xref: /aosp_15_r20/external/webrtc/rtc_base/openssl_utility.h (revision d9f758449e529ab9291ac668be2861e7a55c2422) 
1 /*
2  *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
3  *
4  *  Use of this source code is governed by a BSD-style license
5  *  that can be found in the LICENSE file in the root of the source
6  *  tree. An additional intellectual property rights grant can be found
7  *  in the file PATENTS.  All contributing project authors may
8  *  be found in the AUTHORS file in the root of the source tree.
9  */
10 
11 #ifndef RTC_BASE_OPENSSL_UTILITY_H_
12 #define RTC_BASE_OPENSSL_UTILITY_H_
13 
14 #include <openssl/ossl_typ.h>
15 
16 #include <string>
17 
18 #include "absl/strings/string_view.h"
19 
20 namespace rtc {
21 // The openssl namespace holds static helper methods. All methods related
22 // to OpenSSL that are commonly used and don't require global state should be
23 // placed here.
24 namespace openssl {
25 
26 #ifdef OPENSSL_IS_BORINGSSL
27 // Does minimal parsing of a certificate (only verifying the presence of major
28 // fields), primarily for the purpose of extracting the relevant out
29 // parameters. Any that the caller is uninterested in can be null.
30 bool ParseCertificate(CRYPTO_BUFFER* cert_buffer,
31                       CBS* signature_algorithm_oid,
32                       int64_t* expiration_time);
33 #endif
34 
35 // Verifies that the hostname provided matches that in the peer certificate
36 // attached to this SSL state.
37 // TODO(crbug.com/webrtc/11710): When OS certificate verification is available,
38 // skip compiling this as it adds a dependency on OpenSSL X509 objects, which we
39 // are trying to avoid in favor of CRYPTO_BUFFERs (see crbug.com/webrtc/11410).
40 bool VerifyPeerCertMatchesHost(SSL* ssl, absl::string_view host);
41 
42 // Logs all the errors in the OpenSSL errror queue from the current thread. A
43 // prefix can be provided for context.
44 void LogSSLErrors(absl::string_view prefix);
45 
46 #ifndef WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
47 // Attempt to add the certificates from the loader into the SSL_CTX. False is
48 // returned only if there are no certificates returned from the loader or none
49 // of them can be added to the TrustStore for the provided context.
50 bool LoadBuiltinSSLRootCertificates(SSL_CTX* ssl_ctx);
51 #endif  // WEBRTC_EXCLUDE_BUILT_IN_SSL_ROOT_CERTS
52 
53 #ifdef OPENSSL_IS_BORINGSSL
54 CRYPTO_BUFFER_POOL* GetBufferPool();
55 #endif
56 
57 }  // namespace openssl
58 }  // namespace rtc
59 
60 #endif  // RTC_BASE_OPENSSL_UTILITY_H_
61