Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1201)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 10136001: net: only False Start with forward secret servers. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/third_party/nss/patches/applypatches.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 2083 matching lines...) Expand 10 before | Expand all | Expand 10 after
2094 // static 2094 // static
2095 // NSS calls this if an incoming certificate needs to be verified. 2095 // NSS calls this if an incoming certificate needs to be verified.
2096 // Do nothing but return SECSuccess. 2096 // Do nothing but return SECSuccess.
2097 // This is called only in full handshake mode. 2097 // This is called only in full handshake mode.
2098 // Peer certificate is retrieved in HandshakeCallback() later, which is called 2098 // Peer certificate is retrieved in HandshakeCallback() later, which is called
2099 // in full handshake mode or in resumption handshake mode. 2099 // in full handshake mode or in resumption handshake mode.
2100 SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, 2100 SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg,
2101 PRFileDesc* socket, 2101 PRFileDesc* socket,
2102 PRBool checksig, 2102 PRBool checksig,
2103 PRBool is_server) { 2103 PRBool is_server) {
2104 #ifdef SSL_ENABLE_FALSE_START
2105 PRBool npn;
2106 SECStatus rv =
2107 SSL_HandshakeNegotiatedExtension(socket, ssl_next_proto_nego_xtn, &npn);
2108 if (rv != SECSuccess || !npn) {
2109 // If the server doesn't support NPN, then we don't do False Start with it.
2110 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE);
2111 }
2112 #endif
2113
2104 // Tell NSS to not verify the certificate. 2114 // Tell NSS to not verify the certificate.
2105 return SECSuccess; 2115 return SECSuccess;
2106 } 2116 }
2107 2117
2108 // static 2118 // static
2109 bool SSLClientSocketNSS::DomainBoundCertNegotiated(PRFileDesc* socket) { 2119 bool SSLClientSocketNSS::DomainBoundCertNegotiated(PRFileDesc* socket) {
2110 PRBool xtn_negotiated = PR_FALSE; 2120 PRBool xtn_negotiated = PR_FALSE;
2111 SECStatus rv = SSL_HandshakeNegotiatedExtension( 2121 SECStatus rv = SSL_HandshakeNegotiatedExtension(
2112 socket, ssl_ob_cert_xtn, &xtn_negotiated); 2122 socket, ssl_ob_cert_xtn, &xtn_negotiated);
2113 DCHECK_EQ(SECSuccess, rv); 2123 DCHECK_EQ(SECSuccess, rv);
(...skipping 528 matching lines...) Expand 10 before | Expand all | Expand 10 after
2642 EnsureThreadIdAssigned(); 2652 EnsureThreadIdAssigned();
2643 base::AutoLock auto_lock(lock_); 2653 base::AutoLock auto_lock(lock_);
2644 return valid_thread_id_ == base::PlatformThread::CurrentId(); 2654 return valid_thread_id_ == base::PlatformThread::CurrentId();
2645 } 2655 }
2646 2656
2647 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { 2657 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const {
2648 return server_bound_cert_service_; 2658 return server_bound_cert_service_;
2649 } 2659 }
2650 2660
2651 } // namespace net 2661 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/third_party/nss/patches/applypatches.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698