Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(134)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 1387363004: Disable HTTP/2 over NPN (with OpenSSL). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Re: #7. Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/socket_test_util.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 825 matching lines...) Expand 10 before | Expand all | Expand 10 after
836 memio_Private* buffers) { 836 memio_Private* buffers) {
837 DCHECK(OnNetworkTaskRunner()); 837 DCHECK(OnNetworkTaskRunner());
838 DCHECK(!nss_fd_); 838 DCHECK(!nss_fd_);
839 DCHECK(!nss_bufs_); 839 DCHECK(!nss_bufs_);
840 840
841 nss_fd_ = socket; 841 nss_fd_ = socket;
842 nss_bufs_ = buffers; 842 nss_bufs_ = buffers;
843 843
844 SECStatus rv = SECSuccess; 844 SECStatus rv = SECSuccess;
845 845
846 if (!ssl_config_.next_protos.empty()) { 846 if (!ssl_config_.alpn_protos.empty()) {
847 NextProtoVector next_protos = ssl_config_.next_protos; 847 NextProtoVector alpn_protos = ssl_config_.alpn_protos;
848 // TODO(bnc): Check ssl_config_.disabled_cipher_suites. 848 // TODO(bnc): Check ssl_config_.disabled_cipher_suites.
849 if (!IsTLSVersionAdequateForHTTP2(ssl_config_)) 849 if (!IsTLSVersionAdequateForHTTP2(ssl_config_))
850 DisableHTTP2(&next_protos); 850 DisableHTTP2(&alpn_protos);
851 // |ssl_config_| has fallback protocol at the end of the list, but NSS 851 // |ssl_config_| has fallback protocol at the end of the list, but NSS
852 // expects fallback at the first place, thus protocols need to be reordered. 852 // expects fallback at the first place, thus protocols need to be reordered.
853 ReorderNextProtos(&next_protos); 853 ReorderNextProtos(&alpn_protos);
854 std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos); 854 // NSS only supports a single protocol vector to be used with ALPN and NPN.
855 // Because of this limitation, |alpn_prototos| will be used for both.
856 // However, it is possible to enable ALPN and NPN separately.
857 std::vector<uint8_t> wire_protos = SerializeNextProtos(alpn_protos);
855 rv = SSL_SetNextProtoNego( 858 rv = SSL_SetNextProtoNego(
856 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], 859 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0],
857 wire_protos.size()); 860 wire_protos.size());
858 if (rv != SECSuccess) 861 if (rv != SECSuccess)
859 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); 862 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", "");
860 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); 863 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE);
861 if (rv != SECSuccess) 864 if (rv != SECSuccess)
862 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); 865 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN");
863 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); 866 if (!ssl_config_.npn_protos.empty()) {
864 if (rv != SECSuccess) 867 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE);
865 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN"); 868 if (rv != SECSuccess)
869 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN");
870 }
866 } 871 }
867 872
868 rv = SSL_AuthCertificateHook( 873 rv = SSL_AuthCertificateHook(
869 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this); 874 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this);
870 if (rv != SECSuccess) { 875 if (rv != SECSuccess) {
871 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", ""); 876 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", "");
872 return false; 877 return false;
873 } 878 }
874 879
875 rv = SSL_GetClientAuthDataHook( 880 rv = SSL_GetClientAuthDataHook(
(...skipping 2308 matching lines...) Expand 10 before | Expand all | Expand 10 after
3184 return channel_id_service_; 3189 return channel_id_service_;
3185 } 3190 }
3186 3191
3187 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { 3192 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const {
3188 if (completed_handshake_) 3193 if (completed_handshake_)
3189 return SSL_FAILURE_NONE; 3194 return SSL_FAILURE_NONE;
3190 return SSL_FAILURE_UNKNOWN; 3195 return SSL_FAILURE_UNKNOWN;
3191 } 3196 }
3192 3197
3193 } // namespace net 3198 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/socket_test_util.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698