| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 3193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3204 } | 3204 } |
| 3205 #endif | 3205 #endif |
| 3206 | 3206 |
| 3207 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, | 3207 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, |
| 3208 ssl_config_.signed_cert_timestamps_enabled); | 3208 ssl_config_.signed_cert_timestamps_enabled); |
| 3209 if (rv != SECSuccess) { | 3209 if (rv != SECSuccess) { |
| 3210 LogFailedNSSFunction(net_log_, "SSL_OptionSet", | 3210 LogFailedNSSFunction(net_log_, "SSL_OptionSet", |
| 3211 "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS"); | 3211 "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS"); |
| 3212 } | 3212 } |
| 3213 | 3213 |
| 3214 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ENCRYPT_THEN_MAC, PR_TRUE); |
| 3215 if (rv != SECSuccess) { |
| 3216 LogFailedNSSFunction( |
| 3217 net_log_, "SSL_OptionSet", "SSL_ENABLE_ENCRYPT_THEN_MAC"); |
| 3218 } |
| 3219 |
| 3214 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | 3220 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); |
| 3215 if (rv != SECSuccess) { | 3221 if (rv != SECSuccess) { |
| 3216 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); | 3222 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); |
| 3217 return ERR_UNEXPECTED; | 3223 return ERR_UNEXPECTED; |
| 3218 } | 3224 } |
| 3219 | 3225 |
| 3220 if (!core_->Init(nss_fd_, nss_bufs)) | 3226 if (!core_->Init(nss_fd_, nss_bufs)) |
| 3221 return ERR_UNEXPECTED; | 3227 return ERR_UNEXPECTED; |
| 3222 | 3228 |
| 3223 // Tell SSL the hostname we're trying to connect to. | 3229 // Tell SSL the hostname we're trying to connect to. |
| (...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3582 SignedCertificateTimestampAndStatus(*iter, | 3588 SignedCertificateTimestampAndStatus(*iter, |
| 3583 ct::SCT_STATUS_LOG_UNKNOWN)); | 3589 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 3584 } | 3590 } |
| 3585 } | 3591 } |
| 3586 | 3592 |
| 3587 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3593 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
| 3588 return server_bound_cert_service_; | 3594 return server_bound_cert_service_; |
| 3589 } | 3595 } |
| 3590 | 3596 |
| 3591 } // namespace net | 3597 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 166273026:
Implement the encrypt-then-MAC TLS extension. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/