Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(41)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 1139013002: Completely remove SSLv3 support. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« extensions/browser/api/socket/tls_socket.cc ('K') | « net/socket/client_socket_pool_manager.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 2042 matching lines...) Expand 10 before | Expand all | Expand 10 after
2053 channel_info.length == sizeof(channel_info) && 2053 channel_info.length == sizeof(channel_info) &&
2054 channel_info.cipherSuite) { 2054 channel_info.cipherSuite) {
2055 nss_handshake_state_.ssl_connection_status |= channel_info.cipherSuite; 2055 nss_handshake_state_.ssl_connection_status |= channel_info.cipherSuite;
2056 2056
2057 nss_handshake_state_.ssl_connection_status |= 2057 nss_handshake_state_.ssl_connection_status |=
2058 (static_cast<int>(channel_info.compressionMethod) & 2058 (static_cast<int>(channel_info.compressionMethod) &
2059 SSL_CONNECTION_COMPRESSION_MASK) << 2059 SSL_CONNECTION_COMPRESSION_MASK) <<
2060 SSL_CONNECTION_COMPRESSION_SHIFT; 2060 SSL_CONNECTION_COMPRESSION_SHIFT;
2061 2061
2062 int version = SSL_CONNECTION_VERSION_UNKNOWN; 2062 int version = SSL_CONNECTION_VERSION_UNKNOWN;
2063 if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) { 2063 if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_0) {
2064 // All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL
2065 // version 2.
2066 version = SSL_CONNECTION_VERSION_SSL2;
2067 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_0) {
2068 version = SSL_CONNECTION_VERSION_SSL3;
2069 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_0) {
2070 version = SSL_CONNECTION_VERSION_TLS1; 2064 version = SSL_CONNECTION_VERSION_TLS1;
2071 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_1) { 2065 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_1) {
2072 version = SSL_CONNECTION_VERSION_TLS1_1; 2066 version = SSL_CONNECTION_VERSION_TLS1_1;
2073 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_2) { 2067 } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_2) {
2074 version = SSL_CONNECTION_VERSION_TLS1_2; 2068 version = SSL_CONNECTION_VERSION_TLS1_2;
2075 } 2069 }
2070 DCHECK_NE(SSL_CONNECTION_VERSION_UNKNOWN, version);
2076 nss_handshake_state_.ssl_connection_status |= 2071 nss_handshake_state_.ssl_connection_status |=
2077 (version & SSL_CONNECTION_VERSION_MASK) << 2072 (version & SSL_CONNECTION_VERSION_MASK) <<
2078 SSL_CONNECTION_VERSION_SHIFT; 2073 SSL_CONNECTION_VERSION_SHIFT;
2079 } 2074 }
2080 2075
2081 PRBool peer_supports_renego_ext; 2076 PRBool peer_supports_renego_ext;
2082 ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn, 2077 ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
2083 &peer_supports_renego_ext); 2078 &peer_supports_renego_ext);
2084 if (ok == SECSuccess) { 2079 if (ok == SECSuccess) {
2085 if (!peer_supports_renego_ext) { 2080 if (!peer_supports_renego_ext) {
(...skipping 822 matching lines...) Expand 10 before | Expand all | Expand 10 after
2908 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address 2903 // SSL tunnel through a proxy -- GetPeerName returns the proxy's address
2909 // rather than the destination server's address in that case. 2904 // rather than the destination server's address in that case.
2910 std::string peer_id = host_and_port_.ToString(); 2905 std::string peer_id = host_and_port_.ToString();
2911 // Append |ssl_session_cache_shard_| to the peer id. This is used to partition 2906 // Append |ssl_session_cache_shard_| to the peer id. This is used to partition
2912 // the session cache for incognito mode. 2907 // the session cache for incognito mode.
2913 peer_id += "/" + ssl_session_cache_shard_; 2908 peer_id += "/" + ssl_session_cache_shard_;
2914 peer_id += "/"; 2909 peer_id += "/";
2915 // Shard the session cache based on maximum protocol version. This causes 2910 // Shard the session cache based on maximum protocol version. This causes
2916 // fallback connections to use a separate session cache. 2911 // fallback connections to use a separate session cache.
2917 switch (ssl_config_.version_max) { 2912 switch (ssl_config_.version_max) {
2918 case SSL_PROTOCOL_VERSION_SSL3:
2919 peer_id += "ssl3";
2920 break;
2921 case SSL_PROTOCOL_VERSION_TLS1: 2913 case SSL_PROTOCOL_VERSION_TLS1:
2922 peer_id += "tls1"; 2914 peer_id += "tls1";
2923 break; 2915 break;
2924 case SSL_PROTOCOL_VERSION_TLS1_1: 2916 case SSL_PROTOCOL_VERSION_TLS1_1:
2925 peer_id += "tls1.1"; 2917 peer_id += "tls1.1";
2926 break; 2918 break;
2927 case SSL_PROTOCOL_VERSION_TLS1_2: 2919 case SSL_PROTOCOL_VERSION_TLS1_2:
2928 peer_id += "tls1.2"; 2920 peer_id += "tls1.2";
2929 break; 2921 break;
2930 default: 2922 default:
(...skipping 275 matching lines...) Expand 10 before | Expand all | Expand 10 after
3206 scoped_refptr<X509Certificate> 3198 scoped_refptr<X509Certificate>
3207 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { 3199 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
3208 return core_->state().server_cert.get(); 3200 return core_->state().server_cert.get();
3209 } 3201 }
3210 3202
3211 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { 3203 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
3212 return channel_id_service_; 3204 return channel_id_service_;
3213 } 3205 }
3214 3206
3215 } // namespace net 3207 } // namespace net
OLDNEW
« extensions/browser/api/socket/tls_socket.cc ('K') | « net/socket/client_socket_pool_manager.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_openssl.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698