Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(535)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 1387363004: Disable HTTP/2 over NPN (with OpenSSL). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Disable NPN in NSS if npn_protos.empty(). Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/log/net_log_util.cc ('K') | « net/socket/socket_test_util.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 825 matching lines...) Expand 10 before | Expand all | Expand 10 after
836 memio_Private* buffers) { 836 memio_Private* buffers) {
837 DCHECK(OnNetworkTaskRunner()); 837 DCHECK(OnNetworkTaskRunner());
838 DCHECK(!nss_fd_); 838 DCHECK(!nss_fd_);
839 DCHECK(!nss_bufs_); 839 DCHECK(!nss_bufs_);
840 840
841 nss_fd_ = socket; 841 nss_fd_ = socket;
842 nss_bufs_ = buffers; 842 nss_bufs_ = buffers;
843 843
844 SECStatus rv = SECSuccess; 844 SECStatus rv = SECSuccess;
845 845
846 if (!ssl_config_.next_protos.empty()) { 846 if (!ssl_config_.alpn_protos.empty()) {
847 NextProtoVector next_protos = ssl_config_.next_protos; 847 NextProtoVector alpn_protos = ssl_config_.alpn_protos;
848 // TODO(bnc): Check ssl_config_.disabled_cipher_suites. 848 // TODO(bnc): Check ssl_config_.disabled_cipher_suites.
849 if (!IsTLSVersionAdequateForHTTP2(ssl_config_)) 849 if (!IsTLSVersionAdequateForHTTP2(ssl_config_))
850 DisableHTTP2(&next_protos); 850 DisableHTTP2(&alpn_protos);
851 // |ssl_config_| has fallback protocol at the end of the list, but NSS 851 // |ssl_config_| has fallback protocol at the end of the list, but NSS
852 // expects fallback at the first place, thus protocols need to be reordered. 852 // expects fallback at the first place, thus protocols need to be reordered.
853 ReorderNextProtos(&next_protos); 853 ReorderNextProtos(&alpn_protos);
854 std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos); 854 std::vector<uint8_t> wire_protos = SerializeNextProtos(alpn_protos);
855 rv = SSL_SetNextProtoNego( 855 rv = SSL_SetNextProtoNego(
856 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], 856 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0],
857 wire_protos.size()); 857 wire_protos.size());
858 if (rv != SECSuccess) 858 if (rv != SECSuccess)
859 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); 859 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", "");
860 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); 860 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE);
861 if (rv != SECSuccess) 861 if (rv != SECSuccess)
862 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); 862 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN");
863 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); 863 if (!ssl_config_.npn_protos.empty()) {
864 if (rv != SECSuccess) 864 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE);
865 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN"); 865 if (rv != SECSuccess)
866 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN");
867 }
davidben 2015/10/13 20:55:59 We should have a comment somewhere in this block d
Bence 2015/10/14 14:55:59 Done.
866 } 868 }
867 869
868 rv = SSL_AuthCertificateHook( 870 rv = SSL_AuthCertificateHook(
869 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this); 871 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this);
870 if (rv != SECSuccess) { 872 if (rv != SECSuccess) {
871 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", ""); 873 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", "");
872 return false; 874 return false;
873 } 875 }
874 876
875 rv = SSL_GetClientAuthDataHook( 877 rv = SSL_GetClientAuthDataHook(
(...skipping 2308 matching lines...) Expand 10 before | Expand all | Expand 10 after
3184 return channel_id_service_; 3186 return channel_id_service_;
3185 } 3187 }
3186 3188
3187 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { 3189 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const {
3188 if (completed_handshake_) 3190 if (completed_handshake_)
3189 return SSL_FAILURE_NONE; 3191 return SSL_FAILURE_NONE;
3190 return SSL_FAILURE_UNKNOWN; 3192 return SSL_FAILURE_UNKNOWN;
3191 } 3193 }
3192 3194
3193 } // namespace net 3195 } // namespace net
OLDNEW
« net/log/net_log_util.cc ('K') | « net/socket/socket_test_util.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698