Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(657)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.h

Issue 6804032: Add TLS-SRP (RFC 5054) support Base URL: http://git.chromium.org/git/chromium.git@trunk
Patch Set: use system srp and mpi libs, not local copies Created 9 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/third_party/nss/ssl.gyp » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.h
diff --git a/net/socket/ssl_client_socket_nss.h b/net/socket/ssl_client_socket_nss.h
index 836c2791876cded6cb91c6151d4cc2d189fca5d1..0a7f368a1f362b2ea85a7a908bed458affaa3917 100644
--- a/net/socket/ssl_client_socket_nss.h
+++ b/net/socket/ssl_client_socket_nss.h
@@ -97,6 +97,10 @@ class SSLClientSocketNSS : public SSLClientSocket {
// Initializes NSS SSL options. Returns a net error code.
int InitializeSSLOptions();
+ // Enables SRP ciphers. If |disable_non_srp_ciphers| is true, then non-SRP
+ // ciphers will be disabled. Returns a net error code.
+ int SetCiphersForTLSAuth(bool set_srp_ciphers, bool disable_non_srp_ciphers);
+
// Initializes the socket peer name in SSL. Returns a net error code.
int InitializeSSLPeerName();
@@ -106,6 +110,7 @@ class SSLClientSocketNSS : public SSLClientSocket {
#endif
X509Certificate* UpdateServerCert();
void UpdateConnectionStatus();
+ void UpdateAuth();
void DoReadCallback(int result);
void DoWriteCallback(int result);
void DoConnectCallback(int result);
@@ -161,6 +166,10 @@ class SSLClientSocketNSS : public SSLClientSocket {
CERTCertificate** result_certificate,
SECKEYPrivateKey** result_private_key);
#endif
+
+ // NSS calls this when password authentication is requested (for TLS-SRP).
+ static SECStatus TLSAuthCallback(PRFileDesc *socket, SECItem *pw, void *arg);
+
// NSS calls this when handshake is completed. We pass 'this' as the second
// argument.
static void HandshakeCallback(PRFileDesc* socket, void* arg);
@@ -214,6 +223,11 @@ class SSLClientSocketNSS : public SSLClientSocket {
CertVerifier* const cert_verifier_;
scoped_ptr<SingleRequestCertVerifier> verifier_;
+ // The mutually authenticated TLS username for the connection. This is only
+ // set after the handshake has succeeded with this username.
+ // If none, this is the empty string.
+ std::string authenticated_tls_username_;
+
// True if NSS has called HandshakeCallback.
bool handshake_callback_called_;
@@ -228,6 +242,10 @@ class SSLClientSocketNSS : public SSLClientSocket {
// HTTPS connections.
bool eset_mitm_detected_;
+ // False iff we are using an SRP cipher suite that doesn't use server certs.
+ // Default is true.
+ bool server_cert_needed_;
+
// True iff |ssl_host_info_| contained a predicted certificate chain and
// that we found the prediction to be correct.
bool predicted_cert_chain_correct_;
« no previous file with comments | « net/socket/ssl_client_socket.h ('k') | net/socket/ssl_client_socket_nss.cc » ('j') | net/third_party/nss/ssl.gyp » ('J')

Powered by Google App Engine
This is Rietveld 408576698