Chromium Code Reviews Chromium Code Reviews
Issue 501178:
Linux: allow TLS renegotiation. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 307 #else | 307 #else |
| 308 #error "You need to install NSS-3.12 or later to build chromium" | 308 #error "You need to install NSS-3.12 or later to build chromium" |
| 309 #endif | 309 #endif |
| 310 | 310 |
| 311 #ifdef SSL_ENABLE_DEFLATE | 311 #ifdef SSL_ENABLE_DEFLATE |
| 312 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, PR_TRUE); | 312 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, PR_TRUE); |
| 313 if (rv != SECSuccess) | 313 if (rv != SECSuccess) |
| 314 LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; | 314 LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; |
| 315 #endif | 315 #endif |
| 316 | 316 |
| 317 #ifdef SSL_ENABLE_RENEGOTIATION | |
| 318 /* We allow servers to request renegotiation. Since we're a client, | |
|
wtc
2010/01/05 19:48:51
Please use C++ comment delimiter "//" because this
| |
| 319 * prohibiting this is rather a waste of time. Only servers are in a position | |
| 320 * to prevent renegotiation attacks. | |
| 321 * http://extendedsubset.com/?p=8 */ | |
| 322 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, | |
| 323 SSL_RENEGOTIATE_UNRESTRICTED); | |
|
wtc
2010/01/05 19:48:51
We should file a bug to remind us to change this w
| |
| 324 if (rv != SECSuccess) | |
| 325 LOG(INFO) << "SSL_ENABLE_RENEGOTIATION failed."; | |
| 326 #endif | |
| 327 | |
| 317 #ifdef SSL_NEXT_PROTO_NEGOTIATED | 328 #ifdef SSL_NEXT_PROTO_NEGOTIATED |
| 318 if (!ssl_config_.next_protos.empty()) { | 329 if (!ssl_config_.next_protos.empty()) { |
| 319 rv = SSL_SetNextProtoNego( | 330 rv = SSL_SetNextProtoNego( |
| 320 nss_fd_, | 331 nss_fd_, |
| 321 reinterpret_cast<const unsigned char *>(ssl_config_.next_protos.data()), | 332 reinterpret_cast<const unsigned char *>(ssl_config_.next_protos.data()), |
| 322 ssl_config_.next_protos.size()); | 333 ssl_config_.next_protos.size()); |
| 323 if (rv != SECSuccess) | 334 if (rv != SECSuccess) |
| 324 LOG(INFO) << "SSL_SetNextProtoNego failed."; | 335 LOG(INFO) << "SSL_SetNextProtoNego failed."; |
| 325 } | 336 } |
| 326 #endif | 337 #endif |
| (...skipping 829 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1156 } | 1167 } |
| 1157 PRErrorCode prerr = PR_GetError(); | 1168 PRErrorCode prerr = PR_GetError(); |
| 1158 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1169 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 1159 return ERR_IO_PENDING; | 1170 return ERR_IO_PENDING; |
| 1160 } | 1171 } |
| 1161 LeaveFunction(""); | 1172 LeaveFunction(""); |
| 1162 return NetErrorFromNSPRError(prerr); | 1173 return NetErrorFromNSPRError(prerr); |
| 1163 } | 1174 } |
| 1164 | 1175 |
| 1165 } // namespace net | 1176 } // namespace net |
| OLD | NEW |
