net/socket/ssl_client_socket_nss.cc - Issue 1387363004: Disable HTTP/2 over NPN (with OpenSSL).

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 1387363004: Disable HTTP/2 over NPN (with OpenSSL). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Disable NPN in NSS if npn_protos.empty(). Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_nss.cc

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc

index 6d9760fae40cb0c82c1d02fb90e0b32f3f7cc212..3268308a1fe2667c2236849ac492cf42ae945094 100644

--- a/net/socket/ssl_client_socket_nss.cc

+++ b/net/socket/ssl_client_socket_nss.cc

@@ -843,15 +843,15 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,

SECStatus rv = SECSuccess;

- if (!ssl_config_.next_protos.empty()) {

- NextProtoVector next_protos = ssl_config_.next_protos;

+ if (!ssl_config_.alpn_protos.empty()) {

+ NextProtoVector alpn_protos = ssl_config_.alpn_protos;

// TODO(bnc): Check ssl_config_.disabled_cipher_suites.

if (!IsTLSVersionAdequateForHTTP2(ssl_config_))

- DisableHTTP2(&next_protos);

+ DisableHTTP2(&alpn_protos);

// |ssl_config_| has fallback protocol at the end of the list, but NSS

// expects fallback at the first place, thus protocols need to be reordered.

- ReorderNextProtos(&next_protos);

- std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos);

+ ReorderNextProtos(&alpn_protos);

+ std::vector<uint8_t> wire_protos = SerializeNextProtos(alpn_protos);

rv = SSL_SetNextProtoNego(

nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0],

wire_protos.size());

@@ -860,9 +860,11 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket,

rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ALPN, PR_TRUE);

if (rv != SECSuccess)

LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_ALPN");

- rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE);

- if (rv != SECSuccess)

- LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN");

+ if (!ssl_config_.npn_protos.empty()) {

+ rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_NPN, PR_TRUE);

+ if (rv != SECSuccess)

+ LogFailedNSSFunction(*weak_net_log_, "SSL_OptionSet", "SSL_ENABLE_NPN");

+ }

davidben 2015/10/13 20:55:59 We should have a comment somewhere in this block d

Bence 2015/10/14 14:55:59 Done.

}

rv = SSL_AuthCertificateHook(

« net/log/net_log_util.cc ('K') | « net/socket/socket_test_util.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')