OLD | NEW |
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 363 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
374 #ifdef SSL_ENABLE_DEFLATE | 374 #ifdef SSL_ENABLE_DEFLATE |
375 // Some web servers have been found to break if TLS is used *or* if DEFLATE | 375 // Some web servers have been found to break if TLS is used *or* if DEFLATE |
376 // is advertised. Thus, if TLS is disabled (probably because we are doing | 376 // is advertised. Thus, if TLS is disabled (probably because we are doing |
377 // SSLv3 fallback), we disable DEFLATE also. | 377 // SSLv3 fallback), we disable DEFLATE also. |
378 // See http://crbug.com/31628 | 378 // See http://crbug.com/31628 |
379 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, ssl_config_.tls1_enabled); | 379 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, ssl_config_.tls1_enabled); |
380 if (rv != SECSuccess) | 380 if (rv != SECSuccess) |
381 LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; | 381 LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; |
382 #endif | 382 #endif |
383 | 383 |
| 384 #ifdef SSL_ENABLE_FALSE_START |
| 385 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, PR_TRUE); |
| 386 if (rv != SECSuccess) |
| 387 LOG(INFO) << "SSL_ENABLE_FALSE_START failed. Old system nss?"; |
| 388 #endif |
| 389 |
384 #ifdef SSL_ENABLE_RENEGOTIATION | 390 #ifdef SSL_ENABLE_RENEGOTIATION |
385 // We allow servers to request renegotiation. Since we're a client, | 391 // We allow servers to request renegotiation. Since we're a client, |
386 // prohibiting this is rather a waste of time. Only servers are in a position | 392 // prohibiting this is rather a waste of time. Only servers are in a position |
387 // to prevent renegotiation attacks. | 393 // to prevent renegotiation attacks. |
388 // http://extendedsubset.com/?p=8 | 394 // http://extendedsubset.com/?p=8 |
389 // | 395 // |
390 // This should be changed when NSS 3.12.6 comes out with support for the | 396 // This should be changed when NSS 3.12.6 comes out with support for the |
391 // renegotiation info extension. | 397 // renegotiation info extension. |
392 // http://code.google.com/p/chromium/issues/detail?id=31647 | 398 // http://code.google.com/p/chromium/issues/detail?id=31647 |
393 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, | 399 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_RENEGOTIATION, |
(...skipping 897 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1291 } | 1297 } |
1292 PRErrorCode prerr = PR_GetError(); | 1298 PRErrorCode prerr = PR_GetError(); |
1293 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1299 if (prerr == PR_WOULD_BLOCK_ERROR) { |
1294 return ERR_IO_PENDING; | 1300 return ERR_IO_PENDING; |
1295 } | 1301 } |
1296 LeaveFunction(""); | 1302 LeaveFunction(""); |
1297 return MapNSPRError(prerr); | 1303 return MapNSPRError(prerr); |
1298 } | 1304 } |
1299 | 1305 |
1300 } // namespace net | 1306 } // namespace net |
OLD | NEW |