1// Copyright (c) 2017, the Dart project authors. Please see the AUTHORS file
2// for details. All rights reserved. Use of this source code is governed by a
3// BSD-style license that can be found in the LICENSE file.
4
5#if !defined(DART_IO_SECURE_SOCKET_DISABLED)
6
7#include "platform/globals.h"
8#if defined(HOST_OS_FUCHSIA)
9
10#include "bin/security_context.h"
11
12#include <openssl/bio.h>
13#include <openssl/ssl.h>
14#include <openssl/x509.h>
15
16#include "bin/directory.h"
17#include "bin/file.h"
18#include "bin/secure_socket_filter.h"
19#include "bin/secure_socket_utils.h"
20#include "platform/syslog.h"
21
22namespace dart {
23namespace bin {
24
25// The security context won't necessarily use the compiled-in root certificates,
26// but since there is no way to update the size of the allocation after creating
27// the weak persistent handle, we assume that it will. Note that when the
28// root certs aren't compiled in, |root_certificates_pem_length| is 0.
29const intptr_t SSLCertContext::kApproximateSize =
30 sizeof(SSLCertContext) + root_certificates_pem_length;
31
32void SSLCertContext::TrustBuiltinRoots() {
33 // First, try to use locations specified on the command line.
34 if (root_certs_file() != NULL) {
35 LoadRootCertFile(root_certs_file());
36 return;
37 }
38 if (root_certs_cache() != NULL) {
39 LoadRootCertCache(root_certs_cache());
40 return;
41 }
42
43 int status = SSL_CTX_set_default_verify_paths(context());
44 SecureSocketUtils::CheckStatus(status, "TlsException",
45 "Failure trusting builtin roots");
46}
47
48void SSLCertContext::RegisterCallbacks(SSL* ssl) {
49 // No callbacks to register for implementations using BoringSSL's built-in
50 // verification mechanism.
51}
52
53} // namespace bin
54} // namespace dart
55
56#endif // defined(HOST_OS_FUCHSIA)
57
58#endif // !defined(DART_IO_SECURE_SOCKET_DISABLED)
59