net/socket/ssl_client_socket_nss.cc - Issue 1371263002: Refactor SSLClientSocket::SerializeNextProtos().

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 1371263002: Refactor SSLClientSocket::SerializeNextProtos(). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived	5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived

6 // from AuthCertificateCallback() in	6 // from AuthCertificateCallback() in

7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.	7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.

8	8

9 /* *** BEGIN LICENSE BLOCK ***	9 /* *** BEGIN LICENSE BLOCK ***

10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

(...skipping 839 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
850 nss_bufs_ = buffers;	850 nss_bufs_ = buffers;

851	851

852 SECStatus rv = SECSuccess;	852 SECStatus rv = SECSuccess;

853	853

854 if (!ssl_config_.next_protos.empty()) {	854 if (!ssl_config_.next_protos.empty()) {

855 // TODO(bnc): Check ssl_config_.disabled_cipher_suites.	855 // TODO(bnc): Check ssl_config_.disabled_cipher_suites.

856 const bool adequate_encryption =	856 const bool adequate_encryption =

857 PK11_TokenExists(CKM_AES_GCM) \|\|	857 PK11_TokenExists(CKM_AES_GCM) \|\|

858 PK11_TokenExists(CKM_NSS_CHACHA20_POLY1305);	858 PK11_TokenExists(CKM_NSS_CHACHA20_POLY1305);

859 const bool adequate_key_agreement = PK11_TokenExists(CKM_DH_PKCS_DERIVE) \|\|	859 const bool adequate_key_agreement = PK11_TokenExists(CKM_DH_PKCS_DERIVE) \|\|

860 PK11_TokenExists(CKM_ECDH1_DERIVE);	860 PK11_TokenExists(CKM_ECDH1_DERIVE);
	davidben 2015/09/28 22:16:23 (Ooh! Thanks for reminding me! We can rip all of t (Ooh! Thanks for reminding me! We can rip all of this out now because we don't have to deal with system NSS like this anymore. I'll do that separately.)
861 std::vector<uint8_t> wire_protos =	861 NextProtoVector next_protos = ssl_config_.next_protos;

862 SerializeNextProtos(ssl_config_.next_protos,	862 if (!adequate_encryption \|\| !adequate_key_agreement \|\|

863 adequate_encryption && adequate_key_agreement &&	863 !IsTLSVersionAdequateForHTTP2(ssl_config_)) {

864 IsTLSVersionAdequateForHTTP2(ssl_config_));	864 DisableHTTP2(&next_protos);

	865 }

	866 std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos);

865 rv = SSL_SetNextProtoNego(	867 rv = SSL_SetNextProtoNego(

866 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0],	868 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0],

867 wire_protos.size());	869 wire_protos.size());

868 if (rv != SECSuccess)	870 if (rv != SECSuccess)

869 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", "");	871 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", "");

870 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE);	872 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE);

871 if (rv != SECSuccess)	873 if (rv != SECSuccess)

872 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN");	874 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN");

873 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE);	875 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE);

874 if (rv != SECSuccess)	876 if (rv != SECSuccess)

(...skipping 2323 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3198 return channel_id_service_;	3200 return channel_id_service_;

3199 }	3201 }

3200	3202

3201 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const {	3203 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const {

3202 if (completed_handshake_)	3204 if (completed_handshake_)

3203 return SSL_FAILURE_NONE;	3205 return SSL_FAILURE_NONE;

3204 return SSL_FAILURE_UNKNOWN;	3206 return SSL_FAILURE_UNKNOWN;

3205 }	3207 }

3206	3208

3207 } // namespace net	3209 } // namespace net

OLD	NEW

« net/socket/ssl_client_socket.h ('K') | « net/socket/ssl_client_socket.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »