Chromium Code Reviews Chromium Code Reviews
Issue 1727133002:
Expose TLS settings in the Security panel overview, and call out individual obsolete settings. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 1252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1263 if (rv != SECSuccess || !negotiated_extension) { | 1263 if (rv != SECSuccess || !negotiated_extension) { |
| 1264 *can_false_start = PR_FALSE; | 1264 *can_false_start = PR_FALSE; |
| 1265 return SECSuccess; | 1265 return SECSuccess; |
| 1266 } | 1266 } |
| 1267 | 1267 |
| 1268 SSLChannelInfo channel_info; | 1268 SSLChannelInfo channel_info; |
| 1269 SECStatus ok = | 1269 SECStatus ok = |
| 1270 SSL_GetChannelInfo(socket, &channel_info, sizeof(channel_info)); | 1270 SSL_GetChannelInfo(socket, &channel_info, sizeof(channel_info)); |
| 1271 if (ok != SECSuccess || channel_info.length != sizeof(channel_info) || | 1271 if (ok != SECSuccess || channel_info.length != sizeof(channel_info) || |
| 1272 channel_info.protocolVersion < SSL_LIBRARY_VERSION_TLS_1_2 || | 1272 channel_info.protocolVersion < SSL_LIBRARY_VERSION_TLS_1_2 || |
| 1273 !IsSecureTLSCipherSuite(channel_info.cipherSuite)) { | 1273 IsObsoleteTLSCipherSuite(channel_info.cipherSuite)) { |
|
estark
2016/04/18 11:46:44
I thought this change would be unnecessary based o
estark
2016/04/18 11:47:35
Also, presumably there's a corresponding change ne
davidben
2016/04/19 17:47:01
BoringSSL does the False Start check internally. T
estark
2016/04/19 21:31:47
Oh, gotcha, ok. Confusion about patch set 4 descri
lgarron
2016/04/25 23:56:54
Sorry, I made the patch description concise to the
| |
| 1274 *can_false_start = PR_FALSE; | 1274 *can_false_start = PR_FALSE; |
| 1275 return SECSuccess; | 1275 return SECSuccess; |
| 1276 } | 1276 } |
| 1277 | 1277 |
| 1278 return SSL_RecommendedCanFalseStart(socket, can_false_start); | 1278 return SSL_RecommendedCanFalseStart(socket, can_false_start); |
| 1279 } | 1279 } |
| 1280 | 1280 |
| 1281 // static | 1281 // static |
| 1282 void SSLClientSocketNSS::Core::HandshakeCallback( | 1282 void SSLClientSocketNSS::Core::HandshakeCallback( |
| 1283 PRFileDesc* socket, | 1283 PRFileDesc* socket, |
| (...skipping 1896 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3180 return core_->GetChannelIDKey(); | 3180 return core_->GetChannelIDKey(); |
| 3181 } | 3181 } |
| 3182 | 3182 |
| 3183 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3183 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
| 3184 if (completed_handshake_) | 3184 if (completed_handshake_) |
| 3185 return SSL_FAILURE_NONE; | 3185 return SSL_FAILURE_NONE; |
| 3186 return SSL_FAILURE_UNKNOWN; | 3186 return SSL_FAILURE_UNKNOWN; |
| 3187 } | 3187 } |
| 3188 | 3188 |
| 3189 } // namespace net | 3189 } // namespace net |
| OLD | NEW |
