OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 3193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3204 } | 3204 } |
3205 #endif | 3205 #endif |
3206 | 3206 |
3207 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, | 3207 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS, |
3208 ssl_config_.signed_cert_timestamps_enabled); | 3208 ssl_config_.signed_cert_timestamps_enabled); |
3209 if (rv != SECSuccess) { | 3209 if (rv != SECSuccess) { |
3210 LogFailedNSSFunction(net_log_, "SSL_OptionSet", | 3210 LogFailedNSSFunction(net_log_, "SSL_OptionSet", |
3211 "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS"); | 3211 "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS"); |
3212 } | 3212 } |
3213 | 3213 |
| 3214 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_ENCRYPT_THEN_MAC, PR_TRUE); |
| 3215 if (rv != SECSuccess) { |
| 3216 LogFailedNSSFunction( |
| 3217 net_log_, "SSL_OptionSet", "SSL_ENABLE_ENCRYPT_THEN_MAC"); |
| 3218 } |
| 3219 |
3214 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | 3220 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); |
3215 if (rv != SECSuccess) { | 3221 if (rv != SECSuccess) { |
3216 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); | 3222 LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_HANDSHAKE_AS_CLIENT"); |
3217 return ERR_UNEXPECTED; | 3223 return ERR_UNEXPECTED; |
3218 } | 3224 } |
3219 | 3225 |
3220 if (!core_->Init(nss_fd_, nss_bufs)) | 3226 if (!core_->Init(nss_fd_, nss_bufs)) |
3221 return ERR_UNEXPECTED; | 3227 return ERR_UNEXPECTED; |
3222 | 3228 |
3223 // Tell SSL the hostname we're trying to connect to. | 3229 // Tell SSL the hostname we're trying to connect to. |
(...skipping 358 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3582 SignedCertificateTimestampAndStatus(*iter, | 3588 SignedCertificateTimestampAndStatus(*iter, |
3583 ct::SCT_STATUS_LOG_UNKNOWN)); | 3589 ct::SCT_STATUS_LOG_UNKNOWN)); |
3584 } | 3590 } |
3585 } | 3591 } |
3586 | 3592 |
3587 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { | 3593 ServerBoundCertService* SSLClientSocketNSS::GetServerBoundCertService() const { |
3588 return server_bound_cert_service_; | 3594 return server_bound_cert_service_; |
3589 } | 3595 } |
3590 | 3596 |
3591 } // namespace net | 3597 } // namespace net |
OLD | NEW |