OLD | NEW |
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code GetDefaultCertNickname(), derived from | 5 // This file includes code GetDefaultCertNickname(), derived from |
6 // nsNSSCertificate::defaultServerNickName() | 6 // nsNSSCertificate::defaultServerNickName() |
7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp | 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp |
8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from | 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from |
9 // AuthCertificateCallback() in | 9 // AuthCertificateCallback() in |
10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
(...skipping 344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
355 #else | 355 #else |
356 #error "You need to install NSS-3.12 or later to build chromium" | 356 #error "You need to install NSS-3.12 or later to build chromium" |
357 #endif | 357 #endif |
358 | 358 |
359 #ifdef SSL_ENABLE_DEFLATE | 359 #ifdef SSL_ENABLE_DEFLATE |
360 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, PR_TRUE); | 360 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, PR_TRUE); |
361 if (rv != SECSuccess) | 361 if (rv != SECSuccess) |
362 LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; | 362 LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; |
363 #endif | 363 #endif |
364 | 364 |
| 365 #ifdef SSL_NEXT_PROTO_NEGOTIATED |
| 366 if (!ssl_config_.next_protos.empty()) { |
| 367 rv = SSL_SetNextProtoNego( |
| 368 nss_fd_, |
| 369 reinterpret_cast<const unsigned char *>(ssl_config_.next_protos.data()), |
| 370 ssl_config_.next_protos.size()); |
| 371 if (rv != SECSuccess) |
| 372 LOG(INFO) << "SSL_SetNextProtoNego failed."; |
| 373 } |
| 374 #endif |
| 375 |
365 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | 376 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); |
366 if (rv != SECSuccess) | 377 if (rv != SECSuccess) |
367 return ERR_UNEXPECTED; | 378 return ERR_UNEXPECTED; |
368 | 379 |
369 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); | 380 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); |
370 if (rv != SECSuccess) | 381 if (rv != SECSuccess) |
371 return ERR_UNEXPECTED; | 382 return ERR_UNEXPECTED; |
372 | 383 |
373 rv = SSL_GetClientAuthDataHook(nss_fd_, ClientAuthHandler, this); | 384 rv = SSL_GetClientAuthDataHook(nss_fd_, ClientAuthHandler, this); |
374 if (rv != SECSuccess) | 385 if (rv != SECSuccess) |
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
548 } else { | 559 } else { |
549 ssl_info->security_bits = -1; | 560 ssl_info->security_bits = -1; |
550 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() | 561 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() |
551 << " for cipherSuite " << channel_info.cipherSuite; | 562 << " for cipherSuite " << channel_info.cipherSuite; |
552 } | 563 } |
553 UpdateServerCert(); | 564 UpdateServerCert(); |
554 } | 565 } |
555 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 566 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
556 DCHECK(server_cert_ != NULL); | 567 DCHECK(server_cert_ != NULL); |
557 ssl_info->cert = server_cert_; | 568 ssl_info->cert = server_cert_; |
| 569 |
| 570 #ifdef SSL_NEXT_PROTO_NEGOTIATED |
| 571 unsigned char npn_buf[255]; |
| 572 unsigned npn_len; |
| 573 int npn_status; |
| 574 SECStatus rv = SSL_GetNextProto(nss_fd_, &npn_status, npn_buf, &npn_len, |
| 575 sizeof(npn_buf)); |
| 576 if (rv != SECSuccess) { |
| 577 npn_status = SSL_NEXT_PROTO_NO_SUPPORT; |
| 578 } |
| 579 |
| 580 if (npn_status == SSL_NEXT_PROTO_NO_SUPPORT) { |
| 581 ssl_info->next_proto_status = SSLInfo::kNextProtoUnsupported; |
| 582 ssl_info->next_proto.clear(); |
| 583 } else { |
| 584 ssl_info->next_proto = |
| 585 std::string(reinterpret_cast<const char *>(npn_buf), npn_len); |
| 586 switch (npn_status) { |
| 587 case SSL_NEXT_PROTO_NEGOTIATED: |
| 588 ssl_info->next_proto_status = SSLInfo::kNextProtoNegotiated; |
| 589 break; |
| 590 case SSL_NEXT_PROTO_NO_OVERLAP: |
| 591 ssl_info->next_proto_status = SSLInfo::kNextProtoNoOverlap; |
| 592 break; |
| 593 default: |
| 594 LOG(ERROR) << "Unknown npn_status: " << npn_status; |
| 595 ssl_info->next_proto_status = SSLInfo::kNextProtoNoOverlap; |
| 596 break; |
| 597 } |
| 598 } |
| 599 #endif |
| 600 |
558 LeaveFunction(""); | 601 LeaveFunction(""); |
559 } | 602 } |
560 | 603 |
561 void SSLClientSocketNSS::GetSSLCertRequestInfo( | 604 void SSLClientSocketNSS::GetSSLCertRequestInfo( |
562 SSLCertRequestInfo* cert_request_info) { | 605 SSLCertRequestInfo* cert_request_info) { |
563 EnterFunction(""); | 606 EnterFunction(""); |
564 cert_request_info->host_and_port = hostname_; | 607 cert_request_info->host_and_port = hostname_; |
565 cert_request_info->client_certs = client_certs_; | 608 cert_request_info->client_certs = client_certs_; |
566 LeaveFunction(cert_request_info->client_certs.size()); | 609 LeaveFunction(cert_request_info->client_certs.size()); |
567 } | 610 } |
(...skipping 568 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1136 } | 1179 } |
1137 PRErrorCode prerr = PR_GetError(); | 1180 PRErrorCode prerr = PR_GetError(); |
1138 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1181 if (prerr == PR_WOULD_BLOCK_ERROR) { |
1139 return ERR_IO_PENDING; | 1182 return ERR_IO_PENDING; |
1140 } | 1183 } |
1141 LeaveFunction(""); | 1184 LeaveFunction(""); |
1142 return NetErrorFromNSPRError(prerr); | 1185 return NetErrorFromNSPRError(prerr); |
1143 } | 1186 } |
1144 | 1187 |
1145 } // namespace net | 1188 } // namespace net |
OLD | NEW |