Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(270)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 1131763002: Reject renegotiations in SSLClientSocket by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_nss.cc ('K') | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/stream_socket.h » ('j') | net/socket/stream_socket.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 606 matching lines...) Expand 10 before | Expand all | Expand 10 after
617 ssl_info->handshake_type = SSL_session_reused(ssl_) ? 617 ssl_info->handshake_type = SSL_session_reused(ssl_) ?
618 SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL; 618 SSLInfo::HANDSHAKE_RESUME : SSLInfo::HANDSHAKE_FULL;
619 619
620 DVLOG(3) << "Encoded connection status: cipher suite = " 620 DVLOG(3) << "Encoded connection status: cipher suite = "
621 << SSLConnectionStatusToCipherSuite(ssl_info->connection_status) 621 << SSLConnectionStatusToCipherSuite(ssl_info->connection_status)
622 << " version = " 622 << " version = "
623 << SSLConnectionStatusToVersion(ssl_info->connection_status); 623 << SSLConnectionStatusToVersion(ssl_info->connection_status);
624 return true; 624 return true;
625 } 625 }
626 626
627 void SSLClientSocketOpenSSL::SetRenegotiationsAllowed(bool allowed) {
628 SSL_set_reject_peer_renegotiations(ssl_, allowed ? 0 : 1);
629 }
630
627 int SSLClientSocketOpenSSL::Read(IOBuffer* buf, 631 int SSLClientSocketOpenSSL::Read(IOBuffer* buf,
628 int buf_len, 632 int buf_len,
629 const CompletionCallback& callback) { 633 const CompletionCallback& callback) {
630 user_read_buf_ = buf; 634 user_read_buf_ = buf;
631 user_read_buf_len_ = buf_len; 635 user_read_buf_len_ = buf_len;
632 636
633 int rv = DoReadLoop(); 637 int rv = DoReadLoop();
634 638
635 if (rv == ERR_IO_PENDING) { 639 if (rv == ERR_IO_PENDING) {
636 user_read_callback_ = callback; 640 user_read_callback_ = callback;
(...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after
836 } 840 }
837 841
838 if (cert_verifier_->SupportsOCSPStapling()) 842 if (cert_verifier_->SupportsOCSPStapling())
839 SSL_enable_ocsp_stapling(ssl_); 843 SSL_enable_ocsp_stapling(ssl_);
840 844
841 // Enable fastradio padding. 845 // Enable fastradio padding.
842 SSL_enable_fastradio_padding(ssl_, 846 SSL_enable_fastradio_padding(ssl_,
843 ssl_config_.fastradio_padding_enabled && 847 ssl_config_.fastradio_padding_enabled &&
844 ssl_config_.fastradio_padding_eligible); 848 ssl_config_.fastradio_padding_eligible);
845 849
850 // By default, renegotiations are rejected. Callers may opt into accepting
851 // future handshakes after the initial one has completed.
852 SSL_set_reject_peer_renegotiations(ssl_, 1);
853
846 return OK; 854 return OK;
847 } 855 }
848 856
849 void SSLClientSocketOpenSSL::DoReadCallback(int rv) { 857 void SSLClientSocketOpenSSL::DoReadCallback(int rv) {
850 // Since Run may result in Read being called, clear |user_read_callback_| 858 // Since Run may result in Read being called, clear |user_read_callback_|
851 // up front. 859 // up front.
852 if (rv > 0) 860 if (rv > 0)
853 was_ever_used_ = true; 861 was_ever_used_ = true;
854 user_read_buf_ = NULL; 862 user_read_buf_ = NULL;
855 user_read_buf_len_ = 0; 863 user_read_buf_len_ = 0;
(...skipping 1029 matching lines...) Expand 10 before | Expand all | Expand 10 after
1885 1893
1886 return result; 1894 return result;
1887 } 1895 }
1888 1896
1889 scoped_refptr<X509Certificate> 1897 scoped_refptr<X509Certificate>
1890 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1898 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1891 return server_cert_; 1899 return server_cert_;
1892 } 1900 }
1893 1901
1894 } // namespace net 1902 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_nss.cc ('K') | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/stream_socket.h » ('j') | net/socket/stream_socket.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698