OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 840 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
851 | 851 |
852 SECStatus rv = SECSuccess; | 852 SECStatus rv = SECSuccess; |
853 | 853 |
854 if (!ssl_config_.next_protos.empty()) { | 854 if (!ssl_config_.next_protos.empty()) { |
855 // TODO(bnc): Check ssl_config_.disabled_cipher_suites. | 855 // TODO(bnc): Check ssl_config_.disabled_cipher_suites. |
856 const bool adequate_encryption = | 856 const bool adequate_encryption = |
857 PK11_TokenExists(CKM_AES_GCM) || | 857 PK11_TokenExists(CKM_AES_GCM) || |
858 PK11_TokenExists(CKM_NSS_CHACHA20_POLY1305); | 858 PK11_TokenExists(CKM_NSS_CHACHA20_POLY1305); |
859 const bool adequate_key_agreement = PK11_TokenExists(CKM_DH_PKCS_DERIVE) || | 859 const bool adequate_key_agreement = PK11_TokenExists(CKM_DH_PKCS_DERIVE) || |
860 PK11_TokenExists(CKM_ECDH1_DERIVE); | 860 PK11_TokenExists(CKM_ECDH1_DERIVE); |
861 std::vector<uint8_t> wire_protos = | 861 NextProtoVector next_protos = ssl_config_.next_protos; |
862 SerializeNextProtos(ssl_config_.next_protos, | 862 if (!adequate_encryption || !adequate_key_agreement || |
863 adequate_encryption && adequate_key_agreement && | 863 !IsTLSVersionAdequateForHTTP2(ssl_config_)) { |
864 IsTLSVersionAdequateForHTTP2(ssl_config_)); | 864 DisableHTTP2(&next_protos); |
| 865 } |
| 866 std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos); |
865 rv = SSL_SetNextProtoNego( | 867 rv = SSL_SetNextProtoNego( |
866 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], | 868 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], |
867 wire_protos.size()); | 869 wire_protos.size()); |
868 if (rv != SECSuccess) | 870 if (rv != SECSuccess) |
869 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); | 871 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); |
870 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); | 872 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); |
871 if (rv != SECSuccess) | 873 if (rv != SECSuccess) |
872 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); | 874 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); |
873 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); | 875 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); |
874 if (rv != SECSuccess) | 876 if (rv != SECSuccess) |
(...skipping 2323 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3198 return channel_id_service_; | 3200 return channel_id_service_; |
3199 } | 3201 } |
3200 | 3202 |
3201 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3203 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
3202 if (completed_handshake_) | 3204 if (completed_handshake_) |
3203 return SSL_FAILURE_NONE; | 3205 return SSL_FAILURE_NONE; |
3204 return SSL_FAILURE_UNKNOWN; | 3206 return SSL_FAILURE_UNKNOWN; |
3205 } | 3207 } |
3206 | 3208 |
3207 } // namespace net | 3209 } // namespace net |
OLD | NEW |