OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 2762 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2773 } | 2773 } |
2774 | 2774 |
2775 for (std::vector<uint16>::const_iterator it = | 2775 for (std::vector<uint16>::const_iterator it = |
2776 ssl_config_.disabled_cipher_suites.begin(); | 2776 ssl_config_.disabled_cipher_suites.begin(); |
2777 it != ssl_config_.disabled_cipher_suites.end(); ++it) { | 2777 it != ssl_config_.disabled_cipher_suites.end(); ++it) { |
2778 // This will fail if the specified cipher is not implemented by NSS, but | 2778 // This will fail if the specified cipher is not implemented by NSS, but |
2779 // the failure is harmless. | 2779 // the failure is harmless. |
2780 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); | 2780 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); |
2781 } | 2781 } |
2782 | 2782 |
2783 if (!ssl_config_.enable_deprecated_cipher_suites) { | 2783 if (!ssl_config_.rc4_enabled) { |
2784 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); | 2784 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); |
2785 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); | 2785 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); |
2786 for (int i = 0; i < num_ciphers; i++) { | 2786 for (int i = 0; i < num_ciphers; i++) { |
2787 SSLCipherSuiteInfo info; | 2787 SSLCipherSuiteInfo info; |
2788 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) != | 2788 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) != |
2789 SECSuccess) { | 2789 SECSuccess) { |
2790 continue; | 2790 continue; |
2791 } | 2791 } |
2792 if (info.symCipher == ssl_calg_rc4) | 2792 if (info.symCipher == ssl_calg_rc4) |
2793 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); | 2793 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2899 case SSL_PROTOCOL_VERSION_TLS1_1: | 2899 case SSL_PROTOCOL_VERSION_TLS1_1: |
2900 peer_id += "tls1.1"; | 2900 peer_id += "tls1.1"; |
2901 break; | 2901 break; |
2902 case SSL_PROTOCOL_VERSION_TLS1_2: | 2902 case SSL_PROTOCOL_VERSION_TLS1_2: |
2903 peer_id += "tls1.2"; | 2903 peer_id += "tls1.2"; |
2904 break; | 2904 break; |
2905 default: | 2905 default: |
2906 NOTREACHED(); | 2906 NOTREACHED(); |
2907 } | 2907 } |
2908 peer_id += "/"; | 2908 peer_id += "/"; |
2909 if (ssl_config_.enable_deprecated_cipher_suites) | 2909 if (ssl_config_.deprecated_cipher_suites_enabled) |
2910 peer_id += "deprecated"; | 2910 peer_id += "deprecated"; |
2911 | 2911 |
2912 peer_id += "/"; | 2912 peer_id += "/"; |
2913 if (ssl_config_.channel_id_enabled) | 2913 if (ssl_config_.channel_id_enabled) |
2914 peer_id += "channelid"; | 2914 peer_id += "channelid"; |
2915 | 2915 |
2916 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); | 2916 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); |
2917 if (rv != SECSuccess) | 2917 if (rv != SECSuccess) |
2918 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); | 2918 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); |
2919 | 2919 |
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3189 return channel_id_service_; | 3189 return channel_id_service_; |
3190 } | 3190 } |
3191 | 3191 |
3192 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3192 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
3193 if (completed_handshake_) | 3193 if (completed_handshake_) |
3194 return SSL_FAILURE_NONE; | 3194 return SSL_FAILURE_NONE; |
3195 return SSL_FAILURE_UNKNOWN; | 3195 return SSL_FAILURE_UNKNOWN; |
3196 } | 3196 } |
3197 | 3197 |
3198 } // namespace net | 3198 } // namespace net |
OLD | NEW |