OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 2083 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2094 // static | 2094 // static |
2095 // NSS calls this if an incoming certificate needs to be verified. | 2095 // NSS calls this if an incoming certificate needs to be verified. |
2096 // Do nothing but return SECSuccess. | 2096 // Do nothing but return SECSuccess. |
2097 // This is called only in full handshake mode. | 2097 // This is called only in full handshake mode. |
2098 // Peer certificate is retrieved in HandshakeCallback() later, which is called | 2098 // Peer certificate is retrieved in HandshakeCallback() later, which is called |
2099 // in full handshake mode or in resumption handshake mode. | 2099 // in full handshake mode or in resumption handshake mode. |
2100 SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, | 2100 SECStatus SSLClientSocketNSS::OwnAuthCertHandler(void* arg, |
2101 PRFileDesc* socket, | 2101 PRFileDesc* socket, |
2102 PRBool checksig, | 2102 PRBool checksig, |
2103 PRBool is_server) { | 2103 PRBool is_server) { |
| 2104 #ifdef SSL_ENABLE_FALSE_START |
| 2105 PRBool npn; |
| 2106 SECStatus rv = |
| 2107 SSL_HandshakeNegotiatedExtension(socket, ssl_next_proto_nego_xtn, &npn); |
| 2108 if (rv != SECSuccess || !npn) { |
| 2109 // If the server doesn't support NPN, then we don't do False Start with it. |
| 2110 SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE); |
| 2111 } |
| 2112 #endif |
| 2113 |
2104 // Tell NSS to not verify the certificate. | 2114 // Tell NSS to not verify the certificate. |
2105 return SECSuccess; | 2115 return SECSuccess; |
2106 } | 2116 } |
2107 | 2117 |
2108 // static | 2118 // static |
2109 bool SSLClientSocketNSS::DomainBoundCertNegotiated(PRFileDesc* socket) { | 2119 bool SSLClientSocketNSS::DomainBoundCertNegotiated(PRFileDesc* socket) { |
2110 PRBool xtn_negotiated = PR_FALSE; | 2120 PRBool xtn_negotiated = PR_FALSE; |
2111 SECStatus rv = SSL_HandshakeNegotiatedExtension( | 2121 SECStatus rv = SSL_HandshakeNegotiatedExtension( |
2112 socket, ssl_ob_cert_xtn, &xtn_negotiated); | 2122 socket, ssl_ob_cert_xtn, &xtn_negotiated); |
2113 DCHECK_EQ(SECSuccess, rv); | 2123 DCHECK_EQ(SECSuccess, rv); |
(...skipping 528 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2642 EnsureThreadIdAssigned(); | 2652 EnsureThreadIdAssigned(); |
2643 base::AutoLock auto_lock(lock_); | 2653 base::AutoLock auto_lock(lock_); |
2644 return valid_thread_id_ == base::PlatformThread::CurrentId(); | 2654 return valid_thread_id_ == base::PlatformThread::CurrentId(); |
2645 } | 2655 } |
2646 | 2656 |
2647 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 2657 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
2648 return server_bound_cert_service_; | 2658 return server_bound_cert_service_; |
2649 } | 2659 } |
2650 | 2660 |
2651 } // namespace net | 2661 } // namespace net |
OLD | NEW |