Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1493)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 660144: Log a warning message if an SSL server does not support... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Upload before checkin. Created 10 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 625 matching lines...) Expand 10 before | Expand all | Expand 10 after
636 #else 636 #else
637 server_cert_ = X509Certificate::CreateFromHandle( 637 server_cert_ = X509Certificate::CreateFromHandle(
638 CERT_DupCertificate(server_cert_nss_), 638 CERT_DupCertificate(server_cert_nss_),
639 X509Certificate::SOURCE_FROM_NETWORK); 639 X509Certificate::SOURCE_FROM_NETWORK);
640 #endif 640 #endif
641 } 641 }
642 } 642 }
643 return server_cert_; 643 return server_cert_;
644 } 644 }
645 645
646 // Log an informational message if the server does not support secure
647 // renegotiation (RFC 5746).
648 void SSLClientSocketNSS::CheckSecureRenegotiation() const {
649 // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6.
650 // Since SSL_MAX_EXTENSIONS was added at the same time, we can test
651 // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension.
652 #if defined(SSL_MAX_EXTENSIONS)
653 PRBool received_renego_info;
654 if (SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
655 &received_renego_info) == SECSuccess &&
656 !received_renego_info) {
657 LOG(INFO) << "The server " << hostname_
658 << " does not support SSL secure renegotiation.";
659 }
660 #endif
661 }
662
646 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) { 663 void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
647 EnterFunction(""); 664 EnterFunction("");
648 ssl_info->Reset(); 665 ssl_info->Reset();
649 if (!server_cert_) 666 if (!server_cert_)
650 return; 667 return;
651 668
652 SSLChannelInfo channel_info; 669 SSLChannelInfo channel_info;
653 SECStatus ok = SSL_GetChannelInfo(nss_fd_, 670 SECStatus ok = SSL_GetChannelInfo(nss_fd_,
654 &channel_info, sizeof(channel_info)); 671 &channel_info, sizeof(channel_info));
655 if (ok == SECSuccess && 672 if (ok == SECSuccess &&
(...skipping 483 matching lines...) Expand 10 before | Expand all | Expand 10 after
1139 1156
1140 // static 1157 // static
1141 // NSS calls this when handshake is completed. 1158 // NSS calls this when handshake is completed.
1142 // After the SSL handshake is finished, use CertVerifier to verify 1159 // After the SSL handshake is finished, use CertVerifier to verify
1143 // the saved server certificate. 1160 // the saved server certificate.
1144 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket, 1161 void SSLClientSocketNSS::HandshakeCallback(PRFileDesc* socket,
1145 void* arg) { 1162 void* arg) {
1146 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg); 1163 SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
1147 1164
1148 that->UpdateServerCert(); 1165 that->UpdateServerCert();
1166
1167 that->CheckSecureRenegotiation();
1149 } 1168 }
1150 1169
1151 int SSLClientSocketNSS::DoHandshake() { 1170 int SSLClientSocketNSS::DoHandshake() {
1152 EnterFunction(""); 1171 EnterFunction("");
1153 int net_error = net::OK; 1172 int net_error = net::OK;
1154 SECStatus rv = SSL_ForceHandshake(nss_fd_); 1173 SECStatus rv = SSL_ForceHandshake(nss_fd_);
1155 1174
1156 if (client_auth_cert_needed_) { 1175 if (client_auth_cert_needed_) {
1157 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED; 1176 net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
1158 // If the handshake already succeeded (because the server requests but 1177 // If the handshake already succeeded (because the server requests but
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after
1311 } 1330 }
1312 PRErrorCode prerr = PR_GetError(); 1331 PRErrorCode prerr = PR_GetError();
1313 if (prerr == PR_WOULD_BLOCK_ERROR) { 1332 if (prerr == PR_WOULD_BLOCK_ERROR) {
1314 return ERR_IO_PENDING; 1333 return ERR_IO_PENDING;
1315 } 1334 }
1316 LeaveFunction(""); 1335 LeaveFunction("");
1317 return MapNSPRError(prerr); 1336 return MapNSPRError(prerr);
1318 } 1337 }
1319 1338
1320 } // namespace net 1339 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_nss.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698