| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 131 cert_and_status.der_cert = remote_cert_; | 131 cert_and_status.der_cert = remote_cert_; |
| 132 | 132 |
| 133 net::SSLConfig ssl_config; | 133 net::SSLConfig ssl_config; |
| 134 // Certificate verification and revocation checking are not needed | 134 // Certificate verification and revocation checking are not needed |
| 135 // because we use self-signed certs. Disable it so that the SSL | 135 // because we use self-signed certs. Disable it so that the SSL |
| 136 // layer doesn't try to initialize OCSP (OCSP works only on the IO | 136 // layer doesn't try to initialize OCSP (OCSP works only on the IO |
| 137 // thread). | 137 // thread). |
| 138 ssl_config.cert_io_enabled = false; | 138 ssl_config.cert_io_enabled = false; |
| 139 ssl_config.rev_checking_enabled = false; | 139 ssl_config.rev_checking_enabled = false; |
| 140 ssl_config.allowed_bad_certs.push_back(cert_and_status); | 140 ssl_config.allowed_bad_certs.push_back(cert_and_status); |
| 141 ssl_config.require_ecdhe = true; |
| 141 | 142 |
| 142 net::HostPortPair host_and_port(kSslFakeHostName, 0); | 143 net::HostPortPair host_and_port(kSslFakeHostName, 0); |
| 143 net::SSLClientSocketContext context; | 144 net::SSLClientSocketContext context; |
| 144 context.transport_security_state = transport_security_state_.get(); | 145 context.transport_security_state = transport_security_state_.get(); |
| 145 context.cert_verifier = cert_verifier_.get(); | 146 context.cert_verifier = cert_verifier_.get(); |
| 146 scoped_ptr<net::ClientSocketHandle> socket_handle( | 147 scoped_ptr<net::ClientSocketHandle> socket_handle( |
| 147 new net::ClientSocketHandle); | 148 new net::ClientSocketHandle); |
| 148 socket_handle->SetSocket(socket.Pass()); | 149 socket_handle->SetSocket(socket.Pass()); |
| 149 | 150 |
| 150 #if defined(OS_NACL) | 151 #if defined(OS_NACL) |
| (...skipping 163 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 314 base::ResetAndReturn(&done_callback_).Run(net::OK, socket_.Pass()); | 315 base::ResetAndReturn(&done_callback_).Run(net::OK, socket_.Pass()); |
| 315 } | 316 } |
| 316 } | 317 } |
| 317 | 318 |
| 318 void SslHmacChannelAuthenticator::NotifyError(int error) { | 319 void SslHmacChannelAuthenticator::NotifyError(int error) { |
| 319 base::ResetAndReturn(&done_callback_).Run(error, nullptr); | 320 base::ResetAndReturn(&done_callback_).Run(error, nullptr); |
| 320 } | 321 } |
| 321 | 322 |
| 322 } // namespace protocol | 323 } // namespace protocol |
| 323 } // namespace remoting | 324 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1191623002:
Require ECDHE cipher in remoting client. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master