net/socket/ssl_client_socket_nss.cc - Issue 415005: Linux: add next-protocol-negotiation to libssl.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 415005: Linux: add next-protocol-negotiation to libssl. (Closed)

Patch Set: Addressing wtc's comments. Created 11 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_nss.cc

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc

index bc13d2a0a6b37d0f42af46d9266a4aa39d61c0e5..3ba85984f1a9ef3dd0c9bd7a78618ed14b693191 100644

--- a/net/socket/ssl_client_socket_nss.cc

+++ b/net/socket/ssl_client_socket_nss.cc

@@ -362,6 +362,17 @@ int SSLClientSocketNSS::InitializeSSLOptions() {

LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?";

#endif

+#ifdef SSL_NEXT_PROTO_NEGOTIATED

+ if (!ssl_config_.next_protos.empty()) {

+ rv = SSL_SetNextProtoNego(

+ nss_fd_,

+ reinterpret_cast<const unsigned char *>(ssl_config_.next_protos.data()),

+ ssl_config_.next_protos.size());

+ if (rv != SECSuccess)

+ LOG(INFO) << "SSL_SetNextProtoNego failed.";

+ }

+#endif

rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE);

if (rv != SECSuccess)

return ERR_UNEXPECTED;

@@ -555,6 +566,38 @@ void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {

ssl_info->cert_status = server_cert_verify_result_.cert_status;

DCHECK(server_cert_ != NULL);

ssl_info->cert = server_cert_;

+#ifdef SSL_NEXT_PROTO_NEGOTIATED

+ unsigned char npn_buf[255];

+ unsigned npn_len;

+ int npn_status;

+ SECStatus rv = SSL_GetNextProto(nss_fd_, &npn_status, npn_buf, &npn_len,

+ sizeof(npn_buf));

+ if (rv != SECSuccess) {

+ npn_status = SSL_NEXT_PROTO_NO_SUPPORT;

+ }

+ if (npn_status == SSL_NEXT_PROTO_NO_SUPPORT) {

+ ssl_info->next_proto_status = SSLInfo::kNextProtoUnsupported;

+ ssl_info->next_proto.clear();

+ } else {

+ ssl_info->next_proto =

+ std::string(reinterpret_cast<const char *>(npn_buf), npn_len);

+ switch (npn_status) {

+ case SSL_NEXT_PROTO_NEGOTIATED:

+ ssl_info->next_proto_status = SSLInfo::kNextProtoNegotiated;

+ break;

+ case SSL_NEXT_PROTO_NO_OVERLAP:

+ ssl_info->next_proto_status = SSLInfo::kNextProtoNoOverlap;

+ break;

+ default:

+ LOG(ERROR) << "Unknown npn_status: " << npn_status;

+ ssl_info->next_proto_status = SSLInfo::kNextProtoNoOverlap;

+ break;

+ }

+#endif

LeaveFunction("");

}

« net/flip/flip_session.cc ('K') | « net/flip/flip_session.cc ('k') | net/third_party/nss/README.google » ('j') | no next file with comments »