Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(396)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: trunk/src/net/socket/ssl_client_socket_nss.cc

Issue 18414004: Revert 209515 "Reland http://crrev.com/209278" (Closed) Base URL: svn://svn.chromium.org/chrome/
Patch Set: Created 7 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « trunk/src/net/cert/cert_verify_proc_nss.cc ('k') | trunk/src/net/third_party/nss/README.chromium » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: trunk/src/net/socket/ssl_client_socket_nss.cc
===================================================================
--- trunk/src/net/socket/ssl_client_socket_nss.cc (revision 209533)
+++ trunk/src/net/socket/ssl_client_socket_nss.cc (working copy)
@@ -1274,6 +1274,7 @@
PRFileDesc* socket,
PRBool checksig,
PRBool is_server) {
+#ifdef SSL_ENABLE_FALSE_START
Core* core = reinterpret_cast<Core*>(arg);
if (!core->handshake_callback_called_) {
// Only need to turn off False Start in the initial handshake. Also, it is
@@ -1290,6 +1291,7 @@
SSL_OptionSet(socket, SSL_ENABLE_FALSE_START, PR_FALSE);
}
}
+#endif
// Tell NSS to not verify the certificate.
return SECSuccess;
@@ -2417,8 +2419,8 @@
SSL_CONNECTION_COMPRESSION_MASK) <<
SSL_CONNECTION_COMPRESSION_SHIFT;
- // NSS 3.14.x doesn't have a version macro for TLS 1.2 (because NSS didn't
- // support it yet), so use 0x0303 directly.
+ // NSS 3.12.x doesn't have version macros for TLS 1.1 and 1.2 (because NSS
+ // doesn't support them yet), so we use 0x0302 and 0x0303 directly.
int version = SSL_CONNECTION_VERSION_UNKNOWN;
if (channel_info.protocolVersion < SSL_LIBRARY_VERSION_3_0) {
// All versions less than SSL_LIBRARY_VERSION_3_0 are treated as SSL
@@ -2428,7 +2430,7 @@
version = SSL_CONNECTION_VERSION_SSL3;
} else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_3_1_TLS) {
version = SSL_CONNECTION_VERSION_TLS1;
- } else if (channel_info.protocolVersion == SSL_LIBRARY_VERSION_TLS_1_1) {
+ } else if (channel_info.protocolVersion == 0x0302) {
version = SSL_CONNECTION_VERSION_TLS1_1;
} else if (channel_info.protocolVersion == 0x0303) {
version = SSL_CONNECTION_VERSION_TLS1_2;
@@ -2438,6 +2440,10 @@
SSL_CONNECTION_VERSION_SHIFT;
}
+ // SSL_HandshakeNegotiatedExtension was added in NSS 3.12.6.
+ // Since SSL_MAX_EXTENSIONS was added at the same time, we can test
+ // SSL_MAX_EXTENSIONS for the presence of SSL_HandshakeNegotiatedExtension.
+#if defined(SSL_MAX_EXTENSIONS)
PRBool peer_supports_renego_ext;
ok = SSL_HandshakeNegotiatedExtension(nss_fd_, ssl_renegotiation_info_xtn,
&peer_supports_renego_ext);
@@ -2471,6 +2477,7 @@
peer_supports_renego_ext == PR_TRUE);
}
}
+#endif
if (ssl_config_.version_fallback) {
nss_handshake_state_.ssl_connection_status |=
@@ -3146,18 +3153,25 @@
SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
}
+#ifdef SSL_ENABLE_SESSION_TICKETS
// Support RFC 5077
rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
if (rv != SECSuccess) {
LogFailedNSSFunction(
net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
}
+#else
+ #error "You need to install NSS-3.12 or later to build chromium"
+#endif
+#ifdef SSL_ENABLE_FALSE_START
rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
ssl_config_.false_start_enabled);
if (rv != SECSuccess)
LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_ENABLE_FALSE_START");
+#endif
+#ifdef SSL_ENABLE_RENEGOTIATION
// We allow servers to request renegotiation. Since we're a client,
// prohibiting this is rather a waste of time. Only servers are in a
// position to prevent renegotiation attacks.
@@ -3169,12 +3183,14 @@
LogFailedNSSFunction(
net_log_, "SSL_OptionSet", "SSL_ENABLE_RENEGOTIATION");
}
+#endif // SSL_ENABLE_RENEGOTIATION
+#ifdef SSL_CBC_RANDOM_IV
rv = SSL_OptionSet(nss_fd_, SSL_CBC_RANDOM_IV, PR_TRUE);
if (rv != SECSuccess)
LogFailedNSSFunction(net_log_, "SSL_OptionSet", "SSL_CBC_RANDOM_IV");
+#endif
-// Added in NSS 3.15
#ifdef SSL_ENABLE_OCSP_STAPLING
if (IsOCSPStaplingSupported()) {
rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_OCSP_STAPLING, PR_TRUE);
@@ -3185,7 +3201,6 @@
}
#endif
-// Chromium patch to libssl
#ifdef SSL_ENABLE_CACHED_INFO
rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_CACHED_INFO,
ssl_config_.cached_info_enabled);
« no previous file with comments | « trunk/src/net/cert/cert_verify_proc_nss.cc ('k') | trunk/src/net/third_party/nss/README.chromium » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698