Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(141)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslsock.c

Issue 7327029: Add client-side support for the origin bound certificate TLS extension. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * vtables (and methods that call through them) for the 4 types of 2 * vtables (and methods that call through them) for the 4 types of
3 * SSLSockets supported. Only one type is still supported. 3 * SSLSockets supported. Only one type is still supported.
4 * Various other functions. 4 * Various other functions.
5 * 5 *
6 * ***** BEGIN LICENSE BLOCK ***** 6 * ***** BEGIN LICENSE BLOCK *****
7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 7 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
8 * 8 *
9 * The contents of this file are subject to the Mozilla Public License Version 9 * The contents of this file are subject to the Mozilla Public License Version
10 * 1.1 (the "License"); you may not use this file except in compliance with 10 * 1.1 (the "License"); you may not use this file except in compliance with
(...skipping 169 matching lines...) Expand 10 before | Expand all | Expand 10 after
180 PR_FALSE, /* noStepDown */ 180 PR_FALSE, /* noStepDown */
181 PR_FALSE, /* bypassPKCS11 */ 181 PR_FALSE, /* bypassPKCS11 */
182 PR_FALSE, /* noLocks */ 182 PR_FALSE, /* noLocks */
183 PR_FALSE, /* enableSessionTickets */ 183 PR_FALSE, /* enableSessionTickets */
184 PR_FALSE, /* enableDeflate */ 184 PR_FALSE, /* enableDeflate */
185 2, /* enableRenegotiation (default: requires extension) */ 185 2, /* enableRenegotiation (default: requires extension) */
186 PR_FALSE, /* requireSafeNegotiation */ 186 PR_FALSE, /* requireSafeNegotiation */
187 PR_FALSE, /* enableFalseStart */ 187 PR_FALSE, /* enableFalseStart */
188 PR_FALSE, /* enableOCSPStapling */ 188 PR_FALSE, /* enableOCSPStapling */
189 PR_FALSE, /* enableCachedInfo */ 189 PR_FALSE, /* enableCachedInfo */
190 PR_TRUE, /* enableOBCerts */
190 }; 191 };
191 192
192 sslSessionIDLookupFunc ssl_sid_lookup; 193 sslSessionIDLookupFunc ssl_sid_lookup;
193 sslSessionIDCacheFunc ssl_sid_cache; 194 sslSessionIDCacheFunc ssl_sid_cache;
194 sslSessionIDUncacheFunc ssl_sid_uncache; 195 sslSessionIDUncacheFunc ssl_sid_uncache;
195 196
196 static PRBool ssl_inited = PR_FALSE; 197 static PRBool ssl_inited = PR_FALSE;
197 static PRDescIdentity ssl_layer_id; 198 static PRDescIdentity ssl_layer_id;
198 199
199 PRBool locksEverDisabled; /* implicitly PR_FALSE */ 200 PRBool locksEverDisabled; /* implicitly PR_FALSE */
(...skipping 545 matching lines...) Expand 10 before | Expand all | Expand 10 after
745 break; 746 break;
746 747
747 case SSL_ENABLE_OCSP_STAPLING: 748 case SSL_ENABLE_OCSP_STAPLING:
748 ss->opt.enableOCSPStapling = on; 749 ss->opt.enableOCSPStapling = on;
749 break; 750 break;
750 751
751 case SSL_ENABLE_CACHED_INFO: 752 case SSL_ENABLE_CACHED_INFO:
752 ss->opt.enableCachedInfo = on; 753 ss->opt.enableCachedInfo = on;
753 break; 754 break;
754 755
756 case SSL_ENABLE_OB_CERTS:
757 ss->opt.enableOBCerts = on;
758 break;
759
755 default: 760 default:
756 PORT_SetError(SEC_ERROR_INVALID_ARGS); 761 PORT_SetError(SEC_ERROR_INVALID_ARGS);
757 rv = SECFailure; 762 rv = SECFailure;
758 } 763 }
759 764
760 /* We can't use the macros for releasing the locks here, 765 /* We can't use the macros for releasing the locks here,
761 * because ss->opt.noLocks might have changed just above. 766 * because ss->opt.noLocks might have changed just above.
762 * We must release these locks (monitors) here, if we aquired them above, 767 * We must release these locks (monitors) here, if we aquired them above,
763 * regardless of the current value of ss->opt.noLocks. 768 * regardless of the current value of ss->opt.noLocks.
