| Index: net/socket/ssl_client_socket_nss.cc
|
| ===================================================================
|
| --- net/socket/ssl_client_socket_nss.cc (revision 40191)
|
| +++ net/socket/ssl_client_socket_nss.cc (working copy)
|
| @@ -643,6 +643,23 @@
|
| return server_cert_;
|
| }
|
|
|
| +// Log an informational message if the server does not support secure
|
| +// renegotiation (RFC 5746).
|
| +void SSLClientSocketNSS::CheckSecureRenegotiation() const {
|
| + // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6.
|
| + // Since SSL_MAX_EXTENSIONS was added at the same time, we can test
|
| + // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension.
|
| +#if defined(SSL_MAX_EXTENSIONS)
|
| + PRBool received_renego_info;
|
| + if (SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
|
| + &received_renego_info) == SECSuccess &&
|
| + !received_renego_info) {
|
| + LOG(INFO) << "The server " << hostname_
|
| + << " does not support SSL secure renegotiation.";
|
| + }
|
| +#endif
|
| +}
|
| +
|
| void SSLClientSocketNSS::GetSSLInfo(SSLInfo* ssl_info) {
|
| EnterFunction("");
|
| ssl_info->Reset();
|
| @@ -1146,6 +1163,8 @@
|
| SSLClientSocketNSS* that = reinterpret_cast<SSLClientSocketNSS*>(arg);
|
|
|
| that->UpdateServerCert();
|
| +
|
| + that->CheckSecureRenegotiation();
|
| }
|
|
|
| int SSLClientSocketNSS::DoHandshake() {
|
|
|
Chromium Code Reviews
Issue 660144:
Log a warning message if an SSL server does not support... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/