OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 927 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
938 // Get list of ciphers that are enabled. | 938 // Get list of ciphers that are enabled. |
939 STACK_OF(SSL_CIPHER)* enabled_ciphers = SSL_get_ciphers(ssl_); | 939 STACK_OF(SSL_CIPHER)* enabled_ciphers = SSL_get_ciphers(ssl_); |
940 DCHECK(enabled_ciphers); | 940 DCHECK(enabled_ciphers); |
941 std::vector<uint16> enabled_ciphers_vector; | 941 std::vector<uint16> enabled_ciphers_vector; |
942 for (size_t i = 0; i < sk_SSL_CIPHER_num(enabled_ciphers); ++i) { | 942 for (size_t i = 0; i < sk_SSL_CIPHER_num(enabled_ciphers); ++i) { |
943 const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(enabled_ciphers, i); | 943 const SSL_CIPHER* cipher = sk_SSL_CIPHER_value(enabled_ciphers, i); |
944 const uint16 id = static_cast<uint16>(SSL_CIPHER_get_id(cipher)); | 944 const uint16 id = static_cast<uint16>(SSL_CIPHER_get_id(cipher)); |
945 enabled_ciphers_vector.push_back(id); | 945 enabled_ciphers_vector.push_back(id); |
946 } | 946 } |
947 | 947 |
948 std::vector<uint8_t> wire_protos = | 948 NextProtoVector next_protos = ssl_config_.next_protos; |
949 SerializeNextProtos(ssl_config_.next_protos, | 949 if (!HasCipherAdequateForHTTP2(enabled_ciphers_vector) || |
950 HasCipherAdequateForHTTP2(enabled_ciphers_vector) && | 950 !IsTLSVersionAdequateForHTTP2(ssl_config_)) { |
951 IsTLSVersionAdequateForHTTP2(ssl_config_)); | 951 DisableHTTP2(&next_protos); |
| 952 } |
| 953 std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos); |
952 SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0], | 954 SSL_set_alpn_protos(ssl_, wire_protos.empty() ? NULL : &wire_protos[0], |
953 wire_protos.size()); | 955 wire_protos.size()); |
954 } | 956 } |
955 | 957 |
956 if (ssl_config_.signed_cert_timestamps_enabled) { | 958 if (ssl_config_.signed_cert_timestamps_enabled) { |
957 SSL_enable_signed_cert_timestamps(ssl_); | 959 SSL_enable_signed_cert_timestamps(ssl_); |
958 SSL_enable_ocsp_stapling(ssl_); | 960 SSL_enable_ocsp_stapling(ssl_); |
959 } | 961 } |
960 | 962 |
961 if (cert_verifier_->SupportsOCSPStapling()) | 963 if (cert_verifier_->SupportsOCSPStapling()) |
(...skipping 1172 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2134 OnHandshakeIOComplete(signature_result_); | 2136 OnHandshakeIOComplete(signature_result_); |
2135 return; | 2137 return; |
2136 } | 2138 } |
2137 | 2139 |
2138 // During a renegotiation, either Read or Write calls may be blocked on an | 2140 // During a renegotiation, either Read or Write calls may be blocked on an |
2139 // asynchronous private key operation. | 2141 // asynchronous private key operation. |
2140 PumpReadWriteEvents(); | 2142 PumpReadWriteEvents(); |
2141 } | 2143 } |
2142 | 2144 |
2143 } // namespace net | 2145 } // namespace net |
OLD | NEW |