764 */ 769 */
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after
810 case SSL_ENABLE_SESSION_TICKETS: 815 case SSL_ENABLE_SESSION_TICKETS:
811 on = ss->opt.enableSessionTickets; 816 on = ss->opt.enableSessionTickets;
812 break; 817 break;
813 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break; 818 case SSL_ENABLE_DEFLATE: on = ss->opt.enableDeflate; break;
814 case SSL_ENABLE_RENEGOTIATION: 819 case SSL_ENABLE_RENEGOTIATION:
815 on = ss->opt.enableRenegotiation; break; 820 on = ss->opt.enableRenegotiation; break;
816 case SSL_REQUIRE_SAFE_NEGOTIATION: 821 case SSL_REQUIRE_SAFE_NEGOTIATION:
817 on = ss->opt.requireSafeNegotiation; break; 822 on = ss->opt.requireSafeNegotiation; break;
818 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; 823 case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break;
819 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break; 824 case SSL_ENABLE_OCSP_STAPLING: on = ss->opt.enableOCSPStapling; break;
820 case SSL_ENABLE_CACHED_INFO: on = ss->opt.enableCachedInfo; break; 825 case SSL_ENABLE_CACHED_INFO: on = ss->opt.enableCachedInfo; break;
826 case SSL_ENABLE_OB_CERTS: on = ss->opt.enableOBCerts; break;
821 827
822 default: 828 default:
823 PORT_SetError(SEC_ERROR_INVALID_ARGS); 829 PORT_SetError(SEC_ERROR_INVALID_ARGS);
824 rv = SECFailure; 830 rv = SECFailure;
825 } 831 }
826 832
827 ssl_ReleaseSSL3HandshakeLock(ss); 833 ssl_ReleaseSSL3HandshakeLock(ss);
828 ssl_Release1stHandshakeLock(ss); 834 ssl_Release1stHandshakeLock(ss);
829 835
830 *pOn = on; 836 *pOn = on;
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after
866 case SSL_ENABLE_RENEGOTIATION: 872 case SSL_ENABLE_RENEGOTIATION:
867 on = ssl_defaults.enableRenegotiation; break; 873 on = ssl_defaults.enableRenegotiation; break;
868 case SSL_REQUIRE_SAFE_NEGOTIATION: 874 case SSL_REQUIRE_SAFE_NEGOTIATION:
869 on = ssl_defaults.requireSafeNegotiation; 875 on = ssl_defaults.requireSafeNegotiation;
870 break; 876 break;
871 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; 877 case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break;
872 case SSL_ENABLE_OCSP_STAPLING: 878 case SSL_ENABLE_OCSP_STAPLING:
873 on = ssl_defaults.enableOCSPStapling; 879 on = ssl_defaults.enableOCSPStapling;
874 break; 880 break;
875 case SSL_ENABLE_CACHED_INFO: on = ssl_defaults.enableCachedInfo; break; 881 case SSL_ENABLE_CACHED_INFO: on = ssl_defaults.enableCachedInfo; break;
882 case SSL_ENABLE_OB_CERTS: on = ssl_defaults.enableOBCerts; break;
876 883
877 default: 884 default:
878 PORT_SetError(SEC_ERROR_INVALID_ARGS); 885 PORT_SetError(SEC_ERROR_INVALID_ARGS);
879 rv = SECFailure; 886 rv = SECFailure;
880 } 887 }
881 888
882 *pOn = on; 889 *pOn = on;
883 return rv; 890 return rv;
884 } 891 }
885 892
(...skipping 135 matching lines...) Expand 10 before | Expand all | Expand 10 after
1021 break; 1028 break;
1022 1029
1023 case SSL_ENABLE_OCSP_STAPLING: 1030 case SSL_ENABLE_OCSP_STAPLING:
1024 ssl_defaults.enableOCSPStapling = on; 1031 ssl_defaults.enableOCSPStapling = on;
1025 break; 1032 break;
1026 1033
1027 case SSL_ENABLE_CACHED_INFO: 1034 case SSL_ENABLE_CACHED_INFO:
1028 ssl_defaults.enableCachedInfo = on; 1035 ssl_defaults.enableCachedInfo = on;
1029 break; 1036 break;
1030 1037
1038 case SSL_ENABLE_OB_CERTS:
1039 ssl_defaults.enableOBCerts = on;
1040 break;
1041
1031 default: 1042 default:
1032 PORT_SetError(SEC_ERROR_INVALID_ARGS); 1043 PORT_SetError(SEC_ERROR_INVALID_ARGS);
1033 return SECFailure; 1044 return SECFailure;
1034 } 1045 }
1035 return SECSuccess; 1046 return SECSuccess;
1036 } 1047 }
1037 1048
1038 /* function tells us if the cipher suite is one that we no longer support. */ 1049 /* function tells us if the cipher suite is one that we no longer support. */
1039 static PRBool 1050 static PRBool
1040 ssl_IsRemovedCipherSuite(PRInt32 suite) 1051 ssl_IsRemovedCipherSuite(PRInt32 suite)
(...skipping 1508 matching lines...) Expand 10 before | Expand all | Expand 10 after
2549 loser: 2560 loser:
2550 ssl_DestroySocketContents(ss); 2561 ssl_DestroySocketContents(ss);
2551 ssl_DestroyLocks(ss); 2562 ssl_DestroyLocks(ss);
2552 PORT_Free(ss); 2563 PORT_Free(ss);
2553 ss = NULL; 2564 ss = NULL;
2554 } 2565 }
2555 } 2566 }
2556 return ss; 2567 return ss;
2557 } 2568 }
2558 2569
OLDNEW
« no previous file with comments | « net/third_party/nss/ssl/sslimpl.h ('k') | net/third_party/nss/ssl/sslt.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698