Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1134)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: base/nss_init.cc

Issue 12930: Third time's a charm?... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: '' Created 12 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/ssl_uitest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: base/nss_init.cc
===================================================================
--- base/nss_init.cc (revision 6493)
+++ base/nss_init.cc (working copy)
@@ -9,31 +9,76 @@
// Work around https://bugzilla.mozilla.org/show_bug.cgi?id=455424
// until NSS 3.12.2 comes out and we update to it.
#define Lock FOO_NSS_Lock
+#include <secmod.h>
#include <ssl.h>
#undef Lock
+#include "base/file_util.h"
#include "base/logging.h"
#include "base/singleton.h"
namespace {
+// Load nss's built-in root certs.
+SECMODModule *InitDefaultRootCerts() {
+ const char* kModulePath = "libnssckbi.so";
+ char modparams[1024];
+ snprintf(modparams, sizeof(modparams),
+ "name=\"Root Certs\" library=\"%s\"", kModulePath);
+ SECMODModule *root = SECMOD_LoadUserModule(modparams, NULL, PR_FALSE);
+ if (root)
+ return root;
+
+ // Aw, snap. Can't find/load root cert shared library.
+ // This will make it hard to talk to anybody via https.
+ NOTREACHED();
+ return NULL;
+}
+
class NSSInitSingleton {
public:
NSSInitSingleton() {
+
+ // Initialize without using a persistant database (e.g. ~/.netscape)
CHECK(NSS_NoDB_Init(".") == SECSuccess);
- // Enable ciphers
+
+ root_ = InitDefaultRootCerts();
+
NSS_SetDomesticPolicy();
+
+ // Explicitly enable exactly those ciphers with keys of at least 80 bits
+ for (int i = 0; i < SSL_NumImplementedCiphers; i++) {
+ SSLCipherSuiteInfo info;
+ if (SSL_GetCipherSuiteInfo(SSL_ImplementedCiphers[i], &info,
+ sizeof(info)) == SECSuccess) {
+ SSL_CipherPrefSetDefault(SSL_ImplementedCiphers[i],
+ (info.effectiveKeyBits >= 80));
+ }
+ }
+
// Enable SSL
SSL_OptionSetDefault(SSL_SECURITY, PR_TRUE);
+
+ // All other SSL options are set per-session by SSLClientSocket
}
~NSSInitSingleton() {
+ if (root_) {
+ SECMOD_UnloadUserModule(root_);
+ SECMOD_DestroyModule(root_);
+ root_ = NULL;
+ }
+
// Have to clear the cache, or NSS_Shutdown fails with SEC_ERROR_BUSY
SSL_ClearSessionCache();
SECStatus status = NSS_Shutdown();
- DCHECK(status == SECSuccess);
+ if (status != SECSuccess)
+ LOG(ERROR) << "NSS_Shutdown failed, leak? See "
+ "http://code.google.com/p/chromium/issues/detail?id=4609";
}
+ private:
+ SECMODModule *root_;
};
} // namespace
« no previous file with comments | « no previous file | chrome/browser/ssl_uitest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698