OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 825 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
836 memio_Private* buffers) { | 836 memio_Private* buffers) { |
837 DCHECK(OnNetworkTaskRunner()); | 837 DCHECK(OnNetworkTaskRunner()); |
838 DCHECK(!nss_fd_); | 838 DCHECK(!nss_fd_); |
839 DCHECK(!nss_bufs_); | 839 DCHECK(!nss_bufs_); |
840 | 840 |
841 nss_fd_ = socket; | 841 nss_fd_ = socket; |
842 nss_bufs_ = buffers; | 842 nss_bufs_ = buffers; |
843 | 843 |
844 SECStatus rv = SECSuccess; | 844 SECStatus rv = SECSuccess; |
845 | 845 |
846 if (!ssl_config_.next_protos.empty()) { | 846 if (!ssl_config_.alpn_protos.empty()) { |
847 NextProtoVector next_protos = ssl_config_.next_protos; | 847 NextProtoVector alpn_protos = ssl_config_.alpn_protos; |
848 // TODO(bnc): Check ssl_config_.disabled_cipher_suites. | 848 // TODO(bnc): Check ssl_config_.disabled_cipher_suites. |
849 if (!IsTLSVersionAdequateForHTTP2(ssl_config_)) | 849 if (!IsTLSVersionAdequateForHTTP2(ssl_config_)) |
850 DisableHTTP2(&next_protos); | 850 DisableHTTP2(&alpn_protos); |
851 // |ssl_config_| has fallback protocol at the end of the list, but NSS | 851 // |ssl_config_| has fallback protocol at the end of the list, but NSS |
852 // expects fallback at the first place, thus protocols need to be reordered. | 852 // expects fallback at the first place, thus protocols need to be reordered. |
853 ReorderNextProtos(&next_protos); | 853 ReorderNextProtos(&alpn_protos); |
854 std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos); | 854 std::vector<uint8_t> wire_protos = SerializeNextProtos(alpn_protos); |
855 rv = SSL_SetNextProtoNego( | 855 rv = SSL_SetNextProtoNego( |
856 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], | 856 nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], |
857 wire_protos.size()); | 857 wire_protos.size()); |
858 if (rv != SECSuccess) | 858 if (rv != SECSuccess) |
859 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); | 859 LogFailedNSSFunction(*weak_net_log_, "SSL_SetNextProtoNego", ""); |
860 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); | 860 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE); |
861 if (rv != SECSuccess) | 861 if (rv != SECSuccess) |
862 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); | 862 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN"); |
863 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); | 863 if (!ssl_config_.npn_protos.empty()) { |
864 if (rv != SECSuccess) | 864 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE); |
865 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN"); | 865 if (rv != SECSuccess) |
866 LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN"); | |
867 } | |
davidben
2015/10/13 20:55:59
We should have a comment somewhere in this block d
Bence
2015/10/14 14:55:59
Done.
| |
866 } | 868 } |
867 | 869 |
868 rv = SSL_AuthCertificateHook( | 870 rv = SSL_AuthCertificateHook( |
869 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this); | 871 nss_fd_, SSLClientSocketNSS::Core::OwnAuthCertHandler, this); |
870 if (rv != SECSuccess) { | 872 if (rv != SECSuccess) { |
871 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", ""); | 873 LogFailedNSSFunction(*weak_net_log_, "SSL_AuthCertificateHook", ""); |
872 return false; | 874 return false; |
873 } | 875 } |
874 | 876 |
875 rv = SSL_GetClientAuthDataHook( | 877 rv = SSL_GetClientAuthDataHook( |
(...skipping 2308 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3184 return channel_id_service_; | 3186 return channel_id_service_; |
3185 } | 3187 } |
3186 | 3188 |
3187 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3189 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
3188 if (completed_handshake_) | 3190 if (completed_handshake_) |
3189 return SSL_FAILURE_NONE; | 3191 return SSL_FAILURE_NONE; |
3190 return SSL_FAILURE_UNKNOWN; | 3192 return SSL_FAILURE_UNKNOWN; |
3191 } | 3193 } |
3192 | 3194 |
3193 } // namespace net | 3195 } // namespace net |
OLD | NEW |