OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
8 | 8 |
9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
(...skipping 1252 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1263 if (rv != SECSuccess || !negotiated_extension) { | 1263 if (rv != SECSuccess || !negotiated_extension) { |
1264 *can_false_start = PR_FALSE; | 1264 *can_false_start = PR_FALSE; |
1265 return SECSuccess; | 1265 return SECSuccess; |
1266 } | 1266 } |
1267 | 1267 |
1268 SSLChannelInfo channel_info; | 1268 SSLChannelInfo channel_info; |
1269 SECStatus ok = | 1269 SECStatus ok = |
1270 SSL_GetChannelInfo(socket, &channel_info, sizeof(channel_info)); | 1270 SSL_GetChannelInfo(socket, &channel_info, sizeof(channel_info)); |
1271 if (ok != SECSuccess || channel_info.length != sizeof(channel_info) || | 1271 if (ok != SECSuccess || channel_info.length != sizeof(channel_info) || |
1272 channel_info.protocolVersion < SSL_LIBRARY_VERSION_TLS_1_2 || | 1272 channel_info.protocolVersion < SSL_LIBRARY_VERSION_TLS_1_2 || |
1273 !IsSecureTLSCipherSuite(channel_info.cipherSuite)) { | 1273 IsObsoleteTLSCipherSuite(channel_info.cipherSuite)) { |
estark
2016/04/18 11:46:44
I thought this change would be unnecessary based o
estark
2016/04/18 11:47:35
Also, presumably there's a corresponding change ne
davidben
2016/04/19 17:47:01
BoringSSL does the False Start check internally. T
estark
2016/04/19 21:31:47
Oh, gotcha, ok. Confusion about patch set 4 descri
lgarron
2016/04/25 23:56:54
Sorry, I made the patch description concise to the
| |
1274 *can_false_start = PR_FALSE; | 1274 *can_false_start = PR_FALSE; |
1275 return SECSuccess; | 1275 return SECSuccess; |
1276 } | 1276 } |
1277 | 1277 |
1278 return SSL_RecommendedCanFalseStart(socket, can_false_start); | 1278 return SSL_RecommendedCanFalseStart(socket, can_false_start); |
1279 } | 1279 } |
1280 | 1280 |
1281 // static | 1281 // static |
1282 void SSLClientSocketNSS::Core::HandshakeCallback( | 1282 void SSLClientSocketNSS::Core::HandshakeCallback( |
1283 PRFileDesc* socket, | 1283 PRFileDesc* socket, |
(...skipping 1896 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3180 return core_->GetChannelIDKey(); | 3180 return core_->GetChannelIDKey(); |
3181 } | 3181 } |
3182 | 3182 |
3183 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3183 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
3184 if (completed_handshake_) | 3184 if (completed_handshake_) |
3185 return SSL_FAILURE_NONE; | 3185 return SSL_FAILURE_NONE; |
3186 return SSL_FAILURE_UNKNOWN; | 3186 return SSL_FAILURE_UNKNOWN; |
3187 } | 3187 } |
3188 | 3188 |
3189 } // namespace net | 3189 } // namespace net |
OLD | NEW |