODO(wub): Always enable early data on the SSL_CTX, but allow it to be
// overridden on the SSL object, via QuicSSLConfig.
SSL_CTX_set_early_data_enabled(ssl_ctx.get(), enable_early_data);
return ssl_ctx;
}
void TlsClientConnection::SetCertChain(
const std::vector<CRYPTO_BUFFER*>& cert_chain, EVP_PKEY* privkey) {
SSL_set_chain_and_key(ssl(), cert_chain.data(), cert_chain.size(), privkey,
/*privkey_method=*/nullptr);
}
// static
int TlsClientConnection::NewSessionCallback(SSL* ssl, SSL_SESSION* session) {
static_cast<TlsClientConnection*>(ConnectionFromSsl(ssl))
->delegate_->InsertSession(bssl::UniquePtr<SSL_SESSION>(session));
return 1;
}
} // namespace quic