Upstream: Build net_unittests for Android.

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <openssl/ssl.h>
@@ skipping 774 matching lines @@
                                                     const unsigned char* in,
                                                     unsigned int inlen) {
 #if defined(OPENSSL_NPN_NEGOTIATED)
   if (ssl_config_.next_protos.empty()) {
     *out = reinterpret_cast<uint8*>(const_cast<char*>("http/1.1"));
     *outlen = 8;
     npn_status_ = SSLClientSocket::kNextProtoUnsupported;
     return SSL_TLSEXT_ERR_OK;
   }
 
-  int status = SSL_select_next_proto(
-      out, outlen, in, inlen,
-      reinterpret_cast<const unsigned char*>(ssl_config_.next_protos.data()),
-      ssl_config_.next_protos.size());
+  int status = OPENSSL_NPN_UNSUPPORTED;
+  for (unsigned int i = 0; i < inlen; i++) {
+    for (std::vector<std::string>::const_iterator
+         j = ssl_config_.next_protos.begin();
+         j != ssl_config_.next_protos.end(); j++) {
+      if (in[i] == j->size() &&
+          memcmp(&in[i + 1], j->data(), in[i]) == 0) {
+        *out = (unsigned char *)in + i + 1;
+        *outlen = in[i];
+        status = OPENSSL_NPN_NEGOTIATED;
+        break;

[joth, 2011/11/02 18:57:05]

where is this edit coming from? we should be using SSL_select_next_proto for
this.

[Jing Zhao, 2011/11/03 17:49:08]

http://codereview.chromium.org/8156001/
This change changed next_protos from a string to a vector, but
SSL_select_next_proto takes a string as its fifth parameter, so I had the logic
here.

[joth, 2011/11/03 19:45:02]

ouch! that's double bad. first, linux_redux didn't get a build break because the
gnu vector has a non-standard data() member the reinterpret_cast means it still
builds (all be it, doing totally the wrong thing). And second, we obviously
don't have any test coverage for this code path :-(

Thanks for finding & fixing.

Did you manage to test this somehow?

[Jing Zhao, 2011/11/04 08:01:43]

No I didn't find a way to test this. I fixed two bugs in my original code, and
now it should be correct..

+      }
+    }
+    if (status == OPENSSL_NPN_NEGOTIATED)
+      break;
+  }
 
   npn_proto_.assign(reinterpret_cast<const char*>(*out), *outlen);
   switch (status) {
     case OPENSSL_NPN_UNSUPPORTED:
       npn_status_ = SSLClientSocket::kNextProtoUnsupported;
       break;
     case OPENSSL_NPN_NEGOTIATED:
       npn_status_ = SSLClientSocket::kNextProtoNegotiated;
       break;
     case OPENSSL_NPN_NO_OVERLAP:
@@ skipping 411 matching lines @@
     net_log_.AddByteTransferEvent(NetLog::TYPE_SSL_SOCKET_BYTES_SENT, rv,
                                   user_write_buf_->data());
     return rv;
   }
 
   int err = SSL_get_error(ssl_, rv);
   return MapOpenSSLError(err, err_tracer);
 }
 
 }  // namespace net