Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(140)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 4091005: Remove SSL 2.0 support. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Sync with ToT Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_mac.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 667 matching lines...) Expand 10 before | Expand all | Expand 10 after
678 // TODO(port): set more ssl options! Check errors! 678 // TODO(port): set more ssl options! Check errors!
679 679
680 int rv; 680 int rv;
681 681
682 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE); 682 rv = SSL_OptionSet(nss_fd_, SSL_SECURITY, PR_TRUE);
683 if (rv != SECSuccess) { 683 if (rv != SECSuccess) {
684 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY"); 684 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_SECURITY");
685 return ERR_UNEXPECTED; 685 return ERR_UNEXPECTED;
686 } 686 }
687 687
688 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, ssl_config_.ssl2_enabled); 688 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL2, PR_FALSE);
689 if (rv != SECSuccess) { 689 if (rv != SECSuccess) {
690 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2"); 690 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL2");
691 return ERR_UNEXPECTED; 691 return ERR_UNEXPECTED;
692 } 692 }
693 693
694 // SNI is enabled automatically if TLS is enabled -- as long as 694 // Don't do V2 compatible hellos because they don't support TLS extensions.
695 // SSL_V2_COMPATIBLE_HELLO isn't. 695 rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO, PR_FALSE);
696 // So don't do V2 compatible hellos unless we're really using SSL2,
697 // to avoid errors like
698 // "common name `mail.google.com' != requested host name `gmail.com'"
699 rv = SSL_OptionSet(nss_fd_, SSL_V2_COMPATIBLE_HELLO,
700 ssl_config_.ssl2_enabled);
701 if (rv != SECSuccess) { 696 if (rv != SECSuccess) {
702 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO"); 697 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_V2_COMPATIBLE_HELLO");
703 return ERR_UNEXPECTED; 698 return ERR_UNEXPECTED;
704 } 699 }
705 700
706 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL3, ssl_config_.ssl3_enabled); 701 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SSL3, ssl_config_.ssl3_enabled);
707 if (rv != SECSuccess) { 702 if (rv != SECSuccess) {
708 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL3"); 703 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_SSL3");
709 return ERR_UNEXPECTED; 704 return ERR_UNEXPECTED;
710 } 705 }
(...skipping 1901 matching lines...) Expand 10 before | Expand all | Expand 10 after
2612 case SSL_CONNECTION_VERSION_TLS1_1: 2607 case SSL_CONNECTION_VERSION_TLS1_1:
2613 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1); 2608 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_1);
2614 break; 2609 break;
2615 case SSL_CONNECTION_VERSION_TLS1_2: 2610 case SSL_CONNECTION_VERSION_TLS1_2:
2616 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2); 2611 UpdateConnectionTypeHistograms(CONNECTION_SSL_TLS1_2);
2617 break; 2612 break;
2618 }; 2613 };
2619 } 2614 }
2620 2615
2621 } // namespace net 2616 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_mac.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698