Google Git
Sign in
webrtc / src / / 786de70a59b3aaf8cb98179347e88024d7e9dcbf^! / . / webrtc / rtc_base / openssladapter.cc
commit786de70a59b3aaf8cb98179347e88024d7e9dcbf[log] [tgz]
authorSteve Anton <steveanton@webrtc.org>Thu Aug 17 22:15:46 2017
committerCommit Bot <commit-bot@chromium.org>Thu Aug 17 23:03:04 2017
treefa65b24ca4008b8776ae4204388b7be4f24ef981
parentb3329179a712212083209d5c44814d4cc6587904 [diff] [blame]
Add TLS TURN tests.

This change extends the TurnPort tests to cover connections to
TURN servers over TLS.
As part of this, the TestTurnServer is extended to support
connections from clients over TLS.

Note that this also fixes the remaining bugs in webrtc:7562

Bug: webrtc:7584
Change-Id: If89ceae49d33417625464b5892d20eee4de7c3b5
Reviewed-on: https://chromium-review.googlesource.com/611520
Commit-Queue: Steve Anton <steveanton@webrtc.org>
Reviewed-by: Peter Thatcher <pthatcher@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#19397}
diff --git a/webrtc/rtc_base/openssladapter.cc b/webrtc/rtc_base/openssladapter.cc
index 11473ac..64eb0ab 100644
--- a/webrtc/rtc_base/openssladapter.cc
+++ b/webrtc/rtc_base/openssladapter.cc

@@ -279,6 +279,7 @@
     : SSLAdapter(socket),
       factory_(factory),
       state_(SSL_NONE),
+      role_(SSL_CLIENT),
       ssl_read_needs_write_(false),
       ssl_write_needs_read_(false),
       restartable_(false),
@@ -307,6 +308,30 @@
   ssl_mode_ = mode;
 }
 
+void OpenSSLAdapter::SetIdentity(SSLIdentity* identity) {
+  RTC_DCHECK(!identity_);
+  identity_.reset(static_cast<OpenSSLIdentity*>(identity));
+}
+
+void OpenSSLAdapter::SetRole(SSLRole role) {
+  role_ = role;
+}
+
+AsyncSocket* OpenSSLAdapter::Accept(SocketAddress* paddr) {
+  RTC_DCHECK(role_ == SSL_SERVER);
+  AsyncSocket* socket = SSLAdapter::Accept(paddr);
+  if (!socket) {
+    return nullptr;
+  }
+
+  SSLAdapter* adapter = SSLAdapter::Create(socket);
+  adapter->SetIdentity(identity_->GetReference());
+  adapter->SetRole(rtc::SSL_SERVER);
+  adapter->set_ignore_bad_cert(ignore_bad_cert());
+  adapter->StartSSL("", false);
+  return adapter;
+}
+
 int OpenSSLAdapter::StartSSL(const char* hostname, bool restartable) {
   if (state_ != SSL_NONE)
     return -1;
@@ -347,6 +372,12 @@
     goto ssl_error;
   }
 
+  if (identity_ && !identity_->ConfigureIdentity(ssl_ctx_)) {
+    SSL_CTX_free(ssl_ctx_);
+    err = -1;
+    goto ssl_error;
+  }
+
   bio = BIO_new_socket(socket_);
   if (!bio) {
     err = -1;
@@ -423,7 +454,7 @@
   // Clear the DTLS timer
   Thread::Current()->Clear(this, MSG_TIMEOUT);
 
-  int code = SSL_connect(ssl_);
+  int code = (role_ == SSL_CLIENT) ? SSL_connect(ssl_) : SSL_accept(ssl_);
   switch (SSL_get_error(ssl_, code)) {
   case SSL_ERROR_NONE:
     if (!SSLPostConnectionCheck(ssl_, ssl_host_name_.c_str())) {
@@ -496,6 +527,7 @@
     SSL_CTX_free(ssl_ctx_);
     ssl_ctx_ = nullptr;
   }
+  identity_.reset();
 
   // Clear the DTLS timer
   Thread::Current()->Clear(this, MSG_TIMEOUT);