blob: f28af660e904027a209dbc1041d2c0b12304d301 [file] [log] [blame]
// Copyright (c) 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h"
namespace quic {
TlsClientConnection::TlsClientConnection(SSL_CTX* ssl_ctx, Delegate* delegate)
: TlsConnection(ssl_ctx, delegate->ConnectionDelegate()),
delegate_(delegate) {}
// static
bssl::UniquePtr<SSL_CTX> TlsClientConnection::CreateSslCtx() {
bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx();
// Configure certificate verification.
// TODO(nharper): This only verifies certs on initial connection, not on
// resumption. Chromium has this callback be a no-op and verifies the
// certificate after the connection is complete. We need to re-verify on
// resumption in case of expiration or revocation/distrust.
SSL_CTX_set_custom_verify(ssl_ctx.get(), SSL_VERIFY_PEER, &VerifyCallback);
return ssl_ctx;
// static
enum ssl_verify_result_t TlsClientConnection::VerifyCallback(
SSL* ssl,
uint8_t* out_alert) {
return static_cast<TlsClientConnection*>(ConnectionFromSsl(ssl))
} // namespace quic