| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" | 5 #include "remoting/protocol/ssl_hmac_channel_authenticator.h" |
| 6 | 6 |
| 7 #include "base/bind.h" | 7 #include "base/bind.h" |
| 8 #include "base/bind_helpers.h" | 8 #include "base/bind_helpers.h" |
| 9 #include "base/callback_helpers.h" | 9 #include "base/callback_helpers.h" |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 225 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 236 cert_and_status.der_cert = remote_cert_; | 236 cert_and_status.der_cert = remote_cert_; |
| 237 | 237 |
| 238 net::SSLConfig ssl_config; | 238 net::SSLConfig ssl_config; |
| 239 // Certificate verification and revocation checking are not needed | 239 // Certificate verification and revocation checking are not needed |
| 240 // because we use self-signed certs. Disable it so that the SSL | 240 // because we use self-signed certs. Disable it so that the SSL |
| 241 // layer doesn't try to initialize OCSP (OCSP works only on the IO | 241 // layer doesn't try to initialize OCSP (OCSP works only on the IO |
| 242 // thread). | 242 // thread). |
| 243 ssl_config.cert_io_enabled = false; | 243 ssl_config.cert_io_enabled = false; |
| 244 ssl_config.rev_checking_enabled = false; | 244 ssl_config.rev_checking_enabled = false; |
| 245 ssl_config.allowed_bad_certs.push_back(cert_and_status); | 245 ssl_config.allowed_bad_certs.push_back(cert_and_status); |
| 246 ssl_config.require_ecdhe = false; | 246 ssl_config.require_ecdhe = true; |
| 247 | 247 |
| 248 net::HostPortPair host_and_port(kSslFakeHostName, 0); | 248 net::HostPortPair host_and_port(kSslFakeHostName, 0); |
| 249 net::SSLClientSocketContext context; | 249 net::SSLClientSocketContext context; |
| 250 context.transport_security_state = transport_security_state_.get(); | 250 context.transport_security_state = transport_security_state_.get(); |
| 251 context.cert_verifier = cert_verifier_.get(); | 251 context.cert_verifier = cert_verifier_.get(); |
| 252 scoped_ptr<net::ClientSocketHandle> socket_handle( | 252 scoped_ptr<net::ClientSocketHandle> socket_handle( |
| 253 new net::ClientSocketHandle); | 253 new net::ClientSocketHandle); |
| 254 socket_handle->SetSocket( | 254 socket_handle->SetSocket( |
| 255 make_scoped_ptr(new NetStreamSocketAdapter(socket.Pass()))); | 255 make_scoped_ptr(new NetStreamSocketAdapter(socket.Pass()))); |
| 256 | 256 |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 424 make_scoped_ptr(new P2PStreamSocketAdapter(socket_.Pass()))); | 424 make_scoped_ptr(new P2PStreamSocketAdapter(socket_.Pass()))); |
| 425 } | 425 } |
| 426 } | 426 } |
| 427 | 427 |
| 428 void SslHmacChannelAuthenticator::NotifyError(int error) { | 428 void SslHmacChannelAuthenticator::NotifyError(int error) { |
| 429 base::ResetAndReturn(&done_callback_).Run(error, nullptr); | 429 base::ResetAndReturn(&done_callback_).Run(error, nullptr); |
| 430 } | 430 } |
| 431 | 431 |
| 432 } // namespace protocol | 432 } // namespace protocol |
| 433 } // namespace remoting | 433 } // namespace remoting |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1262313003:
Require ECDHE in the CRD client. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master