net/socket/ssl_client_socket_nss.cc - Issue 4211006: A follow-up of r64178....

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 4211006: A follow-up of r64178.... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/

Patch Set: Upload before checkin Created 10 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_nss.cc

===================================================================

--- net/socket/ssl_client_socket_nss.cc (revision 64813)

+++ net/socket/ssl_client_socket_nss.cc (working copy)

@@ -366,7 +366,7 @@

// and the other elements are in the order given by the server.

class PeerCertificateChain {

public:

- PeerCertificateChain(PRFileDesc* nss_fd)

+ explicit PeerCertificateChain(PRFileDesc* nss_fd)

: num_certs_(0),

certs_(NULL) {

SECStatus rv = SSL_PeerCertificateChain(nss_fd, NULL, &num_certs_);

@@ -1105,6 +1105,8 @@

SSL_CONNECTION_COMPRESSION_MASK) <<

SSL_CONNECTION_COMPRESSION_SHIFT;

+ // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS

+ // doesn't support them yet), so we use 0x0302 and 0x0303 directly.

int version = SSL_CONNECTION_VERSION_UNKNOWN;

if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) {

// All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL

@@ -1114,6 +1116,10 @@

version = SSL_CONNECTION_VERSION_SSL3;

} else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) {

version = SSL_CONNECTION_VERSION_TLS1;

+ } else if (channel_info.protocolVersion == 0x0302) {

+ version = SSL_CONNECTION_VERSION_TLS1_1;

+ } else if (channel_info.protocolVersion == 0x0303) {

+ version = SSL_CONNECTION_VERSION_TLS1_2;

}

ssl_connection_status_ |=

(version & SSL_CONNECTION_VERSION_MASK) <<

@@ -1651,6 +1657,11 @@

CERTDistNames* ca_names,

CERTCertificate** result_certificate,

SECKEYPrivateKey** result_private_key) {

+ // NSS passes a null ca_names if SSL 2.0 is used. Just fail rather than

+ // trying to make this work, as we plan to remove SSL 2.0 support soon.

+ if (!ca_names)

+ return SECFailure;

SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);

that->client_auth_cert_needed_ = !that->ssl_config_.send_client_cert;

« no previous file with comments | « net/base/ssl_connection_status_flags.h ('k') | no next file » | no next file with comments »