| Index: net/socket/ssl_client_socket_openssl.cc
|
| diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
|
| index b3690a9bfc1b0d02747ee74f6d05132cecfb6cce..75cbbfd2bd9c1b467adb111ad30f321b0a3a3791 100644
|
| --- a/net/socket/ssl_client_socket_openssl.cc
|
| +++ b/net/socket/ssl_client_socket_openssl.cc
|
| @@ -296,6 +296,16 @@ class SSLContext {
|
| return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0;
|
| }
|
|
|
| +#if defined(OPENSSL_NPN_NEGOTIATED)
|
| + static int SelectNextProtoCallback(SSL* ssl,
|
| + unsigned char** out, unsigned char* outlen,
|
| + const unsigned char* in,
|
| + unsigned int inlen, void* arg) {
|
| + SSLClientSocketOpenSSL* socket = Get()->GetClientSocketFromSSL(ssl);
|
| + return socket->SelectNextProtoCallback(out, outlen, in, inlen);
|
| + }
|
| +#endif
|
| +
|
| private:
|
| friend struct DefaultSingletonTraits<SSLContext>;
|
|
|
| @@ -311,13 +321,6 @@ class SSLContext {
|
| SSL_CTX_set_timeout(ssl_ctx_.get(), kSessionCacheTimeoutSeconds);
|
| SSL_CTX_sess_set_cache_size(ssl_ctx_.get(), kSessionCacheMaxEntires);
|
| SSL_CTX_set_client_cert_cb(ssl_ctx_.get(), ClientCertCallback);
|
| -#if defined(OPENSSL_NPN_NEGOTIATED)
|
| - // TODO(kristianm): Only select this if ssl_config_.next_proto is not empty.
|
| - // It would be better if the callback were not a global setting,
|
| - // but that is an OpenSSL issue.
|
| - SSL_CTX_set_next_proto_select_cb(ssl_ctx_.get(), SelectNextProtoCallback,
|
| - NULL);
|
| -#endif
|
| }
|
|
|
| static int NewSessionCallbackStatic(SSL* ssl, SSL_SESSION* session) {
|
| @@ -345,14 +348,6 @@ class SSLContext {
|
| return socket->ClientCertRequestCallback(ssl, x509, pkey);
|
| }
|
|
|
| - static int SelectNextProtoCallback(SSL* ssl,
|
| - unsigned char** out, unsigned char* outlen,
|
| - const unsigned char* in,
|
| - unsigned int inlen, void* arg) {
|
| - SSLClientSocketOpenSSL* socket = Get()->GetClientSocketFromSSL(ssl);
|
| - return socket->SelectNextProtoCallback(out, outlen, in, inlen);
|
| - }
|
| -
|
| // This is the index used with SSL_get_ex_data to retrieve the owner
|
| // SSLClientSocketOpenSSL object from an SSL instance.
|
| int ssl_socket_data_index_;
|
| @@ -510,6 +505,15 @@ bool SSLClientSocketOpenSSL::Init() {
|
| // handshake at which point the appropriate error is bubbled up to the client.
|
| LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
|
| "returned " << rv;
|
| +
|
| + if (!ssl_config_.next_protos.empty()) {
|
| +#if defined(OPENSSL_NPN_NEGOTIATED)
|
| + SSL_set_next_proto_select_cb(ssl_, SSLContext::SelectNextProtoCallback, 0);
|
| +#else
|
| + LOG(WARNING) << "Ignoring next_protos config";
|
| +#endif
|
| + }
|
| +
|
| return true;
|
| }
|
|
|
| @@ -758,17 +762,12 @@ int SSLClientSocketOpenSSL::DoHandshake() {
|
| return net_error;
|
| }
|
|
|
| +#if defined(OPENSSL_NPN_NEGOTIATED)
|
| int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
|
| unsigned char* outlen,
|
| const unsigned char* in,
|
| unsigned int inlen) {
|
| -#if defined(OPENSSL_NPN_NEGOTIATED)
|
| - if (ssl_config_.next_protos.empty()) {
|
| - *out = reinterpret_cast<uint8*>(const_cast<char*>("http/1.1"));
|
| - *outlen = 8;
|
| - npn_status_ = SSLClientSocket::kNextProtoUnsupported;
|
| - return SSL_TLSEXT_ERR_OK;
|
| - }
|
| + DCHECK(!ssl_config_.next_protos.empty());
|
|
|
| int status = SSL_select_next_proto(
|
| out, outlen, in, inlen,
|
| @@ -791,9 +790,9 @@ int SSLClientSocketOpenSSL::SelectNextProtoCallback(unsigned char** out,
|
| break;
|
| }
|
| DVLOG(2) << "next protocol: '" << npn_proto_ << "' status: " << npn_status_;
|
| -#endif
|
| return SSL_TLSEXT_ERR_OK;
|
| }
|
| +#endif
|
|
|
| int SSLClientSocketOpenSSL::DoVerifyCert(int result) {
|
| DCHECK(server_cert_);
|
|
|
Chromium Code Reviews
Issue 5728001:
Set NPN callback per connection (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src