Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(430)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 1610833004: Remove Windows XP SHA-256 and ECDSA logic. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/browser_main_runner.cc ('K') | « net/net.gypi ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after
43 #include "net/cert/x509_util_openssl.h" 43 #include "net/cert/x509_util_openssl.h"
44 #include "net/http/transport_security_state.h" 44 #include "net/http/transport_security_state.h"
45 #include "net/ssl/scoped_openssl_types.h" 45 #include "net/ssl/scoped_openssl_types.h"
46 #include "net/ssl/ssl_cert_request_info.h" 46 #include "net/ssl/ssl_cert_request_info.h"
47 #include "net/ssl/ssl_client_session_cache_openssl.h" 47 #include "net/ssl/ssl_client_session_cache_openssl.h"
48 #include "net/ssl/ssl_connection_status_flags.h" 48 #include "net/ssl/ssl_connection_status_flags.h"
49 #include "net/ssl/ssl_failure_state.h" 49 #include "net/ssl/ssl_failure_state.h"
50 #include "net/ssl/ssl_info.h" 50 #include "net/ssl/ssl_info.h"
51 #include "net/ssl/ssl_private_key.h" 51 #include "net/ssl/ssl_private_key.h"
52 52
53 #if defined(OS_WIN)
54 #include "base/win/windows_version.h"
55 #endif
56
57 #if !defined(OS_NACL) 53 #if !defined(OS_NACL)
58 #include "net/ssl/ssl_key_logger.h" 54 #include "net/ssl/ssl_key_logger.h"
59 #endif 55 #endif
60 56
61 #if defined(USE_NSS_CERTS) || defined(OS_IOS) 57 #if defined(USE_NSS_CERTS) || defined(OS_IOS)
62 #include "net/cert_net/nss_ocsp.h" 58 #include "net/cert_net/nss_ocsp.h"
63 #endif 59 #endif
64 60
65 namespace net { 61 namespace net {
66 62
(...skipping 926 matching lines...) Expand 10 before | Expand all | Expand 10 after
993 989
994 // Remove any disabled ciphers. 990 // Remove any disabled ciphers.
995 for (uint16_t id : ssl_config_.disabled_cipher_suites) { 991 for (uint16_t id : ssl_config_.disabled_cipher_suites) {
996 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); 992 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id);
997 if (cipher) { 993 if (cipher) {
998 command.append(":!"); 994 command.append(":!");
999 command.append(SSL_CIPHER_get_name(cipher)); 995 command.append(SSL_CIPHER_get_name(cipher));
1000 } 996 }
1001 } 997 }
1002 998
1003 // Disable ECDSA cipher suites on platforms that do not support ECDSA
1004 // signed certificates, as servers may use the presence of such
1005 // ciphersuites as a hint to send an ECDSA certificate.
1006 #if defined(OS_WIN)
1007 if (base::win::GetVersion() < base::win::VERSION_VISTA)
1008 command.append(":!ECDSA");
1009 #endif
1010
1011 int rv = SSL_set_cipher_list(ssl_, command.c_str()); 999 int rv = SSL_set_cipher_list(ssl_, command.c_str());
1012 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL. 1000 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL.
1013 // This will almost certainly result in the socket failing to complete the 1001 // This will almost certainly result in the socket failing to complete the
1014 // handshake at which point the appropriate error is bubbled up to the client. 1002 // handshake at which point the appropriate error is bubbled up to the client.
1015 LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') " 1003 LOG_IF(WARNING, rv != 1) << "SSL_set_cipher_list('" << command << "') "
1016 "returned " << rv; 1004 "returned " << rv;
1017 1005
1018 // TLS channel ids. 1006 // TLS channel ids.
1019 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) { 1007 if (IsChannelIDEnabled(ssl_config_, channel_id_service_)) {
1020 SSL_enable_tls_channel_id(ssl_); 1008 SSL_enable_tls_channel_id(ssl_);
(...skipping 1283 matching lines...) Expand 10 before | Expand all | Expand 10 after
2304 tb_was_negotiated_ = true; 2292 tb_was_negotiated_ = true;
2305 return 1; 2293 return 1;
2306 } 2294 }
2307 } 2295 }
2308 2296
2309 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER; 2297 *out_alert_value = SSL_AD_ILLEGAL_PARAMETER;
2310 return 0; 2298 return 0;
2311 } 2299 }
2312 2300
2313 } // namespace net 2301 } // namespace net
OLDNEW
« content/browser/browser_main_runner.cc ('K') | « net/net.gypi ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698